Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The JavaScript SDK allows developers to integrate the FeedHenry Cloud into any web-based solution - desktop websites, mobile websites or a stand-alone JavaScript client.
The API is provided in the $fh namespace and uses a common convention for most functions, which takes the format:
$fh.doSomething(parameterObject, successFunction, failureFunction)
Where parameterObject is an ordinary JavaScript object. The successFunction callback is called if the operation was successful and the failureFunction callback is called if the operation fails. All of these arguments are optional. If there is only one function, it is taken as the success function.
The successFunction callback is called with one argument, a result object, which is again an ordinary JavaScript object. The failureFunction callback is called with two arguments: an error code string, and an object containing additional error properties (if any).
Detailed documentation for the JavaScript SDK's API can be found here: http://docs.feedhenry.com/v3/api/app_api
The JS SDK is now built using Browserify.
Because of Browserify, you can write any new functions as normal node modules, and use node's "require" to load any other modules, or to be consumed by other modules.
Write your tests in test/tests directory. Add the tests to test/browser/suite.js file and run
grunt test
This will use mocha and phatomjs to run the tests.
In fact, if your module and test don't require a browser environment, you can just run them purely in node. (You may need to add a new grunt task to run them).
To help debugging, you can run
grunt local
This will start mock servers locally and you can go to http://localhost:8200/example/index.html page to debug. You may want to run
grunt watch
In another terminal window to auto generate the combined js sdk file.
For browser compatibility testing, we use Testling. The project page is here: https://ci.testling.com/feedhenry/fh-js-sdk.
You can also run testling locally:
npm install -g testling
testling
If testling can not find any browser locally, you either need to add browser paths to your PATH environment variable, or use
testling -u
and copy the url to a browser.
When finish developing and testing, run
grunt
To generate the release builds.
This process should be changed, however, documenting it here.
Build the js-sdk as above. clone the AppForms-Template repo
git clone git@github.com:feedhenry/AppForms-Template.git
switch to the feedhenry3 branch
git checkout feedhenry3
copy the appForms-backbone file generated in the js-sdk to the AppForms-Template
cp fh-js-sdk/dist/appForms-backbone.js AppForms-Template/client/default/lib/appform-backbone.js
install the node modules in the AppForms-Template
cd AppForms-Template
npm install
and run grunt
grunt
clone the app forms-project-client template app
git clone git://github.com/feedhenry/appforms-project-client.git
copy the resulting lib.min.js to the appforms template
cp AppForms-Template/dist/client/default/lib.min.js appforms-project-client/www/lib.min.js
push the updated changes
git push origin master
Our SDK is release on npmjs. To do a release follow those steps:
package.json
, npm-shrinkwrap.json
, bower.json
file with the new version number.CHANGELOG.md
with some JIRA linkgit tag -s -a {VERSION} -m 'version {VERSION}' // e.g. {VERSION} format is '2.17.0'
git push origin {TAG}
feedhenry
or make sure your own login is part of the collaborator list in fh-js-sdk in npmjs.orgnpm login
npm publish
The documentation is generated from fh-js-sdk.d.ts
.
The generated doc is comitted in doc/
folder and deployed to gh-pages
so that feedhenry.org and portal documentation can pick it up from a published location.
To publish doc, run the command:
npm run doc
Go to gh-pages and see recent commit for the publication.
Sync client development should be done in [fh-sync-js repository] (https://github.com/feedhenry/fh-sync-js)
3.1.2 - 2019-11-12
FAQs
feedhenry js sdk
The npm package fh-js-sdk receives a total of 14 weekly downloads. As such, fh-js-sdk popularity was classified as not popular.
We found that fh-js-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.