![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
aspida
Advanced tools
Readme
aspida | aspida-mock | openapi2aspida | pathpida |
---|
@aspida/axios | @aspida/ky | @aspida/fetch | @aspida/node-fetch |
---|
TypeScript friendly HTTP client wrapper for the browser and node.js.
$ mkdir apis
GET: /v1/users/?limit={number}
POST: /v1/users
apis/v1/users/index.ts
interface User {
id: number
name: string
}
export interface Methods {
get: {
query?: {
limit: number
}
resBody: User[]
}
post: {
reqBody: {
name: string
}
resBody: User
}
}
GET: /v1/users/${userId}
PUT: /v1/users/${userId}
apis/v1/users/_userId@number.ts
Specify the type of path variable “userId” starting with underscore with “@number”
If not specified with @, the default path variable type is "number | string"
interface User {
id: number
name: string
}
export interface Methods {
get: {
resBody: User
}
put: {
reqBody: {
name: string
}
resBody: User
}
}
package.json
{
"scripts": {
"api:build": "aspida --build"
}
}
$ npm run api:build
> apis/$api.ts was built successfully.
src/index.ts
import aspida from "@aspida/axios"
import api from "../apis/$api"
;(async () => {
const userId = 0
const limit = 10
const client = api(aspida())
await client.v1.users.post({ data: { name: "taro" } })
const res = await client.v1.users.get({ query: { limit } })
console.log(res)
// req -> GET: /v1/users/?limit=10
// res -> { status: 200, data: [{ id: 0, name: 'taro' }], headers: {...} }
const user = await client.v1.users._userId(userId).$get()
console.log(user)
// req -> GET: /v1/users/0
// res -> { id: 0, name: 'taro' }
})()
Create a configuration file at the root of the project
aspida.config.js
module.exports = { input: "src" }
Specify baseURL in configuration file
module.exports = { input: "apis", baseURL: "https://example.com/api" }
If you want to define multiple API endpoints, specify them in an array
module.exports = [{ input: "api1" }, { input: "api2", baseURL: "https://example.com/api" }]
aspida leaves GET parameter serialization to standard HTTP client behavior
If you want to serialize manually, you can use config object of HTTP client
src/index.ts
import axios from "axios"
import qs from "qs"
import aspida from "@aspida/axios"
import api from "../apis/$api"
;(async () => {
const client = api(
aspida(axios, { paramsSerializer: params => qs.stringify(params, { indices: false }) })
)
const users = await client.v1.users.$get({
// config: { paramsSerializer: (params) => qs.stringify(params, { indices: false }) },
query: { ids: [1, 2, 3] }
})
console.log(users)
// req -> GET: /v1/users/?ids=1&ids=2&ids=3
// res -> [{ id: 1, name: 'taro1' }, { id: 2, name: 'taro2' }, { id: 3, name: 'taro3' }]
})()
apis/v1/users/index.ts
export interface Methods {
post: {
reqFormat: FormData
reqBody: {
name: string
icon: ArrayBuffer
}
resBody: {
id: number
name: string
}
}
}
src/index.ts
import aspida from "@aspida/axios"
import api from "../apis/$api"
;(async () => {
const client = api(aspida())
const user = await client.v1.users.$post({
data: {
name: "taro",
icon: imageBuffer
}
})
console.log(user)
// req -> POST: h/v1/users
// res -> { id: 0, name: 'taro' }
})()
apis/v1/users/index.ts
export interface Methods {
post: {
reqFormat: URLSearchParams
reqBody: {
name: string
}
resBody: {
id: number
name: string
}
}
}
src/index.ts
import aspida from "@aspida/axios"
import api from "../apis/$api"
;(async () => {
const client = api(aspida())
const user = await client.v1.users.$post({ data: { name: "taro" } })
console.log(user)
// req -> POST: /v1/users
// res -> { id: 0, name: 'taro' }
})()
apis/v1/users/index.ts
export interface Methods {
get: {
query: {
name: string
}
resBody: ArrayBuffer
}
}
src/index.ts
import aspida from "@aspida/axios"
import api from "../apis/$api"
;(async () => {
const client = api(aspida())
const user = await client.v1.users.$get({ query: { name: "taro" } })
console.log(user)
// req -> GET: /v1/users/?name=taro
// res -> ArrayBuffer
})()
aspida is licensed under a MIT License.
FAQs
Unknown package
We found that aspida demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.