Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
body-checker
Advanced tools
A simple tool to protect your API against bad request parameters
npm install body-checker
var check = require('body-checker');
check([body to validate], [configuration options], [callback]);
This is the object or request parameters (req.body
in express) that you want to validate.
Currently we only support shallow objects, but if there is an overwhelming need for deep objects, let us know in the issues and we will implement deep validation.
This is an object that outlines your allowed request parameters. It takes the following form:
{
paramKey: {
type: 'string', // String: Required
required: false, // Boolean: Optional, defaults to false
default: 'default value' // String: Optional
},
nextParamKey: { ... }
}
Type is a required parameter. If you don't care what type it is, you can set type to any
.
Callback is a traditional callback that passes back a detailed error message or the final req.body
object. The library passes back detailed errors for debugging, but allows you to send your own generic error to the client. This will prevent phishing attacks. See example below.
var check = require('body-checker');
module.exports = function(req, res, next) {
check(req.body, {
name: {
type: 'string',
default: 'public',
required: true
},
id: {
type: 'integer',
required: true
}
}, function(err, body) {
if(err) {
// Log detailed error message on server
console.log(err.message);
// Send generic error to client
res.status(400).send({
message: 'Bad Request'
});
} else {
// do stuff with safe parameters
// and eventually...
res.status(200).send(body);
}
});
}
npm test
FAQs
A simple tool to protect your API against bad request parameters
The npm package body-checker receives a total of 3 weekly downloads. As such, body-checker popularity was classified as not popular.
We found that body-checker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.