Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@vkontakte/vk-bridge
Advanced tools
A package for integrating VK Mini Apps with official VK clients for iOS, Android and Web.
import bridge from '@vkontakte/vk-bridge';
// Sends event to client
bridge.send('VKWebAppInit');
// Subscribes to event, sended by client
bridge.subscribe(e => console.log(e));
For use in a browser, include the file dist/browser.min.js
and use as follows
<script src="https://unpkg.com/@vkontakte/vk-bridge/dist/browser.min.js"></script>
<script>
// Sends event to client
vkBridge.send('VKWebAppInit');
</script>
bridge.send(method[, params])
Sends a message to native client and returns the Promise
object with response data
Parameters
method
required The VK Bridge methodparams
optional Message data objectExample
// Sending event to client
bridge
.send('VKWebAppGetEmail')
.then(data => {
// Handling received data
console.log(data.email);
})
.catch(error => {
// Handling an error
});
You can also use imperative way
try {
const data = await bridge.send('VKWebAppGetEmail');
// Handling received data
console.log(data.email);
} catch (error) {
// Handling an error
}
bridge.subscribe(fn)
Subscribes a function to events listening
Parameters
fn
required Function to be subscribed to eventsExample
// Subscribing to receiving events
bridge.subscribe(event => {
if (!event.detail) {
return;
}
const { type, data } = event.detail;
if (type === 'VKWebAppOpenCodeReaderResult') {
// Reading result of the Code Reader
console.log(data.code_data);
}
if (type === 'VKWebAppOpenCodeReaderFailed') {
// Catching the error
console.log(data.error_type, data.error_data);
}
});
// Sending method
bridge.send('VKWebAppOpenCodeReader', {});
bridge.unsubscribe(fn)
Unsubscribes a function from events listening
Parameters
fn
required Event subscribed functionExample
const fn = event => {
// ...
};
// Subscribing
bridge.subscribe(fn);
// Unsubscribing
bridge.unsubscribe(fn);
bridge.supports(method)
Checks if an event is available on the current device
Parameters
method
required The VK Bridge methodbridge.isWebView()
Returns true
if VK Bridge is running in mobile app, or false
if not
Middlewares are pieces of code that intercept and process data between sending and receiving. Thus, by creating middlewares, you can easily log data, modify data before sending it, talking to an asynchronous API, etc. If you've used Redux, you were also probably already familiar with the concept—a similar is used here.
applyMiddleware(middleware1, ..., middlewareN)
Creates the VK Bridge enhancer that applies middleware to the send
method. This is handy for a variety of task such as logging every sent
event. Returns the VK Bridge enhancer applying the middleware.
Parameters
middlewareN
A middleware to be appliedExample
import bridge, { applyMiddleware } from '@vkontakte/vk-bridge';
// Logs the result of each sent event
const logger = ({ send, subscribe }) => next => async (method, props) => {
const result = await next(method, props);
console.log(result);
return result;
};
const enhancedBridge = applyMiddleware(logger)(bridge);
FAQs
Connects a Mini App with VK client
We found that @vkontakte/vk-bridge demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.