Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
feature-flags
Advanced tools
This module lets developers set user levels and restrict access to features based on said levels. It also provides a web interface to customize those levels without pushing additional code or restarting the server. Currently, Feature Flags only supports restriction by url.
ALL OF THIS IS VERY SUBJECT TO CHANGE
You know those weird bits of code that go something like this?
app.get('/', routes.index);
Boring as all get out. Spice up your file with a little Feature flags:
var ff = require('feature-flags');
Now that the life of the party's here, switch out those silly strings for some FUNCTIONS!
app.get(ff.requireLevel('admin', '/'), routes.index);
Now we're talking. Notice the two parameters. The first is the level required ('admin'
), the second is the path ('/'
). Here, we're only allowing admins at root. Hardcore.
Now, you'll need to let Feature Flags actually route some things around, or else it'll get angry. To pacify Feature Flags, add the following to app.configure
call (you did require it?):
app.use(ff.init());
Feature Flags will check against req.user.auth
if req.user
is defined, and req.session.auth
if it isn't. If there aren't any sessions, Feature Flags will crash horribly. Future plans: make it crash less horribly.
You'll need to fill that property with one of anon
, login
, pants
, admin
. How you do it is up to you. Again, pre-alpha. In the future you'll be able to configure the levels and save yourself from the embarrassment of assigning pants
as your sysadmin's role. (Looks like I'll be adding custom config in the next release, 0.0.3)
You'll need MongoDB on your localhost, and your app needs to run express.
This is the pre-alpha release, so expect these requirements to loosen in the future. If you've got a particular configuration you'd like me to support, open an issue.
Feature Flags is released under MIT.
Todo:
FAQs
Access control for express-based node apps
We found that feature-flags demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.