Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
deconstruct-api
Advanced tools
A desconstructed, extendable API framework, requiring the minimum of work to get things done
A deconstructed, extendable API framework, minimising the amount of work to get things done
In your project folder:
npm install --save deconstruct-api
In your start script:
const dapi = require ( 'deconstruct-api' );
dapi.loadRoutes ( path.resolve ( './my-routes' ), error => {
if ( error ) {
return console.error ( error );
}
dapi.start ( process.env.PORT );
} );
The route folder is expected to contain routes handlers, the names of which are directly derived from the path it should serve, as follows:
GET /path/to/{some}/resource/{id} => pathto~:someresource:id~get.js
(where some and id are path parameters)
All handler modules should be curried (a good library to use is ramda.curry), and should accept three parameters:
const R = require ( 'ramda' );
module.exports = R.curry ( ( utils, req, res ) => {} );
The request parameter is mostly accessed for query variables (req.query), path parameters (req.params), and in the case of POST and PUT, the body (req.body).
Utils provides a few handy utilities:
A handy console.log replacement that stringifies JSON with line breaks and indentation.
Returns results & errors to the user by simply calling them back. This utility is called with the res parameter, and returns a callback function.
(See error utility for HTTP status codes)
const R = require ( 'ramda' );
module.exports = R.curry ( ( utils, req, res ) => {
if ( ! is_auth ) {
return utils.callback ( res )( {
code: 401,
message: 'Authentication required'
} );
}
return utils.callback ( res )( {
status: 'success'
} );
} );
Returns errors to the user by simply calling them back. This utility is called with the res parameter, and returns a callback function that can be called on any error. (Equivalent to calling utils.callback ( res )( error, null ))
If the error is an object, and has a numerical code attribute, the value of code is returned as the HTTP status code of the response. Otherwise, a status code of 500 will be returned.
const R = require ( 'ramda' );
module.exports = R.curry ( ( utils, req, res ) => {
if ( ! is_auth ) {
return utils.error ( res )( {
code: 401,
message: 'Authentication required'
} );
}
return utils.callback ( res )( {
status: 'success'
} );
} );
A utility to allow other routes to be re-used. It returns the result of route as a highland stream. As first parameter, it expects the name of the route you whish to reuse, and the remaining three parameters are utils, req, and res:
const R = require ( 'ramda' );
module.exports = R.curry ( ( utils, req, res ) => {
utils.streamRoute ( '~some~:other~route~get.js', utils, req, res )
.toCallback ( utils.callback ( res ) );
} );
The addUtil method can be used to add your own, custom utilities to the utils object that gets passed as the first argument to every handler. Only add utilities here that are completely ubiquitous (ie gets used by the majority of your handlers), or it will become bloated quite quickly.
const H = require ( 'highland' );
const R = require ( 'ramda' );
const path = require ( 'path' );
const cluster = require ( 'cluster' );
const numCPUs = require ( 'os' ).cpus ().length;
const deconstruct = require ( 'deconstruct-api' );
const myUtil = someString => {
return `transformed ${someString}`;
};
deconstruct.addUtil ( 'myUtil', myUtil ); // available as utils.myUtil ()
if ( cluster.isMaster ) {
console.log ( `MASTER: starting ${numCPUs} processes` );
R.range ( 0, numCPUs ).forEach ( i => {
console.log ( `MASTER: starting worker #${i}` );
cluster.fork ();
} );
} else {
return H.wrapCallback ( deconstruct.loadRoutes )( path.resolve ( './routes' ) )
.errors ( error => {
console.error ( error );
} )
.each ( routes => {
console.log ( 'WORKER: started' );
deconstruct.start ( process.env.PORT || 8080 );
} );
}
FAQs
A desconstructed, extendable API framework, requiring the minimum of work to get things done
We found that deconstruct-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.