Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@surfskip/api-types
Advanced tools
Gives up-to-date typings for our SurfSkip API to use with @elysiajs/eden to provide a full client with type safety.
surfskip-api
An API written using Bun and Elysia for our web application.
This repository hosts the server code, but as you can see, we export typings for our NPM package to use them with @elysiajs/eden
to deliver a full type safe client.
@elysiajs/eden
Install the packages using...
# With pnpm...
pnpm add @surfskip/api-types @elysiajs/eden
and import them wherever in your code...
import type { SurfSkipApi } from "@surfskip/api-types";
import { edenTreaty } from "@elysiajs/eden";
export const api = edenTreaty<SurfSkipApi>("https://api.surfskip.com");
You're setup! You can now use this api
object to call whatever function from our API. If needed, you can read more about how @elysiajs/eden
works.
We use Bun for that API. That means that we have to use WSL for development on Windows, else a Linux or macOS machine works fine.
Windows support is currently in development.
Bun can be installed with the following command:
curl -fsSL https://bun.sh/install | bash
If you have Bun installed, you can now install the dependencies with the following command:
bun install
Make a copy of .env.example
to .env
. This file will contain the secrets variables, and should not be pushed to GitHub.
cp .env.example .env
You'll see that AWS_REGION
variable is already filled. This is because we currently stick to eu-north1
region. We'll maybe extend it later ?
AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
should have to be filled to have access to DynamoDB.
Here's an overview of the scripts defined in package.json
.
Command | Description |
---|---|
bun start | Starts the development server without hot reloading. |
bun run dev | Starts the development server with hot reloading. |
bun run build:types | Creates the typings for the actual server code and put them into the /dist folder. These are the typings we'll publish to NPM. |
bun run build:binary | Creates a binary for the actual server code. The binary built is then used in our production servers. |
FAQs
Gives up-to-date typings for our SurfSkip API to use with @elysiajs/eden to provide a full client with type safety.
The npm package @surfskip/api-types receives a total of 22 weekly downloads. As such, @surfskip/api-types popularity was classified as not popular.
We found that @surfskip/api-types demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.