Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
http-assert
Advanced tools
The http-assert npm package is a simple assertion library for HTTP server testing. It allows developers to assert certain conditions and automatically throw HTTP errors when those conditions are not met. This can help to streamline error handling in HTTP applications by providing a declarative way to validate requests and ensure that the server responds with the correct status codes and messages when something goes wrong.
Asserting conditions with HTTP error codes
This feature allows you to assert a condition and throw an HTTP error with a specific status code and message if the condition is false. In the code sample, if the user is not found, a 404 error with the message 'User not found' is thrown.
const assert = require('http-assert');
// Example usage in an Express route handler
app.get('/user/:id', (req, res, next) => {
const user = getUserById(req.params.id);
assert(user, 404, 'User not found');
res.send(user);
});
Custom error properties
This feature allows you to add custom properties to the error object. In the code sample, if authentication fails, a 401 error is thrown with additional information about the user that attempted to log in.
const assert = require('http-assert');
// Example usage with custom error properties
app.post('/login', (req, res, next) => {
const user = authenticate(req.body.username, req.body.password);
assert(user, 401, 'Authentication failed', { user: req.body.username });
res.send('Logged in successfully');
});
The 'assert' module is a simple assertion library that comes with Node.js. It provides basic assertion tests and is used primarily for testing. Unlike 'http-assert', it does not automatically map assertions to HTTP error codes.
Chai-http is an assertion library that can be used with the Chai assertion library for HTTP server testing. It provides a more fluent API for testing HTTP servers and includes assertions specifically designed for HTTP interactions. It is more feature-rich compared to 'http-assert' but also more complex.
Supertest is a library for testing Node.js HTTP servers. It provides a high-level abstraction for testing HTTP, while allowing you to assert the HTTP response. It is not an assertion library per se, but it integrates well with assertion libraries to provide a full testing solution.
Assert with status codes. Like ctx.throw() in Koa, but with a guard.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install http-assert
var assert = require('http-assert')
var ok = require('assert')
var username = 'foobar' // username from request
try {
assert(username === 'fjodor', 401, 'authentication failed')
} catch (err) {
ok(err.status === 401)
ok(err.message === 'authentication failed')
ok(err.expose)
}
The API of this module is intended to be similar to the
Node.js assert
module.
Each function will throw an instance of HttpError
from
the http-errors
module
when the assertion fails.
Tests if value
is truthy. If value
is not truthy, an HttpError
is thrown that is constructed with the given status
, message
,
and properties
.
Tests for deep equality between a
and b
. Primitive values are
compared with the Abstract Equality Comparison (==
). If a
and b
are not equal, an HttpError
is thrown that is constructed with the
given status
, message
, and properties
.
Tests shallow, coercive equality between a
and b
using the Abstract
Equality Comparison (==
). If a
and b
are not equal, an HttpError
is thrown that is constructed with the given status
, message
,
and properties
.
Always throws an HttpError
that is constructed with the given status
,
message
, and properties
.
Tests for deep equality between a
and b
. Primitive values are
compared with the Abstract Equality Comparison (==
). If a
and b
are equal, an HttpError
is thrown that is constructed with the given
status
, message
, and properties
.
Tests shallow, coercive equality between a
and b
using the Abstract
Equality Comparison (==
). If a
and b
are equal, an HttpError
is
thrown that is constructed with the given status
, message
, and
properties
.
Tests strict equality between a
and b
as determined by the SameValue
Comparison (===
). If a
and b
are equal, an HttpError
is thrown
that is constructed with the given status
, message
, and properties
.
Tests if value
is truthy. If value
is not truthy, an HttpError
is thrown that is constructed with the given status
, message
,
and properties
.
Tests strict equality between a
and b
as determined by the SameValue
Comparison (===
). If a
and b
are not equal, an HttpError
is thrown that is constructed with the given status
, message
,
and properties
.
FAQs
assert with status codes
The npm package http-assert receives a total of 2,244,871 weekly downloads. As such, http-assert popularity was classified as popular.
We found that http-assert demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.