Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Create JavaScript Error objects with code strings, context details, and templated messages.
There is annotated source code for this module.
For use in library modules to generate contextual errors with useful meta data. Your library module can throw or pass (to a callback) an Error object that has additional properties, such as a code, that can be used for programmatic inspection by client code that uses your library.
See the use-plugin module for an example of practical usage.
var error = require('eraro')({package:'mylib'})
// throw an Error object that has a code
throw error('code_string')
// provide a user message
throw error('code_string', 'Message text.')
// supply context details for error
throw error('code_string', 'Message text.', {foo:1, bar:2})
// extend an existing Error object
var ex = new Error('Another message.')
throw error(ex,'code_string',{zed:3})
In all these cases, the Error object will have a code property with value "code_string".
npm install eraro
There's an npm module page for eraro.
Use this module when you are writing a library that will be used by application code. It allows your library to generate informative error messages.
The module itself is a generator function (taking options) that returns the error-creating function that you will actually use. Thus the most common way to use eraro is to require and call immediately:
var error = require('eraro')({package:'mylib'})
The error function can then be used in your library code. The error function generates Error objects, which can be thrown or used in callbacks:
throw error('code1')
function doStuff( input, callback ) {
if( bad( input ) ) return callback( error('code2') );
}
The package option is normally the name of your library. That is, the value of the name property in package.json. The generated Error object will have two properties to define the package: package, a string that is the name of the package, and also a boolean, the name of the package itself. This lets you check for the type of error easily:
var error = require('eraro')({package:'mylib'})
var err0 = error('code0')
"mylib" === err0.package // true
err0.mylib // true
You can supply additional contextual details for debugging or other purposes. These are placed inside the details property of the generated Error:
var error = require('eraro')({package:'mylib'})
var err0 = error('code0',{foo:'FOO',bar:'BAR'})
"FOO" === err0.details.foo
"BAR" === err0.details.bar
To provide consistent error messages to your users, you can define a set of message templates, keyed by code:
var error = require('eraro')({package:'mylib',msgmap:{
code0: "The first error, foo is <%=foo%>.",
code1: "The second error, bar is <%=bar%>.",
}})
When you specify a code, and details, these are inserted into the message (if any) associated with that code:
var err0 = error('code0',{foo:'FOO',bar:'BAR'})
"mylib: The first error, foo is FOO." === err0.message
The message templates are underscorejs templates with the default settings.
If you specify a message directly, this is also interpreted as a template:
var err0 = error('code2',
'My custom message, details: <%=util.inspect(zed)%>',
{zed:{a:1,b:2}})
"mylib: My custom message, details: { a: 1, b: 2 }" === err0.message
The returned Error object has the following additional properties:
You can pass in an existing Error object. The additional properties will be added to it, but the original message will be used as the message template, overriding any matching code message.
When creating an error function, you can use the following options:
For real-world usage examples, see:
If you're using this module, feel free to contact me on twitter if you have any questions! :) @rjrodger
Current Version: 0.3.0
Tested on: node 0.10.31
FAQs
Create JavaScript Error objects with code strings, context details, and templated messages.
The npm package eraro receives a total of 10,738 weekly downloads. As such, eraro popularity was classified as popular.
We found that eraro demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.