Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
asana-actions-test
Advanced tools
Official NodeJS and BrowserJS client for the Asana API
A JavaScript client (for both Node and browser) for the Asana API v1.0.
Install with npm:
npm install asana --save
Include the latest release directly from GitHub.
<script src="https://github.com/Asana/node-asana/releases/download/<LATEST_RELEASE>/asana-min.js"></script>
OR:
<script>
tag.nodeify
, which
takes a callback as parameter. For generators and streams, co and
highland also support promises, respectively. Beyond that, other
major libraries such as mongoose, mocha, and elastic search (which uses
bluebird) also support Promises.To do anything, you'll need always an instance of an Asana.Client
configured
with your preferred authentication method (see the Authentication section below
for more complex scenarios) and other options.
The most minimal example would be as follows:
const asana = require('asana');
const client = asana.Client.create().useAccessToken('my_access_token');
client.users.me().then(function(me) {
console.log(me);
});
All resources are exposed as properties of the Asana.Client
instance (e.g. client.workspaces
). See the [developer documentation][api-reference] for docs on each of them.
This module supports authenticating against the Asana API with either a Personal Access Token or through OAuth 2.0.
const client = Asana.Client.create().useAccessToken('personal_access_token');
Authenticating through OAuth2 is preferred. There are many ways you can do this.
In all cases, you should create a Client
that contains your app information. The values in the below snippet should be substituted with the real properties from your application's settings.
const client = Asana.Client.create({
clientId: 123,
clientSecret: 'my_client_secret',
redirectUri: 'my_redirect_uri'
});
If you have a plain bearer token obtained somewhere else and you don't mind not having your token auto-refresh, you can authenticate with it as follows:
client.useOauth({
credentials: 'my_access_token'
});
If you obtained a refresh token (from a previous authorization), you can use it together with your client credentials to authenticate:
const credentials = {
// access_token: 'my_access_token',
refresh_token: 'my_refresh_token'
};
client.useOauth({
credentials: credentials
});
See examples/oauth/webserver
for a working example of this.
Currently, Asana has removed support for implicit grant and client-side authorization code grant. To correctly implement oauth in a browser, use your own server as the token exchange endpoint:
Asana.Client.create({
clientId: clientId,
redirectUri: 'http://localhost:' + port + '/oauth_callback',
tokenExchangeEndpoint: 'https://my-app-server.io/oauth_token'
});
When a request comes to your server, verify it's a valid request (either using your own login cookie, cors, etc.). Then
take the body, add your client_secret
to it, and send a POST request with the body to
https://app.asana.com/-/oauth_token
. This will give your server the access and refresh tokens. Either return the
access_token to the browser, or keep it on your server if your server handles requests to Asana.
Here is an express example for AWS Lambda that works as an app server.
Your client side code will look similar to the webserver example, but with client side routing instead of express.
Whenever you ask for a collection of resources, you will receive a Collection
object which gives you access to a page of results at a time. You can provide
a number of results per page to fetch, between 1
and 100
.
It defaults to 50
if you don't provide any.
client.tasks.findByTag(tagId, { limit: 5 }).then(function(collection) {
console.log(collection.data);
// [ .. array of up to 5 task objects .. ]
});
Additionally, Collection
has a few useful methods that can make them
more convenient to deal with.
To get the next page of a collection, you do not have to manually construct
the next request. The nextPage()
method takes care of this for you:
client.tasks.findByTag(tagId).then(firstPage => {
console.log(firstPage.data);
firstPage.nextPage().then(secondPage => {
console.log(secondPage.data);
});
});
To automatically fetch a bunch of results and have the client transparently
request pages under the hood, use the fetch()
method:
client.tasks.findByTag(tagId).then(collection => {
// Fetch up to 200 tasks, using multiple pages if necessary
collection.fetch(200).then(tasks => {
console.log(tasks);
});
});
You can also construct a stream
from a collection. This will transparently
(and lazily) fetch the items in the collection in pages as you iterate
through them.
client.tasks.findByTag(tagId).then(collection => {
collection.stream().on('data', task => {
console.log(task);
});
});
To quickly debug raw requests. Set debug to true on the Asana dispatcher.
client.dispatcher.debug(true);
We use the request library under the hood, and this is equivalent to setting request.debug = true;
In any request against the Asana API, there a number of errors that could
arise. Those are well documented in the [Asana API Documentation][api-reference], and
are represented as exceptions under the namespace Asana.errors
.
To add global headers (like for our deprecation framework), you add them to the client.
asana.Client.create({"defaultHeaders": {"asana-enable": "string_ids,new_sections"}});
You will receive warning logs if performing requests that may be affected by a deprecation. The warning contains a link that explains the deprecation.
If you receive one of these warnings, you should:
"asana-enable"
header.If you would rather suppress these warnings, you can do the following:
asana.Client.create({"logAsanaChangeWarnings": false});
Various examples are in the repository under examples/
, but some basic
concepts are illustrated here.
const Asana = require('asana');
const util = require('util');
// Using a PAT for basic authentication. This is reasonable to get
// started with, but Oauth is more secure and provides more features.
var client = Asana.Client.create().useAccessToken(process.env.ASANA_PAT);
client.users.me()
.then(user => {
const userId = user.gid;
// The user's "default" workspace is the first one in the list, though
// any user can have multiple workspaces so you can't always assume this
// is the one you want to work with.
const workspaceId = user.workspaces[0].gid;
return client.tasks.findAll({
assignee: userId,
workspace: workspaceId,
completed_since: 'now',
opt_fields: 'id,name,assignee_status,completed'
});
})
.then(response => {
// There may be more pages of data, we could stream or return a promise
// to request those here - for now, let's just return the first page
// of items.
return response.data;
})
.filter(task => {
return task.assignee_status === 'today' ||
task.assignee_status === 'new';
})
.then(list => {
console.log(util.inspect(list, {
colors: true,
depth: null
}));
})
.catch(e => {
console.log(e);
});
The code is thoroughly documented with JSDoc tags. The [Official Asana Documentation][asana-doc] is a great resource, since this is just a thin wrapper for the API.
Feel free to fork and submit pull requests for the code! Please follow the existing code as an example of style, and make sure that all your code passes lint and tests.
For a sanity check:
git clone git@github.com:Asana/node-asana.git
cd node-asana
npm install
npm test
The specific Asana resource classes within the gen folder (Tag
, Workspace
, Task
, etc.) are
generated code, hence they shouldn't be modified by hand.
See our [openapi spec][https://github.com/Asana/developer-docs/blob/master/defs/asana_oas.yaml] and swagger for details.
Repo Owners Only. Take the following steps to issue a new release of the library.
master
branch and commit them.master
.gulp bump-patch
, gulp bump-feature
, or gulp bump-release
git push origin master --tags
Travis CI will automatically build and deploy the tagged release.
FAQs
Official NodeJS and BrowserJS client for the Asana API
The npm package asana-actions-test receives a total of 0 weekly downloads. As such, asana-actions-test popularity was classified as not popular.
We found that asana-actions-test demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.