Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
baibulo
Advanced tools
Readme
Baibulo (version in Chewa) is a versioned static content server and manager package for Node express applications. It is a version of implementation of approach presented on RailsConf 2014 by Luke Melia.
The solution comes in the form of an Express middleware. The following is a basic usage example:
const app = require('express')()
const cookieParser = require('cookie-parser')
const baibulo = require('../')
app.use(cookieParser())
app.use(baibulo({ root: '/tmp/baibulo', download: true, upload: true }))
app.listen(3000, () => {
console.log("Listening for requests on ports 3000\n");
})
As you can see there are 3 different parameters that can be adjusted:
root
- the root folder on the filesystem that all versioned files will be stored in
download
- a flag that enables download of content.
upload
- a flag that enables uploading of new content. Setting it to false
(for example in production) disables the upload thus providing a secure way of serving content to the general public. Nothing stands in the way of having additional server running on an internal IP address that would allow for upload. After all this is just file system that is being used as storage.
The middleware mapping determines what will be the root URL for all content.
The deployment can be done either using cURL or with a dedicated utility called baibulo-deploy
written as a Node.js package. See https://github.com/aplaline/baibulo-deploy for further information about that utility.
For now let's concentrate on how to deploy a single file in a specific version using cURL.
curl -v -X PUT \
--data-binary "@image.png" \
-H "Version: TST-1234" \
http://localhost:8080/hello/assets/image.png
Alternatively to the Version
header you can use the query string parameter named version
like so:
curl -v -X PUT \
--data-binary "@image.png" \
http://localhost:8080/hello/assets/image.png?version=TST-1234
When uploading assets Baibulo has a 2 step process that tries to figure out what version should the asset be in:
version
Version
If none is specified the upload fails.
When retrieving content Baibulo has 4 stages at which it tries to determine the version which should be served:
version
Version
Referrer
and its query string parameter version
__version
If none will be found then the version name release
will be used.
Baibulo stores the content of static assets in folders with the name of the file and underneeth it there are files with the actual version name. For a simple index.html
in version TST-1234 (mimicing a Jira ticket number) the structure would look like that:
/
/index.html
/TST-1234
In the future there will be options to store the assets in other storages, such as SQL and NoSQL databases, maybe even in S3 or other cloud storages.
FAQs
Baibulo (version in Chewa) - versioned static content server and manager
The npm package baibulo receives a total of 14 weekly downloads. As such, baibulo popularity was classified as not popular.
We found that baibulo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.