Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@unumid/types
Advanced tools
This project contains all of our shared, generic Typescript types that are used through out the UnumID ecosystem.
It as well has shared runtypes which allows for functionality like graceful runtime string literal type checking. To support runtypes we had to use a index.ts instead of just a type declaration index.d.ts file. This also means that a build step is necessary in order for changes to index.ts to be realized.
Ideally all types core to UnumID ought to be defined in the protobufs repo and imported into this project. That migration is an ongoing effort. While we migrate to using all Protocol Buffer defined objects and gRPC, we are still using JSON and HTTP for the transport layer. As such attributes defined in protos that go over the network are serialized to JSON which can cause some typing side effects at run time. An example of this is are Date attributes.
For this reason we have adopted a convention of extending the proto defined interface here to make the Date attributes strings. One such example is of the EncryptedCredentialDto defined in index.ts which extends the proto defined interface, EncryptedCredential. Note the use of the Omit function. Reference material can be found here
a) Generic types such as PresentationRequest
, as defined here, ought to be the simplest naming conventions. The generic type represents the domain type definition. If the object is used for persistence this generic type includes the persisted metadata, i.e. uuid
, createdAt
, and updatedAt
.
b) For generic types that are not directly persisted, i.e. CredentialRequest
, the naming convention also ought to be the simplest.
c) For generic types that represent an object consisting of options for creating a persisted entity they should have succeeding Options
naming convention. For example, IssueCredentialOptions
or EncryptedCredentialOptions
.
d) Types explicitly for HTTP interfaces ought have a trailing Dto
, i.e. PresentationRequestDto
. This is often used to better represent for the JSON serialized attributes createdAt
and updatedAt
from Date
to string
. Furthermore, if the Data Transfer Object is different between the HTTP request verbs, i.e. GET and POST, then include in the type as such, PresentationRequestPostDto
.
e) HTTP types that encompass other DTOs, that are not just a serialization of one object, should use the naming convention "EnrichedDto". For example the PresentationRequestEnrichedDto
encompasses the PresentationRequestDto type along with other fields supplementary to the PresentationRequestDto
type.
f) Types that are used for cryptographic purposes should have a unsigned and signed version. However, the signed type should have the simpler naming convention, i.e. Credential
is the signed type of UnsignedCredential
.
Note: any types that undergo cryptographic operations need to be defined via Protocol Buffers in order to leverage their deterministic byte array properties. Thus should not be defined solely in this ts types project.
g) Entity types belong in the projects that interface with their data layers. For example, the PresentationRequest entity type, PresentationRequestEntity
, should not be defined generically, but rather in the SaaS project types.
Detailed documentation generated from source can be found here which is served by this repo's Github Pages configuration. It is setup to server via the /docs folder of the main branch.
In order to generate the documentation from the source code run the createTypedocs.sh
script. However, note that this is now handled automatically by the release CI job.
Releases and publishing to NPM is automated via Github Actions CI job. In order to trigger a release one should push a git tag with a preceding v
with semver notation, ie v1.1.1
, to the main
branch. This will trigger the CI job to bump the package version, generate typedocs, publish to NPM, make a release commit, and make a Github Release. The contents of the Github Release are autogenerated based on pull requests with commits associated with the release, so please use PRs to makes changes to main
. The message of the git tag will be the commit message for the release so please make it meaningful. For example, git tag v1.1.1 -m "Updated project with a new CI job" && push origin v1.1.1
.
FAQs
shared Unum ID TypeScript types
The npm package @unumid/types receives a total of 108 weekly downloads. As such, @unumid/types popularity was classified as not popular.
We found that @unumid/types demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.