Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
arrow-express
Advanced tools
Readme
Aim of this library is to make express applications bootstrapping easy and fast with zero configuration.
Main principles:
To install package use command:
npm install arrow-express
Point of start for every application. It is used to register controllers and routes.
import Express from "express";
import { Application, Controller, Route } from "arrow-express";
const ExpressApp = Express();
const application = Application({
app: ExpressApp,
})
.registerController(
Controller()
.prefix("user")
.registerRoute(
Route()
.method("get")
.handle(async (req, res) => {
// get user and response
})
)
)
.configure();
ExpressApp.listen(3000);
registerController
- register controller in application.configure
- register routes in express app.Controller is used to manage group of routes under one prefix route.
import { Application, Controller } from "arrow-express";
function UserController() {
return Controller()
.prefix("user")
.registerRoute(
Route()
.method("get")
.handle((req, res) => {
// get user and response
})
);
}
Application({
app: ExpressApp,
})
.registerControllers(UserController())
.configure();
// Registered path will be: GET '/user'
handler(handler)
- register controller handler which will be used by all routesprefix(prefix)
- register controller prefix which will be used by all routesregisterRoute(route)
- register route in controllerregisterRoutes(...routes)
- register multiple routes in controllerregisterController(controller)
- register sub controller in controllerregisterControllers(...controllers)
- register multiple sub controllers in controllerController handler can be used to eg: authorize user and get it's context which will be passed to routes. Handlers like controllers can be chained.
Route is used to manage route handling.
import { Application, Controller, Route } from "arrow-express";
Application({
app: ExpressApp,
})
.registerController(
Controller()
.prefix("user")
.registerRoutes(
Route()
.method("get")
.path("myself")
.handler(async (req: Express.Request, res: Express.Response) => {
const user = {};
// Use some service to extract route
return user;
})
)
)
.configure();
// Registered path will be: GET '/user/myself'
method
- register method used for routepath
- register path of route alongside with prefix it is used to create full pathhandler
- set request handler, here you can handle requestRoute handler receive 3 arguments:
request
- which is Express.Request for pathresponse
- which is Express.Responsecontext
- which is resolution of controller's handlerFeatures of route handler:
res
then library won't try to send result pf handler.If route handler throws RequestError
it will be handled by arrow-express
and respond with http code and response object.
import { RequestError } from "arrow-express";
throw new RequestError(401, {
code: 401,
message: "Unauthorized",
});
Check out example
folder for example code guidance.
Good approach is to use function closures to organize code into chunks.
Eg: create function which will return Controller
and pass to it instance of service as argument instead of importing Singleton service.
This way you will be able to test routes and controllers with ease without module mocking and you will avoid side effects.
// index.ts file
async function startServer() {
const expressApplication = Express();
const userService = new UserService();
Application({
app: expressApplication,
})
.registerController(UserController(userService))
.configure();
expressApplication.listen(3000);
}
// user.controller.ts file
export function UserController(userService: UserService): ControllerConfiguration {
return Controller().prefix("users").registerRoutes(GetUserById(userService), GetMyselfRoute(userService));
}
FAQs
Library to bootstrap express applications with zero configuration
We found that arrow-express demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.