Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
ft-next-express
Advanced tools
next-express [![Build Status](https://travis-ci.org/Financial-Times/next-express.svg?branch=master)](https://travis-ci.org/Financial-Times/next-express) ============
Slightly enhanced Express.
npm install -S ft-next-express
Comes with:-
Handlebars (with added support for loading partials from bower_components
)
Origami Image Service integration
Sensible error handling (configurable via environment variables)
Full Next Flags integration
Next Metrics integration
fetch
api)express.metrics
Anti-search engine GET /robots.txt
(possibly might need to change in the future)
(Isomorphic) Fetch polyfill
Exposes everything in the app's ./public
folder via ./{{name-of-app}}
(only in non-production environments, please use next-assets or hashed-assets in production)
Exposes app name via __name
to templates and in a data-next-app
attribute on the html tag in templates
Adds a /{{name-of-app}}/__about
endpoint, which exposes information about the current version of the application running
By default the application's templates are outputted unchanged, but ft-next-express provides 2 inheritable layouts
Exposes express.Router
Provides NODE_ENV
to templates via __environment
__isProduction
is true
if NODE_ENV
equals PRODUCTION
(exposed as data-next-is-production
on the <html>
tag in templates)
__version
is set to the same value as that used by next-build-tools/about (exposed as data-next-version
on the <html>
tag in templates)
Provides a range of handlebars helpers, including template inheritance and layouts
instruments fetch
to send data about server-to-server requests to graphite. See main.js for a list of services already instrumented. To add more services extend the list or, for services specific to a particular app, pass in a 'serviceDependencies' option (see examples below)
Provides a solution for implementing app health checks in adherence to the FT Health Check Standard
Logging (Next logger), exposed via express.logger
npm install --save ft-next-express
When using the default layout there is also a hard dependency on some bower components. To install them (and add to your app's bower.json) run the following on your local machine. It's assumed you will have bower installed globally.
$ ./path/to/ft-next-express/bower-install.sh
main.js
var express = require('ft-next-express');
var app = express({
// Optional. If name is not provided, next-express will try to infer it from package.json
name: "xian",
// Optional
helpers: {
uppercase: function(options) {
return options.fn(this).toUpperCase();
}
},
serviceDependencies: {
// service dependencies should be listed with a regex that matches urls for that service.
// regexes can be whatever you like so it's possible to treat paths within a given service
// as separate services
'youtube': /https?:\/\/youtube\.com/
},
// the following default to true but should normally be set to false if your app is an api
withFlags: false, // disable feature flag middleware
withHandlebars: false // disable handlebars middleware
withBackendAuthentication: false // disable authentication which only allows requests in via fastly
// Optional
healthChecks: []
});
app.get('/', function(req, res, next) {
res.render('main', {
title: "FT",
image: "https://avatars0.githubusercontent.com/u/3502508?v=3",
date: new Date(),
text : "<p>This wont be shown</p><p>This will be shown</p><p>This wont be shown</p>"
});
});
app.listen(process.env.PORT, function() {
console.log("Listening on " + process.env.PORT);
});
views/main.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>{{title}}</title>
<!-- this will be output as <link rel="stylesheet" href="/xian/main.css"> -->
<link rel="stylesheet" href="/{{__name}}/main.css">
</head>
<body>
<h1>{{title}}</h1>
{{#uppercase}}this text will be uppercase{{/uppercase}}
<h2>An image resized to 150px wide</h2>
<img src="{{#resize 150}}{{image}}{{/resize}}" />
{{#flags.myFlag}}
The 'myFlag' flag is switched on
{{/flags.myFlag}}
<time data-o-component="o-date" class="o-date" datetime="{{#dateformat}}{{date}}{{/dateformat}}">
{{#dateformat "dddd, d mmmm, yyyy"}}{{date}}{{/dateformat}}
</time>
{{paragraphs text start=1 end=2}}
{{#removeImageTags}}
Image<img src="someimage.jpg" alt="This wont be shown"/>EndImage
{{/removeImageTags}}
</body>
</html>
If you’re using flags and testing with mocha, you’ll need to expose listen in your app:
module.exports.listen = app.listen(port);
And in your tests, add this:
before(function() {
return app.listen;
});
This’ll make sure your tests wait for flags to be ready.
For an example set of health check results, see next.ft.com/__health. For testing health checks, the Health Status Formatter extension for Google Chrome is recommended.
Health checks can be tested for failures of a specific degree of severity by appending the severity number to the health check URL. This is particularly useful for setting up fine-grained alerting. For example, if on next.ft.com a severity level 2 health check were failing:
https://next.ft.com/__health.1 would return HTTP status 200 https://next.ft.com/__health.2 would return HTTP status 500 https://next.ft.com/__health.3 would return HTTP status 500
Each health check must have a getStatus() property, which returns an object meeting the specifications of the FT Health Check Standard and the [FT Check Standard] (https://docs.google.com/document/edit?id=1ftlkDj1SUXvKvKJGvoMoF1GnSUInCNPnNGomqTpJaFk#). This might look roughly like the following example:
var exampleHealthCheck = {
getStatus: () => {
return {
name: 'Some health check',
ok: true,
checkOutput: 'Everything is fine',
lastUpdated: new Date(),
panicGuide: 'Don\'t panic',
severity: 3,
businessImpact: "Some specific feature will fail",
technicalSummary: "Doesn\'t actually check anything, just an example"
};
}
}
FAQs
next-express [![Circle CI](https://circleci.com/gh/Financial-Times/next-express/tree/master.svg?style=svg)](https://circleci.com/gh/Financial-Times/next-express/tree/master) ============
The npm package ft-next-express receives a total of 3 weekly downloads. As such, ft-next-express popularity was classified as not popular.
We found that ft-next-express demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.