Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
compose-remote-form
Advanced tools
A utility library for simplifying ajax form submission and managing response handlers.
Wraps good old forms and transforms them into AJAX forms.
npm install compose-remote-form
var RemoteForm = require('compose-remote-form')
More details about each fired "event" below.
// Register single callbacks:
RemoteForm.on('#formid', 'error', function(form, body, status, xhr) {
console.log('success!', body)
})
// Register multiple callbacks for a single form:
var formEl = document.querySelector('#formid')
RemoteForm.on(formEl, {
beforeSend: function(form, req){
// req is the current reuqest object
console.log('submitting the form...')
},
success: function(form, eventType, xhr){
console.log('success!', xhr.responseText)
},
error: function(form, eventType, xhr){
console.log('error :(', xhr.errors)
},
complete: function(form, eventType xhr){
// All form events have been triggered
// Use this to do any generic cleanup
},
})
// Listen to form events on all forms
RemoteForm.on(document, {
success: function(form, body, status, xhr){
console.log('a form was submited sucessfully!')
},
})
Without the need to bind any extra events, you can specify beforeSend
, success
and error
functions in your extension of RemoteForm (shown in the example code above.)
ajax:beforeSend(form, req)
Fired before sending the AJAX request. There's no stopping it, but it's useful to notify the user that something is happening, disable buttons/inputs, etc.
It's fired with the superagent request (req
) object.
ajax:success(form, body, status, xhr)
Upon success, this is fired with the returned body
, response status
and the ajax request xhr
object.
ajax:error(form, xhr, status, error)
When an error occurs, this event is fired with the original ajax request xhr
object and the error
that the ajax library suffered.
It'll fire in the event of a request not getting through (due to CORS, server down, etc.), a server error (5xx) or a client error (4xx).
ajax:complete(form, xhr, status)
The complete
event is fired at the end of the ajax submission lifecycle,
regardless of success or failure. You might use this event to perform some
cleanup action no matter the end result of a form submission.
If you add a data-confirm='Are you sure?'
to your form's submission button to trigger a confirm dialog. This will use the browser's default confirm dialog but you can customize it like this if you wish.
var RemoteForm = require('compose-remote-form')
RemoteForm.confirm = function(options) {
// your code.
}
The options passed to your confirm function will look like this:
options = {
title: 'Are you sure?', // Based on the button's data-confirm attribute.
submit: '#form-id', // form's id, allowing you to trigger a javascript submit.
message: '', // OPTIONAL: button's data-message attribute, used to allow title/message style dialogs.
destructive: true, // OPTIONAL: Matches data-destructive attribute (used to set styling on warning style confirm dialogs
follow: 'http://...', // OPTIONAL: A data-follow attribute can be set to take a user to a url.
}
FAQs
A utility library for simplifying ajax form submission and managing response handlers.
The npm package compose-remote-form receives a total of 0 weekly downloads. As such, compose-remote-form popularity was classified as not popular.
We found that compose-remote-form demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.