Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
gas-client-fork
Advanced tools
gas-client-fork
A client-side utility class that can call server-side Google Apps Script functions
gas-client
A client-side utility class that uses promises to call server-side Google Apps Script functions. This is a user-friendly wrapper of google.script.run.
It can also optionally be used in local development and is designed to interact with the Google Apps Script Dev Server used in the React / Google Apps Script project.
Installation
Install
> npm install gas-client
# or
> yarn add gas-client
import Server from 'gas-client';
const { serverFunctions } = new Server();
// We now have access to all our server functions, which return promises
serverFunctions
.addSheet(sheetTitle)
.then((response) => doSomething(response))
.catch((err) => handleError(err));
Development mode
To use with Google Apps Script Dev Server, pass in a config object with allowedDevelopmentDomains indicating the localhost port you are using. This setting will be ignored in production (see below for more details).
import Server from 'gas-client';
const { serverFunctions } = new Server({
allowedDevelopmentDomains: 'https://localhost:3000',
});
serverFunctions
.addSheet(sheetTitle)
.then((response) => doSomething(response))
.catch((err) => handleError(err));
How to use
Using the gas-client utility class
The gas-client file lets you use promises to call and handle responses from the server, instead of using google.script.run:
// Google's client-side utility "google.script.run" works like this:
google.script.run
.withSuccessHandler((response) => doSomething(response))
.withFailureHandler((err) => handleError(err))
.addSheet(sheetTitle);
// With this package we can now do this:
import Server from 'gas-client';
const { serverFunctions } = new Server();
// We now have access to all our server functions, which return promises
serverFunctions
.addSheet(sheetTitle)
.then((response) => doSomething(response))
.catch((err) => handleError(err));
// Or we can use async/await syntax:
async () => {
try {
const response = await serverFunctions.addSheet(sheetTitle);
doSomething(response);
} catch (err) {
handleError(err);
}
};
Now we can use familiar Promises in our client-side code and have easy access to all server functions.
API
The config object takes:
allowedDevelopmentDomains: A config to specifiy which domains are permitted for communication with Google Apps Script Webpack Dev Server development tool. This is a security setting, and if not specified, will block functionality in development.allowedDevelopmentDomainswill accept either a space-separated string of allowed subdomains, e.g.'https://localhost:3000 https://localhost:8080'(notice no trailing slashes); or a function that takes in the requesting origin and should returntrueto allow communication, e.g.(origin) => /localhost:\d+$/.test(origin);parentTargetOriginAn optional string to specify which parent window domain this client can send communication to. Defaults to own domain for backward compatibility with Google Apps Script Webpack Dev Server development tool (default uses domain where the client is running, e.g. localhost). Can be '*' to allow all parent domains if parent is unknown or variable.
Production mode
In the normal Google Apps Script production environment, new Server() will have one available method:
serverFunctions: an object containing all publicly exposed server functions (see example above).
Note that allowedDevelopmentDomains and parentTargetOrigin configurations will be ignored in production, so the same code can and should be used for development and production.
Development mode
Development mode for the gas-client helper class will be run when the google client API cannot be loaded.
Calling new Server({ allowedDevelopmentDomains }) will create an instance with the following method in development mode:
serverFunctions: a proxy object, used for development purposes, that mimics callinggoogle.script.run. It will dispatch a message to the parent iframe (our custom Dev Server), which will call an app that actually interacts with thegoogle.script.runAPI. Development mode will also handle the response and resolve or reject based on the response type. See the implementation for details on the event signature.
FAQs
A client-side utility class that can call server-side Google Apps Script functions
We found that gas-client-fork demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024