Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
grunt-connect-prism
Advanced tools
Record, mock, and proxy HTTP traffic using the connect-prism middleware.
Record, mock, and proxy HTTP traffic using the connect-prism middleware.
This plugin requires Grunt ~0.4.1
and the grunt-contrib-connect ~0.7.1
plugin to already be installed.
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins. Once you're familiar with that process, you may install this plugin with this command:
npm install grunt-connect-prism --save-dev
One the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.loadNpmTasks('grunt-connect-prism');
This grunt plugin is a wrapper around the connect-prism middleware.
Prism is similar to the Ruby project VCR.
The purpose of this plugin is to provide an easy way for front end developers to record HTTP responses returned by their API (or some other remote source) and then be able replay the responses in the future. It's basically an HTTP cache, but for developers working on a Single Page Application (SPA).
It's useful for mocking complex & high latency API calls during development. It's also useful when writing e2e tests for your SPA only, removing the server from the equation. This results in much faster execution of your e2e test suite.
Prism works by adding a custom connect middleware to the connect server provided by the grunt-contrib-connect plugin.
There are currently 4 supported modes of operation.
The record mode will allow you to both record and proxy all HTTP traffic for a certain endpoint on your connect development server. For example, if in production your API sits at an endpoint /api
then you may be currently proxying requests to a server you're hosting locally on another port or to an integration machine somewhere else. You may have also attempted to mock out services that make HTTP calls in your client side code itself. While in record mode you can navigate your application and trigger all the types of API calls you would like to have recorded. Prism will then listen for responses and serialize them to disk. When you want to read these responses instead of proxying traffic to the real server you shutdown and switch to the 'mock' mode.
To make mocks more readable, responses with a content-type of json
or javascript
will have their data stringified as an object. If the content-type is anything other than json or if stringification fails then it falls back to a string.
If the server returns a compressed response (gzip or deflate are supported), then prism will decompress the payload when recording the response.
Example mock generated:
{
"requestUrl": "/api/ponies",
"contentType": "application/json",
"statusCode": 200,
"data": {
"text": "my little ponies"
}
}
The mock (read) mode will listen for requests to a certain endpoint. When a request matches an endpoint it will attempt to find a previously recorded response in the directory you defined mocks to be saved in (./mocks by default).
If a matching response is not found then prism will return a 404. Prism will also create a mock during a 404. This is useful when you want to mock API endpoints that may not exist yet. To avoid having the subsequent request from returning the generated empty mock, the file has a .404 extension. To use the mock, populate it with the appropriate values and remove the .404 extension. This feature was contributed by Miloš Mošovský.
As its name implies this operation will mock and record. This mode will first attempt to load a mock if one exists. If a mock does not exist it will then proxy the request and record the response instead of returning a 404.
And finally, prism supports simple proxying in much the same way as the grunt-connect-proxy plugin works. In fact, this plugin is heavily inspired by that project. While in proxy mode, listening events for recording and mocking are disabled.
This configuration is based on a modification to the connect middleware configuration that the yeoman angular-generator will create.
connect: {
livereload: {
options: {
middleware: function(connect) {
return [
require('grunt-connect-prism/middleware'),
connect.static('.tmp'),
connect().use(
'/bower_components',
connect.static('./bower_components')
),
connect.static(appConfig.app)
];
}
}
}
}
In your project's Gruntfile, add a section named prism
.
You can add all the options in the root task options, in a target options, or a mix of both (where the target options will inherit from the root options). If only the root prism options are provided than a prism instance with the name 'default' will be created.
i.e)
prism: {
options: {
mode: 'record',
host: 'localhost',
port: 8090,
context: '/api'
}
}
You can create multiple prism targets in the standard convention of grunt configuration. grunt-connect-prism
will create a directory in the mocksPath
directory named after the target.
i.e.)
prism: {
options: {
host: 'localhost',
port: 8090,
https: true,
mocksPath: './stubs',
useApi: true
},
server: {
options: {
mode: 'record',
context: '/api'
}
}
}
Typically you will want to run your prism task while you're running your development server, or while e2e tests are running. There are several different ways to add prism tasks to the grunt task queue.
Usage)
'prism[:target[:mode]]'
If 'prism'
is executed by itself then all prism targets will be created.
If a target is supplied (i.e. 'prism:targetOne'
) then only that prism target instance will be created.
If a target and mode are supplied (i.e. 'prism:targetOne:record'
) then only that prism target instance will be created and will be in the record mode.
Basic grunt serve
example.
grunt.registerTask('serve', function () {
grunt.task.run([
'clean:server',
'compass:server',
'prism',
'livereload-start',
'connect:livereload',
'open',
'watch'
]);
});
Target and mode override example (i.e. grunt serve:targetOne:record
).
grunt.registerTask('serve', function (target, prismMode) {
grunt.task.run([
'clean:server',
'compass:server',
'prism:' + target + ':' + prismMode, /* see mode configuration for more details */
'livereload-start',
'connect:livereload',
'open',
'watch'
]);
});
Options pass through directly to connect-prism
. See Options section in connect-prism
.
The API can be enabled in the root prism configuration. The API is disabled by default.
prism: {
options: {
useApi: true
}
}
See the API features section in connect-prism
for more details.
FAQs
Record, mock, and proxy HTTP traffic using the connect-prism middleware.
We found that grunt-connect-prism demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.