Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
http-problem-details-mapper
Advanced tools
Based on http-problem-details
(repository | npm), this library allows you to map your Node.js errors to HTTP Problem details by convention.
npm install http-problem-details-mapper
or
yarn add http-problem-details-mapper
Make sure to have the peer dependency http-problem-details
installed as well.
http-problem-details-mapper
is part of a set of libraries you can use to create HTTP Problem Details documents (by means of http-problem-details
(RFC 7807) and map Errors (or literally everything) into an HTTP Problem Document.
http-problem-details-mapper
can be used to build a mapping middleware or plugin for your HTTP library of choice.
There's already a mapping middleware available for express
: express-http-problem-details
.
http-problem-details-mapper
provides several classes you need to use:
MapperRegistry
which holds an arbitrary number of ErrorMapper
instances you implementMappingStrategy
which has a MapperRegistry
containing the ErrorMapper
instancesErrorMapper
itself maps an object (typically one of your Error
types) to a ProblemDocument
The typical workflow with http-problem-details-mapper
is this:
First, you implement an Error
class NotFoundError extends Error {
constructor (options) {
const { type, id } = options
super()
Error.captureStackTrace(this, this.constructor)
this.message = `${type} with id ${id} could not be found.`
}
}
Next, you implement an ErrorMapper
(in TypeScript you can use an IErrorMapper
interface to implement a mapper from scratch):
import { ErrorMapper } from 'http-problem-details-mapper'
import { ProblemDocument } from 'http-problem-details'
class NotFoundErrorMapper extends ErrorMapper {
constructor () {
super(NotFoundError)
}
mapError (error) {
return new ProblemDocument({
status: 404,
title: error.message,
type: 'http://tempuri.org/NotFoundError'
})
}
}
Then, create the IMappingStrategy
implementation:
class MyMappingStrategy {
constructor (registry) {
this.registry = registry
}
map (error) {
const err = error
const errorMapper = this.registry.getMapper(error)
if (errorMapper) {
return errorMapper.mapError(err)
}
// alternatively, return a generic problem document
throw new Error('Could not map error')
}
}
Finally, create an instance of MyMappingStrategy
and map an registered error type.
import { MapperRegistry } from 'http-problem-details-mapper'
const strategy = new MyMappingStrategy(
new MapperRegistry()
.registerMapper(new NotFoundErrorMapper()))
const error = new NotFoundError({ type: 'customer', id: '123' })
const problem = strategy.map()
console.log(problem)
The result will be like this:
{
"status": 404,
"title": "customer with id 123 could not be found.",
"type": "http://tempuri.org/NotFoundError"
}
MapperRegistry
also by default has a mapper named DefaultErrorMapper
which maps generic Error
instances to HTTP status code 500 problem documents. MapperRegistry
also has an option useDefaultErrorMapper
of type boolean
which allows you to disable the DefaultErrorMapper
so you can register your own IErrorMapper
for Error
.
There's another mapper named StatusCodeErrorMapper
which simply acts as a factory for ProblemDocuments
where you only want to provide an HTTP error status code:
import { StatusCodeErrorMapper } from 'http-problem-details-mapper'
const problem = StatusCodeErrorMapper.mapStatusCode(400)
Similar to the DefaultErrorMapper
there's also a DefaultMappingStrategy
which you can use if you have no specific requirements regarding the mapping behavior.
It can be used like this:
import { MapperRegistry, DefaultMappingStrategy } from 'http-problem-details-mapper'
const strategy = new DefaultMappingStrategy(
new MapperRegistry()
.registerMapper(new NotFoundErrorMapper()))
const error = new NotFoundError({ type: 'customer', id: '123' })
const problem = strategy.map()
console.log(problem)
npm test
or
yarn test
This project is just getting off the ground and could use some help with cleaning things up and refactoring.
If you want to contribute - we'd love it! Just open an issue to work against so you get full credit for your fork. You can open the issue first so we can discuss and you can work your fork as we go along.
If you see a bug, please be so kind as to show how it's failing, and we'll do our best to get it fixed quickly.
Before sending a PR, please create an issue to introduce your idea and have a reference for your PR.
We're using conventional commits, so please use it for your commits as well.
Also please add tests and make sure to run npm run lint-ts
or yarn lint-ts
.
MIT License
Copyright (c) 2019 PDMLab
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Mapper functions for http-problem-details
The npm package http-problem-details-mapper receives a total of 3,596 weekly downloads. As such, http-problem-details-mapper popularity was classified as popular.
We found that http-problem-details-mapper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.