Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@trpc/server
Advanced tools
@trpc/server is a TypeScript-first framework for building end-to-end typesafe APIs. It allows you to create APIs where the client and server share the same type definitions, ensuring type safety across the entire stack.
Creating a Router
This code demonstrates how to create a basic router with a single procedure using @trpc/server. The `greeting` procedure returns a simple 'Hello, world!' message.
const { initTRPC } = require('@trpc/server');
const t = initTRPC.create();
const appRouter = t.router({
greeting: t.procedure.query(() => 'Hello, world!'),
});
module.exports = { appRouter };
Creating Procedures
This code shows how to create a procedure that takes input and performs an operation. The `add` procedure takes two numbers as input and returns their sum.
const { initTRPC } = require('@trpc/server');
const t = initTRPC.create();
const appRouter = t.router({
add: t.procedure.input((z) => z.object({ a: z.number(), b: z.number() })).query(({ input }) => input.a + input.b),
});
module.exports = { appRouter };
Middleware
This code demonstrates how to use middleware in @trpc/server. The `isAuthed` middleware checks if the user is authenticated before allowing access to the `secretData` procedure.
const { initTRPC } = require('@trpc/server');
const t = initTRPC.create();
const isAuthed = t.middleware(({ ctx, next }) => {
if (!ctx.user) {
throw new Error('Not authenticated');
}
return next();
});
const appRouter = t.router({
secretData: t.procedure.use(isAuthed).query(() => 'Secret data'),
});
module.exports = { appRouter };
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. Unlike @trpc/server, Express does not provide built-in type safety and requires additional libraries for type checking and validation.
Apollo Server is a community-driven, open-source GraphQL server that works with any GraphQL schema. It provides a powerful way to build a GraphQL API with type safety, but it requires a different approach compared to @trpc/server, which is more focused on TypeScript and end-to-end type safety.
NestJS is a progressive Node.js framework for building efficient, reliable, and scalable server-side applications. It uses TypeScript by default and provides a lot of built-in features, including dependency injection and a modular architecture. However, it is more heavyweight compared to @trpc/server.
End-to-end typesafe APIs made easy
@trpc/server
Create tRPC routers and connect them to a server.
Full documentation for @trpc/server
can be found here
# npm
npm install @trpc/server
# Yarn
yarn add @trpc/server
# pnpm
pnpm add @trpc/server
# Bun
bun add @trpc/server
We also recommend installing zod
to validate procedure inputs.
import { initTRPC } from '@trpc/server';
import {
CreateHTTPContextOptions,
createHTTPServer,
} from '@trpc/server/adapters/standalone';
import { z } from 'zod';
// Initialize a context for the server
function createContext(opts: CreateHTTPContextOptions) {
return {};
}
// Get the context type
type Context = Awaited<ReturnType<typeof createContext>>;
// Initialize tRPC
const t = initTRPC.context<Context>().create();
// Create main router
const appRouter = t.router({
// Greeting procedure
greeting: t.procedure
.input(
z.object({
name: z.string(),
}),
)
.query(({ input }) => `Hello, ${input.name}!`),
});
// Export the app router type to be imported on the client side
export type AppRouter = typeof appRouter;
// Create HTTP server
const { listen } = createHTTPServer({
router: appRouter,
createContext,
});
// Listen on port 2022
listen(2022);
FAQs
The tRPC server library
The npm package @trpc/server receives a total of 578,803 weekly downloads. As such, @trpc/server popularity was classified as popular.
We found that @trpc/server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.