Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
google-gax
Advanced tools
The google-gax (Google API Extensions) package is a set of libraries for making Google API client libraries. It provides functionality such as automatic retries, page iteration, and request bundling. It is mainly used internally by Google's auto-generated client libraries for Node.js.
Automatic Retries
This feature allows developers to specify retry logic for failed requests. The RetryOptions class can be used to define backoff settings for retries.
const {RetryOptions} = require('google-gax');
const retryOptions = new RetryOptions(
[100, 200, 400, 800, 1600],
RetryOptions.createRetryPolicy()
);
Page Iteration
This feature simplifies the process of iterating over multiple pages of API response data. The createApiCall function can be configured to handle pagination automatically.
const {createApiCall} = require('google-gax');
const apiCall = createApiCall(
promiseFunc,
{autoPaginate: true}
);
const resources = [];
apiCall({},
(err, response, nextPageRequest, rawResponse) => {
resources.push(...response);
if (nextPageRequest) {
// More results to fetch
}
}
);
Request Bundling
Request bundling allows developers to combine multiple API calls into a single request to reduce network overhead. The BundleDescriptor and BundleExecutor classes are used to define and execute bundled requests.
const {BundleDescriptor, BundleExecutor} = require('google-gax');
const descriptor = new BundleDescriptor(
'bundled_field',
['field1', 'field2'],
'bundled_field',
1024
);
const executor = new BundleExecutor({descriptor});
The grpc package provides a framework for implementing RPC (Remote Procedure Call) systems, which can be used to create client and server applications. It is similar to google-gax in that it is often used for communication with Google APIs, but it is a more general-purpose library that is not specific to Google.
Axios is a promise-based HTTP client for the browser and Node.js. It offers features like intercepting requests and responses, automatic transforms for JSON data, and client-side support for protecting against XSRF. While it does not provide the same API-specific extensions as google-gax, it is a popular choice for making HTTP requests in general.
The AWS SDK for JavaScript allows developers to interact with AWS services from Node.js. Similar to google-gax, it provides a set of tools for working with a specific cloud provider's APIs, but it is focused on Amazon Web Services rather than Google Cloud.
FAQs
Google API Extensions
The npm package google-gax receives a total of 3,612,244 weekly downloads. As such, google-gax popularity was classified as popular.
We found that google-gax demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.