Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
We are no longer supporting this npm package and are currently working on releasing new client libraries/SDKs to support you better. Follow our roadmap here to suggest what client library/SDK we should focus on first.
1. Installation
2. Usage
2.1 Building an API client
2.2 Interacting with companies
2.3 Using company data query objects
2.4 Using the company data client
Node module for accessing the Codat Accounting Data API from your node applications.
You can install this package using the following command:
npm install --save codat
For more information on Codat see www.codat.io
The codat library is written in idiomatic ES6 this is to support the use of modern features and tooling to make your life as a developer easier. If you are running your application on a platfrom that does not support this version of Javascript, you will need to use additional tools to compile the source code.
We use a tool called Babel at Codat and can highly recommend it.
Please refer to the tests in the project, they document the usage of the components found in the library.
The API client is a handy object that exposes useful functionality from the Codat public API, as well as helping you make queries against data for linked companies.
// Import the module just like any other node dependancy.
import {
apiClient as codat,
queries as codatQueries } from 'codat';
var apiKey = '<YOUR API KEY HERE>';
// Use codat.uat for UAT environment.
var codatApiUat = codat.uat(apiKey);
var codatApi = codat.apiClient(codat.constants.UAT)(apiKey);
// Use whichever method suits your build pipeline the best.
codatApiUat === codatApi;
// Use codat.production for Production environment.
var codatApiProd = codat.production(apiKey);
var codatApi = codat.apiClient(codat.constants.PRODUCTION)(apiKey);
// The common datasets are listed in constant data.
var datasets = codatQueries.constants;
When you want to intereact directly with your linked companies you can use the helper method exposed by the API client.
This set of features allows you to:
addCompany
- Add companies.removeCompany
- Remove companies.updateCompany
- Update companies.getCompany
- Get information about a specific company.getCompanies
- Query for all currently linked companies. // Please see section 2.1 on creating the codatApiClient
// Add a new company
codatApi
.addCompany(new AddCompany('My Company', 'xero'))
.then(newCompany => console.log(newCompany.id));
// Fetch list of all linked companies
codatApi
.getCompanies()
.then(response => response.companies.forEach(r => console.log(r.name)));
When you want to get hold of data for a specific company you can use one of the given query objects. These query objects make building reuseable queries much easier as they specify the specific parameters for filters that you might want to use.
// Please see section 2.1 on creating the codatApiClient
import { BalanceSheetQuery } from 'codat-queries';
var companyId = 'ff36ff03-17de-47be-883a-5ceecbbc65ed';
// Build a reusable query object.
// The query objects help you specify any query parameters.
var balanceSheetQuery = new BalanceSheetQuery(companyId, 1, 3, new Date());
// Run the query using your codatApi client.
balanceSheetQuery
.run(codatApi)
.then(response => {
// Display net assets for each period
response.reports.forEach(r => console.log(`${r.date} - Net Assets: ${response.currency} ${r.netAssets}`));
});
You can use the company data api client to build your own queries without the query objects and specifiy the arguments yourself.
In fact this is what the query objects use under the hood!
// Please see section 2.1 on creating the codatApiClient
var companyId = 'ff36ff03-17de-47be-883a-5ceecbbc65ed';
// You can also roll your own queries to the data api.
// Be aware some query parameters are not availble on all endpoints.
var companyClient = codatApi.companyDataClient(companyId);
// You can do this with a new company data client from the api client
companyClient.get(datasets.BALANCE_SHEET, {
periodLength: 1,
periodsToCompare: 3
})
.then(response => {
// Display net assets for each period
response.reports.forEach(r => console.log(`${r.date} - Net Assets: ${response.currency} ${r.netAssets}`));
});
If you need to refresh the data for a given company on demand, you cann use the provided refresh extensions and run them using the codatApiClient
just like you can with the queries.
// Please see section 2.1 on creating the codatApiClient
import { RefreshAllDatasets } from 'codat-refresh';
var companyId = 'ff36ff03-17de-47be-883a-5ceecbbc65ed';
// Build a reusable refresh object.
var refreshAllDatasets = new RefreshAllDatasets(companyId);
// Run the query using your codatApi client.
refreshAllDatasets
.run(codatApi)
.then(response => {
// You can now long pool the status endpoint for success.
return codatApi.getCompanyDataStatus(companyId);
})
.then(statuses => {
// The statuses object is a dictionary of datasets to their
// refresh status.
if (statuses[constants.datasets.INVOICES] === 'Complete') {
// Invoices successfully refreshed!
}
});
FAQs
Client Library for Codat accounting data API
The npm package codat receives a total of 66 weekly downloads. As such, codat popularity was classified as not popular.
We found that codat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.