Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
enketo-transformer
Advanced tools
Library/app that transforms ODK-compliant XForms into a format that Enketo can consume
NodeJS library that transforms OpenRosa/ODK XForms into a format the Enketo understands. It works both as a library module, as well as a standalone app.
npm install enketo-transformer --save
const transformer = require('enketo-transformer');
const xform = fs.readFileSync( 'path/to/xform.xml' );
transformer.transform( {
// required string of XForm
xform: xform,
// optional string, to add theme if no theme is defined in the XForm
theme: 'sometheme',
// optional map, to replace jr://..../myfile.png URLs
media: {
'myfile.png' : '/path/to/somefile.png',
'myfile.mp3' : '/another/path/to/2.mp3'
},
// optional ability to disable markdown rendering (default is true)
markdown: false,
// optional preprocess function that transforms the XForm (as libXMLJs object) to
// e.g. correct incompatible XForm syntax before Enketo's transformation takes place
preprocess: doc => doc,
} ).then(function( result ){
// do something with result
});
npm install
npm start
GET /transform
with xform parameter (required, xform URL), orPOST /transform
with URL-encoded body including xform
(required, full XForm as a string), theme
(optional, string), and media
(optional, map) parameterssample GET request:
curl http://localhost:8085/transform?xform=https://example.com/forms/78372/form.xml
sample POST request:
curl -d "xform=<xform>x</xform>&theme=plain&media[myfile.png]=/path/to/somefile.png&media[this]=that" http://localhost:8085/transform
{
"form" : "<form>.....</form>",
"model": "<model>...</model>",
"transformerVersion": "1.13.0",
"languageMap": { "Français": "fr", "English": "en" }
}
npm test
npm run test:watch
npm run test-watch
, and support for debugging in VSCode is provided. For instructions see [./#debugging-test-watch-mode-in-vscode](Debugging test watch mode in VSCode) belowBasic usage:
Optionally, you can add a keyboard shortcut to select launch tasks:
workbench.action.debug.selectandstart
The script npm run develop
runs the app on port 8085 and also serves test/forms on port 8081. You could test the transformation output by placing an XForm in test/forms and running
http://localhost:8085/transform?xform=http://localhost:8081/autocomplete.xml
There is also a helpful GET /transform/htmlform endpoint to easily inspect the HTML form output in the developer console. Example: http://localhost:8085/transform/htmlform?xform=http://localhost:8081/autocomplete.xml
A vagrant configuration file and provisioning script is also included. Use DEBUG environment variable to see debug terminal output, e.g.:
DEBUG=api,transformer,markdown,language node app.js
Releases are done each time a dependent tool needs an enketo-transformer
change.
npm update
node-libxslt
has been updated because it has caused problems in the pastnpm audit
npm audit fix --production
to apply most important fixesnpm ci
npm test
npm run build-docs
CHANGELOG.md
package.json
See license document.
In addition, any product that uses enketo-transformer or parts thereof is required to have a "Powered by Enketo" footer, according to the specifications below, on all screens in which the output of enketo-xslt, or parts thereof, are used, unless explicity exempted from this requirement by Enketo LLC in writing. Partners and sponsors of the Enketo Project, listed on https://enketo.org/#about and on https://github.com/enketo/enketo-core#sponsors are exempted from this requirements and so are contributors listed in package.json.
The aim of this requirement is to force adopters to give something back to the Enketo project, by at least spreading the word and thereby encouraging further adoption.
Specifications:
Example:
See change log
FAQs
Library that transforms ODK-compliant XForms into a format that Enketo can consume
The npm package enketo-transformer receives a total of 184 weekly downloads. As such, enketo-transformer popularity was classified as not popular.
We found that enketo-transformer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.