Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@universal-packages/token-registry
Advanced tools
Simple dictionary registry where keys are autogenerated secure tokens.
npm install @universal-packages/token-registry
Registry
is the main class interface to start registering data subjects to be retrieved later by their associated token.
import { Registry } from '@universal-packages/token-registry'
const registry = new Registry()
const token = await registry.register({ id: 4 })
const myData = await registry.retrieve(token)
console.log(myData)
// > { id: 4 }
By default a registry uses a memory engine to store data, this may not be suitable for production environments.
engine
Engine
default: memory
Instance of the engine to be used to store the dataengineOptions
Object
Options to pass to the engine if resolved as adapter.seed
String
Helps to add randomness to the token generation between instancesregister(subject: Object, category?: String)
register(token: string, subject: Object, category?: String)
Registers a new data subject under a newly generated token and returns that new token, a category can optionally be passed to group the registered data subjects later. If a token is passed it will be used instead of generating a new one (useful to update a subject).
const token = await registry.register({ id: 4 })
prepare()
async
Initialize the internal engine in case it needs preparation.
release()
async
Releases the engine resources in case they need to be disposed before finishing the process.
retrieve(token: String)
Returns the subject register under the provided token.
const subject = await registry.retrieve(token)
retrieveAll(category: String)
Returns all the subjects registered under the provided category.
const subjects = await registry.retrieveAll(token)
(token: String)
Disposes the data subject registered under the provided token so it's no longer retrievable.
await registry.dispose(token)
clear()
Clears all registered data.
await registry.clear()
To create an engine that suits your requirements you just need to implement a new class as the following:
import MyEngine from './MyEngine'
const registry = new Registry({ engine: new MyEngine() })
export default class MyEngine implements EngineInterface {
constructor(options) {
// Options passed through the adapters sub system
}
prepare() {
// Initialize any connection using options
}
release() {
// Release any resources or close any connection
}
clear() {
// Clear the engine from all entries
}
set(token, subject, category) {
// Store the subject using the token as key
// You may need to serialize the subject manually
// Manage category for later grouping if present
}
get(token) {
// retrieve the subject from your engine using the token
}
getAll(category) {
// Return an object in the shape of { '${token}': subject }
// Filter only the tokens that are attached to the category
}
delete(token) {
// delete the entry from your engine using the token
}
}
If you are using TypeScript just can implement the EngineInterface
to ensure the right implementation.
import { EngineInterface } from '@universal-packages/token-registry'
export default class MyEngine implements EngineInterface {}
This library is developed in TypeScript and shipped fully typed.
The development of this library happens in the open on GitHub, and we are grateful to the community for contributing bugfixes and improvements. Read below to learn how you can take part in improving this library.
FAQs
Simple subject registry by token.
The npm package @universal-packages/token-registry receives a total of 798 weekly downloads. As such, @universal-packages/token-registry popularity was classified as not popular.
We found that @universal-packages/token-registry demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.