Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Dynamic JSON-Schema Validator
Current package supports JSON-Schema v6 and v4. It contains utils to validate objects against schemas. This is a part of djv packages aimed to work with json-schema.
Any contributions are welcome. Check the contribution guide.
Since version 1.2.0 djv package supports draft-06
. Version 2.0.0 makes draft-06
the default schema version. To use other versions check the environment section.
npm install djv
or
<script src="djv.js"></script>
There are 2 versions of validator
./lib/djv.js
a default one, not uglified and not transpiled./djv.js
a built one with a webpack, babel and uglify (preferable for frontend)const env = new djv();
const jsonSchema = {
"common": {
"properties": {
"type": {
"enum": ["common"]
}
},
"required": [
"type"
]
}
};
// Use `addSchema` to add json-schema
env.addSchema('test', jsonSchema);
env.validate('test#/common', { type: 'common' });
// => undefined
env.validate('test#/common', { type: 'custom' });
// => 'required: data'
To instantiate djv environment
const djv = require('djv');
const env = djv({
version: 'draft-06', // use json-schema draft-06
formats: { /*...*/ }, // custom formats @see #addFormat
errorHandler: () => { /*...*/ }, // custom error handler, @see #setErrorHandler
});
To use a previous version of JSON-Schema draft, use a draft-04
plugin, specified in optionalDependencies of djv package.
const env = new djv({ version: 'draft-04' });
Add a schema to a current djv environment,
env.addSchema('test', jsonSchema);
/* => {
fn: function f0(data){...}
name: 'test'
schema: ...
} */
Check if object is valid against the schema
env.validate('test#/common', { type: 'common' });
// => undefined
env.validate('test#/common', { type: 'custom' });
// => 'required: data'
where
Remove a schema or the whole structure from the djv environment
env.removeSchema('test');
Resolve the name by existing environment
env.resolve('test');
// => { name: 'test', schema: {} }, fn: ... }
Export the whole structure object from environment or resolved by a given name
env.export();
// => { test: { name: 'test', schema: {}, ... } }
where state is an internal structure or only resolved schema object
Import all found structure objects to internal environment structure
env.import(config);
Add formatter to djv environment. When a string is passed it is interpreted as an expression which when returns true
goes with an error, when returns false
then a property is valid. When a function is passed it will be executed during schema compilation with a current schema and template helper arguments.
env.addFormat('UpperCase', '%s !== %s.toUpperCase()');
// or
env.addFormat('isOk', function(schema, tpl){
return `!${schema.isOk}`;
});
env.validate('ok', 'valid') // => undefined if schema contains isOk property
Specify custom error handler which will be used in generated functions when problem found.
The function should return a string expression, which will be executed when generated validator function is executed. The simplist use case is the default one @see template/defaultErrorHandler
function defaultErrorHandler(errorType) {
return `return "${errorType}: ${tpl.data}";`;
}
It returns an expression 'return ...', so the output is an error string.
djv({ errorHandler: () => 'return { error: true };' }) // => returns an object
djv({
errorHandler(type) {
return `errors.push({
type: '${type}',
schema: '${this.schema[this.schema.length - 1]}',
data: '${this.data[this.data.length - 1]}'
});`;
}
});
When a custom error handler is used, the template body function adds a error
variable inside a generated validator, which can be used to put error information. errorType
is always passed to error handler function. Some validate utilities put extra argument, like f.e. currently processed property value. Inside the handler context is a templater instance, which contains this.schema
, this.data
paths arrays to identify validator position.
@see test/index/setErrorHandler for more examples
To customize environment provide a configure
function which will update configuration for djv instance.
env.useVersion('draft-04')
// or
env.useVersion('custom', configure)
Configure
will get internal properties as an argument. Check the @korzio/djv-draft-04 code.
exposed = {
properties,
keywords,
validators,
formats,
keys,
transformation,
}
!Important Modifying them will affect all djv instances in an application.
npm test
FAQs
dynamic json-schema validator
The npm package djv receives a total of 31,512 weekly downloads. As such, djv popularity was classified as popular.
We found that djv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.