Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@taktikorg/numquam-magni
Advanced tools
[![NPM](https://nodei.co/npm/@taktikorg/numquam-magni-nodejs.png?compact=true&stars=true)](https://nodei.co/npm/@taktikorg/numquam-magni/)
Node.js Middleware for AWS Lambda that automatically logs API calls and sends to Moesif for API analytics and monitoring.
Designed for APIs that are hosted on AWS Lambda using Amazon API Gateway or Application Load Balancer as a trigger. Works with REST APIs, GraphQL APIs (such as with apollo-server-lambda) and more.
Alternatively, if you're running the Node.js Express Framework on AWS Lambda and prefer to not have any AWS specific dependencies, Moesif has Express Middleware also available. However, moesif-nodejs won't capture lambda specific context like Trace Id.
npm install --save @taktikorg/numquam-magni
The following shows how import the controllers and use:
// Import Modules
'use strict'
const moesif = require('@taktikorg/numquam-magni');
const moesifOptions = {
applicationId: 'Your Moesif Application Id',
identifyUser: function (event, context) {
return event.requestContext.identity.cognitoIdentityId
},
identifyCompany: function (event, context) {
return '5678'
}
};
exports.handler = function (event, context, callback) {
callback(null, {
statusCode: '200',
body: JSON.stringify({key: 'hello world'}),
headers: {
'Content-Type': 'application/json',
},
});
};
exports.handler = moesif(moesifOptions, exports.handler);
Depends on the version of node, you can also import directly:
import moesif from '@taktikorg/numquam-magni'
If you are using ESM or later version of ESM, please try the following method:
const moesifImportWrapper = await import('@taktikorg/numquam-magni');
const moesif = moesifImportWrapper.default;
Your Moesif Application Id can be found in the Moesif Portal. After signing up for a Moesif account, your Moesif Application Id will be displayed during the onboarding steps.
You can always find your Moesif Application Id at any time by logging into the Moesif Portal, click on the top right menu, and then clicking Installation.
Grab the URL to your API Gateway or LB and make some calls using a tool like Postman or CURL.
In order for your event to log to Moesif, you must test using the Amazon API Gateway trigger. Do not invoke your lambda directly using AWS Console as the payload won't contain a valid HTTP payload.
lib/index.js
the middleware libapp.js
sample AWS Lambda function using the middlewarelogBody
Type: Boolean
logBody is default to true, set to false to remove logging request and response body to Moesif.
identifyUser
Type: (event, context) => String
identifyUser is a function that takes AWS lambda event
and context
objects as arguments
and returns a userId. This enables Moesif to attribute API requests to individual unique users
so you can understand who calling your API. This can be used simultaneously with identifyCompany
to track both individual customers and the companies their a part of.
options.identifyUser = function (event, context) {
// your code here, must return a string
return event.requestContext.identity.cognitoIdentityId
}
identifyCompany
Type: (event, context) => String
identifyCompany is a function that takes AWS lambda event
and context
objects as arguments
and returns a companyId. If your business is B2B, this enables Moesif to attribute
API requests to specific companies or organizations so you can understand which accounts are
calling your API. This can be used simultaneously with identifyUser
to track both
individual customers and the companies their a part of.
options.identifyCompany = function (event, context) {
// your code here, must return a string
return '5678'
}
getSessionToken
Type: (event, context) => String
getSessionToken a function that takes AWS lambda event
and context
objects as arguments and returns a
session token (i.e. such as an API key).
options.getSessionToken = function (event, context) {
// your code here, must return a string.
return event.headers['Authorization'];
}
getApiVersion
Type: (event, context) => String
getApiVersion is a function that takes AWS lambda event
and context
objects as arguments and
returns a string to tag requests with a specific version of your API.
options.getApiVersion = function (event, context) {
// your code here. must return a string.
return '1.0.5'
}
getMetadata
Type: (event, context) => String
getMetadata is a function that AWS lambda event
and context
objects as arguments and returns an object that allows you
to add custom metadata that will be associated with the req. The metadata must be a simple javascript object that can be converted to JSON. For example, you may want to save a VM instance_id, a trace_id, or a tenant_id with the request.
options.getMetadata = function (event, context) {
// your code here:
return {
foo: 'custom data',
bar: 'another custom data'
};
}
skip
Type: (event, context) => Boolean
skip is a function that takes AWS lambda event
and context
objects as arguments and returns true
if the event should be skipped (i.e. not logged)
The default is shown below and skips requests to the root path "/".
options.skip = function (event, context) {
// your code here. must return a boolean.
if (event.path === '/') {
// Skip probes to home page.
return true;
}
return false
}
maskContent
Type: MoesifEventModel => MoesifEventModel
maskContent is a function that takes the final Moesif event model (rather than the AWS lambda event/context objects) as an
argument before being sent to Moesif. With maskContent, you can make modifications to headers or body such as
removing certain header or body fields.
options.maskContent = function(moesifEvent) {
// remove any field that you don't want to be sent to Moesif.
return moesifEvent;
}
EventModel
format:
{
"request": {
"time": "2019-08-08T04:45:42.914",
"uri": "https://api.acmeinc.com/items/83738/reviews/",
"verb": "POST",
"api_version": "1.1.0",
"ip_address": "61.48.220.123",
"headers": {
"Host": "api.acmeinc.com",
"Accept": "*/*",
"Connection": "Keep-Alive",
"Content-Type": "application/json",
"Content-Length": "126",
"Accept-Encoding": "gzip"
},
"body": {
"items": [
{
"direction_type": 1,
"item_id": "fwdsfrf",
"liked": false
},
{
"direction_type": 2,
"item_id": "d43d3f",
"liked": true
}
]
}
},
"response": {
"time": "2019-08-08T04:45:42.924",
"status": 500,
"headers": {
"Vary": "Accept-Encoding",
"Pragma": "no-cache",
"Expires": "-1",
"Content-Type": "application/json; charset=utf-8",
"Cache-Control": "no-cache"
},
"body": {
"Error": "InvalidArgumentException",
"Message": "Missing field location"
}
},
"user_id": "my_user_id",
"company_id": "my_company_id",
"session_token":"end_user_session_token",
"tags": "tag1, tag2"
}
debug
Type: Boolean
Set to true to print debug logs if you're having integration issues.
For more documentation regarding what fields and meaning, see below or the Moesif Node API Documentation.
Name | Required | Description |
---|---|---|
request | true | The object that specifies the request message |
request.time | true | Timestamp for the request in ISO 8601 format |
request.uri | true | Full uri such as https://api.com/?query=string including host, query string, etc |
request.verb | true | HTTP method used, i.e. GET , POST |
request.api_version | false | API Version you want to tag this request with such as 1.0.0 |
request.ip_address | false | IP address of the requester, If not set, we use the IP address of your logging API calls. |
request.headers | true | Headers of the request as a Map<string, string> . Multiple headers with the same key name should be combined together such that the values are joined by a comma. HTTP Header Protocol on w3.org |
request.body | false | Body of the request in JSON format or Base64 encoded binary data (see transfer_encoding) |
request.transfer_encoding | false | A string that specifies the transfer encoding of Body being sent to Moesif. If field nonexistent, body assumed to be JSON or text. Only possible value is base64 for sending binary data like protobuf |
response | false | The object that specifies the response message, not set implies no response received such as a timeout. |
response.time | true | Timestamp for the response in ISO 8601 format |
response.status | true | HTTP status code as number such as 200 or 500 |
response.ip_address | false | IP address of the responding server |
response.headers | true | Headers of the response as a Map<string, string> . Multiple headers with the same key name should be combined together such that the values are joined by a comma. HTTP Header Protocol on w3.org |
response.body | false | Body of the response in JSON format or Base64 encoded binary data (see transfer_encoding) |
response.transfer_encoding | false | A string that specifies the transfer encoding of Body being sent to Moesif. If field nonexistent, body assumed to be JSON or text. Only possible value is base64 for sending binary data like protobuf |
session_token | Recommend | The end user session token such as a JWT or API key, which may or may not be temporary. Moesif will auto-detect the session token automatically if not set. |
user_id | Recommend | Identifies this API call to a permanent user_id |
metadata | false | A JSON Object consisting of any custom metadata to be stored with this event. |
If you want to capture all outgoing API calls from your Node.js app to third parties like
Stripe or to your own dependencies, call startCaptureOutgoing()
to start capturing.
const moesif = require('@taktikorg/numquam-magni');
var moesifMiddleware = moesif(options);
moesifMiddleware.startCaptureOutgoing();
The same set of above options is also applied to outgoing API calls, with a few key differences:
For options functions that take req
and res
as input arguments, the request and response objects passed in
are not Express or Node.js req or res objects when the request is outgoing, but Moesif does mock
some of the fields for convenience.
Only a subset of the Node.js req/res fields are available. Specifically:
true
if it is a mocked request or response object (i.e. outgoing API Call)Create or update a user profile in Moesif.
The metadata field can be any customer demographic or other info you want to store.
Only the userId
field is required.
This method is a convenient helper that calls the Moesif API lib.
For details, visit the Node.js API Reference.
var moesifMiddleware = moesif(options);
// Only userId is required.
// Campaign object is optional, but useful if you want to track ROI of acquisition channels
// See https://www.moesif.com/docs/api#users for campaign schema
// metadata can be any custom object
var user = {
userId: '12345',
companyId: '67890', // If set, associate user with a company object
campaign: {
utmSource: 'google',
utmMedium: 'cpc',
utmCampaign: 'adwords',
utmTerm: 'api+tooling',
utmContent: 'landing'
},
metadata: {
email: 'john@acmeinc.com',
firstName: 'John',
lastName: 'Doe',
title: 'Software Engineer',
salesInfo: {
stage: 'Customer',
lifetimeValue: 24000,
accountOwner: 'mary@contoso.com'
}
}
};
moesifMiddleware.updateUser(user, callback);
Similar to updateUser, but used to update a list of users in one batch.
Only the userId
field is required.
This method is a convenient helper that calls the Moesif API lib.
For details, visit the Node.js API Reference.
var moesifMiddleware = moesif(options);
// Only userId is required.
// Campaign object is optional, but useful if you want to track ROI of acquisition channels
// See https://www.moesif.com/docs/api#users for campaign schema
// metadata can be any custom object
var user = {
userId: '12345',
companyId: '67890', // If set, associate user with a company object
campaign: {
utmSource: 'google',
utmMedium: 'cpc',
utmCampaign: 'adwords',
utmTerm: 'api+tooling',
utmContent: 'landing'
},
metadata: {
email: 'john@acmeinc.com',
firstName: 'John',
lastName: 'Doe',
title: 'Software Engineer',
salesInfo: {
stage: 'Customer',
lifetimeValue: 24000,
accountOwner: 'mary@contoso.com'
}
}
};
var users = [user]
moesifMiddleware.updateUsersBatch(users, callback);
Create or update a company profile in Moesif.
The metadata field can be any company demographic or other info you want to store.
Only the companyId
field is required.
This method is a convenient helper that calls the Moesif API lib.
For details, visit the Node.js API Reference.
var moesifMiddleware = moesif(options);
// Only companyId is required.
// Campaign object is optional, but useful if you want to track ROI of acquisition channels
// See https://www.moesif.com/docs/api#update-a-company for campaign schema
// metadata can be any custom object
var company = {
companyId: '67890',
companyDomain: 'acmeinc.com', // If domain is set, Moesif will enrich your profiles with publicly available info
campaign: {
utmSource: 'google',
utmMedium: 'cpc',
utmCampaign: 'adwords',
utmTerm: 'api+tooling',
utmContent: 'landing'
},
metadata: {
orgName: 'Acme, Inc',
planName: 'Free Plan',
dealStage: 'Lead',
mrr: 24000,
demographics: {
alexaRanking: 500000,
employeeCount: 47
}
}
};
moesifMiddleware.updateCompany(company, callback);
Similar to updateCompany, but used to update a list of companies in one batch.
Only the companyId
field is required.
This method is a convenient helper that calls the Moesif API lib.
For details, visit the Node.js API Reference.
var moesifMiddleware = moesif(options);
// Only companyId is required.
// Campaign object is optional, but useful if you want to track ROI of acquisition channels
// See https://www.moesif.com/docs/api#update-a-company for campaign schema
// metadata can be any custom object
var company = {
companyId: '67890',
companyDomain: 'acmeinc.com', // If domain is set, Moesif will enrich your profiles with publicly available info
campaign: {
utmSource: 'google',
utmMedium: 'cpc',
utmCampaign: 'adwords',
utmTerm: 'api+tooling',
utmContent: 'landing'
},
metadata: {
orgName: 'Acme, Inc',
planName: 'Free Plan',
dealStage: 'Lead',
mrr: 24000,
demographics: {
alexaRanking: 500000,
employeeCount: 47
}
}
};
var companies = [company]
moesifMiddleware.updateCompaniesBatch(companies, callback);
To view more documentation on integration options, please visit the Integration Options Documentation.
FAQs
[![NPM](https://nodei.co/npm/@taktikorg/numquam-magni-nodejs.png?compact=true&stars=true)](https://nodei.co/npm/@taktikorg/numquam-magni/)
The npm package @taktikorg/numquam-magni receives a total of 0 weekly downloads. As such, @taktikorg/numquam-magni popularity was classified as not popular.
We found that @taktikorg/numquam-magni demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.