Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
commercecloud-ocapi-client
Advanced tools
An ES6 JavaScript Client for Salesforce Open Commerce API
_______________________________________________________________________________________________________________________________________________________
/ / , / ,
----__----__---_--_---_--_----__---)__----__----__----__---/----__-----------__-/--------__----__----__------__------------__---/--------__----__--_/_-
/ ' / ) / / ) / / ) /___) / ) / ' /___) / ' / / ) / / / / / ) / ' / ) / ) / / ' / / /___) / ) /
_(___ _(___/_/_/__/_/_/__/_(___ _/_____(___ _(___ _(___ _/___(___/_(___(__(___/_______(___/_(___ _(___(___/___/_/_______(___ _/___/___(___ _/___/_(_ __
/
/
Salesforce Commerce Cloud Open Commerce API (OCAPI) for Node and browsers.
This library is distributed on npm, in order to add it as a dependency, run the following command:
npm install commercecloud-ocapi-client --save
Using Webpack you may encounter the following error: "Module not found: Error: Cannot resolve module", most certainly you should disable AMD loader. Add/merge the following section to your webpack config:
module: {
rules: [
{
parser: {
amd: false
}
}
]
}
Please follow the installation instruction and execute the following JS code:
import ShopApi from 'commercecloud-ocapi-client'
ShopApi.ApiClient.instance = new ShopApi.ApiClient()
const api = new ShopApi.CategoriesApi()
api.getCategoriesByIDs(['mens', 'newarrivals'])
.then(() {
console.log('API called successfully.')
})
.catch((fault) => {
console.error(fault)
})
The API client accepts an configuration object, example:
import ShopApi from 'commercecloud-ocapi-client'
const config = {
basePath: 'https://localhost/s/siteId/dw/shop/v20_4',
defaultHeaders: {}, // HTTP header for all requests
timeout: 60000, // Request timeout in milliseconds
cache: true, // If set to false an additional timestamp parameter is added to all API GET calls to prevent browser caching
enableCookies: false, //If set to true, the client will save the cookies from each server response, and return them in the next request.
overrideHttpPut: true // If set to true, any methods specified as using http PUT will be sent using POST along the header value 'x-dw-http-method-override' set to 'PUT'.
}
ShopApi.ApiClient.instance = new ShopApi.ApiClient(config)
To access secure end points, you can pass the username, password in the configuration, example:
import ShopApi from 'commercecloud-ocapi-client'
const config = {
clientUsername: 'username',
clientPassword: 'password',
}
ShopApi.ApiClient.instance = new ShopApi.ApiClient(config)
Or to use oAuth token:
import ShopApi from 'commercecloud-ocapi-client'
const config = {
oauth2AccessToken: 'token'
}
ShopApi.ApiClient.instance = new ShopApi.ApiClient(config)
Because Salesforce OCAPI is not publicly available, you need to have a running instance that you can test against. In the test folder, there is a file config.json
that has the example configuration for your environment. Simply update the file with your instance information
Example:
{
"clientId": "5640cc6b-f5e9-466e-9134-9853e9f9db93",
"baseUrl": "https://localhost/s/siteId/dw/shop/v20_4"
}
Then run the following command:
npm test
We use Circle CI to protect the develop
and master
branch to make sure the builds follows the code style and passes all tests. For every pull request, it is required to pass ALL checks including the following tests:
npm run lint
npm run test
At Mobify, we practice several branching strategies, Release Deployment is a strategy for projects where feature gets bundled into a release periodically. master
contains the code for current version, develop
has the features that is under development and waiting to be released. For new features and bug fixes, please propose pull requests to merge into develop
.
This package is distributed on npm, on every release, we run scripts to automatically merge develop
into master
, test the build in Circle CI as well as publish the package on NPM.
To understand the change between versions, please read CHANGELOG.md. Note that it is required to have a # To be released
section filled out if you are planning to make pull requests that include new features or bug fixes.
Example:
## To be released
- Update npm package to ship with three builds: `UMD`, `CommonJS` and `ES2015` [#4](https://github.com/mobify/commercecloud-ocapi-client/pull/4)
## v0.1.1 (November 7, 2017)
- Update Rollup output format to 'es'
...
This project is open sourced and actively maintained by Mobify. We will make an effort to support the library, but we reserve the right to make incompatible changes when necessary.
v0.2.0 (July 21, 2020)
FAQs
An ES6 JavaScript Client for Salesforce Open Commerce API
The npm package commercecloud-ocapi-client receives a total of 31 weekly downloads. As such, commercecloud-ocapi-client popularity was classified as not popular.
We found that commercecloud-ocapi-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.