Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Official JavaScript client for steelpenny.
Ensure Node.js (version 6+) and npm are set up on your machine. To install Halfpenny in your project, simply run:
npm install halfpenny --save
This persists Haflpenny to your package.json. You can now use it in your application code:
const Halfpenny = require('halfpenny');
The easiest way to get started with Halfpenny is to use the Halfpenny.factory
static method:
const Halfpenny = require('halfpenny');
const myHalfpenny = Halfpenny.factory();
This configures a Halfpenny
instance using environment-specific configuration from coins-deposit-box. Alternatively, you can override configuration:
const Halfpenny = require('halfpenny');
const myHalfpenny = Halfpenny.factory({
baseUrl: 'http://localhost:8800',
});
The options are:
authCookieName
<String>
: Authentication cookie’s name.baseUrl
<String>
: Base URL for the API server.storage
<Object>
: Storage instance for persisting authentication credentials. This defaults to localStorage
in browsers, or dom-storage in Node.js.Halfpenny is a minimal, lightweight API client: it exposes the essential functionality required for COINS ecosystem applications. This includes:
All other required functionality for an application should be placed in application code. Halfpenny exposes methods to assist in API requests.
Halfpenny#get(endpoint)
endpoint
<String>
: API route’s endpointMake a HTTP GET
request with the specified endpoint
to the API. Returns a Promise
.
hp.get('/scans')
.then((response) => {
const scans = response.data.data;
console.log('Received scans!', scans);
})
.catch((response) => {
console.error('Request error!', response.error);
});
Halfpenny#post(endpoint[, data])
endpoint
<String>
: API route’s endpointdata
<String> | <Object>
: Payload to send with the requestMake a HTTP POST
request with the specified endpoint
to the API. Optionally, send data
in the request body. Returns a Promise
.
hp.post('/scans', {
label: 'My great scan!',
segmentInterval: 1,
studyId: 123,
scannerId: 5,
operatorId: 9,
ursi: 'M123456789',
// ...
})
.then((response) => {
const newScan = response.data.data[0];
console.log('New scan created!', newScan);
})
.catch((response) => {
console.error('Request error!', response.error);
});
Halfpenny#put(endpoint[, data])
endpoint
<String>
: API route’s endpointdata
<String> | <Object>
: Payload to send with the requestMake a HTTP PUT
request with the specified endpoint
to the API. Optionally, send data
in the request body. Returns a Promise
.
hp.put('/scans/123', {
subjectMass: 120,
subjectMassUnits: 'LBS',
subjectAge: 18,
notes: 'The subject ate a bagel prior to scan',
})
.then((response) => {
const updatedScan = response.data.data[0];
console.log('Scan updated!', updatedScan);
})
.catch((response) => {
console.error('Request error!', response.error);
});
Halfpenny#delete(endpoint[, data])
endpoint
<String>
: API route’s endpointdata
<String> | <Object>
: Payload to send with the requestMake a HTTP DELETE
request with the specified endpoint
to the API. Optionally, send data
in the request body. Returns a Promise
.
hp.delete('/scans/123')
.then((response) => {
const removedScan = respones.data.data[0];
console.log('Scan deleted!', removedScan)
})
.catch((response) => {
console.error('Request error!', response.error);
});
Halfpenny allows you to override the default request engine (axios) with a custom one. Pass it as a parameter on config.requestEngine
to the constructor:
const coinsDepositBox = require('coins-deposit-box');
const Halfpenny = require('halfpenny');
const jQuery = require('jquery');
const hp = new Halfpenny({
authCookieName: coinsDepositBox.cookieName,
baseUrl: coinsDepositBox.apiURL,
storage: localStorage,
requestEngine: jQuery.ajax,
});
Halfpenny uses the private Halfpenny#mapRequestOptions
method on every request to transform the request options. Override this method to map arguments to the new request engine:
const cloneDeep = require('lodash/cloneDeep');
hp.mapRequestOptions = (requestOptions) => {
const opts = cloneDeep(requestOptions);
delete ops.withCredentials;
opts.xhrFields = {
withCredentials: true,
};
return opts;
};
Run npm run docs
to generate API documentation, which is output in the docs directory as webpages.
npm run lint
to lint the project’s source and test files.npm test
to run the project’s tests.MIT. See LICENSE for details.
FAQs
Official JavaScript client for steelpenny.
The npm package halfpenny receives a total of 4 weekly downloads. As such, halfpenny popularity was classified as not popular.
We found that halfpenny demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.