Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
![Gitter](https://badges.gitter.im/Join Chat.svg)
Interfake is a tool which allows developers of client-side applications of any platform to easily create dummy HTTP APIs to develop against. Let's get started with a simple example.
If you don't want to use the JavaScript method to create your Interfake API, go read up on all the methods. Otherwise, read on.
Install Interfake in your project.
npm install interfake --save
Let's write a simple fake API:
var Interfake = require('interfake');
var interfake = new Interfake();
interfake.get('/whats-next').body({ next : 'more stuff '});
interfake.listen(3000); // The server will listen on port 3000
Now go to http://localhost:3000/whats-next in your browser (or curl
), and you will see the following:
{
"next":"more stuff"
}
You can also chain response properties:
var Interfake = require('interfake');
var interfake = new Interfake();
interfake.get('/whats-next').status(400).body({ error : 'such a bad request'});
interfake.listen(3000);
/*
# Request:
$ curl http://localhost:3000/whats-next -X GET
# Response:
400
{
"error":"such a bad request"
}
*/
You can use different HTTP methods:
var Interfake = require('interfake');
var interfake = new Interfake();
interfake.post('/next-items').status(201).body({ created : true });
interfake.listen(3000);
/*
# Request:
$ curl http://localhost:3000/next-items -X POST
# Response:
201
{
"created":true
}
*/
You can specify endpoints which should only be created once other ones have been hit.
var Interfake = require('interfake');
var interfake = new Interfake();
var postResponse = interfake.post('/next-items').status(201).body({ created : true });
postResponse.creates.get('/items/1').status(200).body({ id: 1, name: 'Item 1' });
postResponse.creates.get('/next-items').status(200).body({ items: [ { id: 1, name: 'Item 1' } ] });
interfake.listen(3000);
/*
# Request:
$ curl http://localhost:3000/next-items -X POST
# Response:
201
{
"created":true
}
# Request:
$ curl http://localhost:3000/items/1 -X GET
# Response:
200
{
"id":1
"name":"Item 1"
}
*/
You can even specify how endpoints should be extended once others have been hit.
var Interfake = require('interfake');
var interfake = new Interfake();
interfake.get('/items').status(200).body({ items: [ { id: 1, name: 'Item 1' } ] });
interfake.get('/items/1').status(200).body({ id: 1, name: 'Item 1' });
var postResponse = interfake.post('/items').status(201).body({ created : true });
postResponse.creates.get('/items/2').status(200).body({ id: 2, name: 'Item 2' });
postResponse.extends.get('/items').status(200).body({ items: [ { id: 2, name: 'Item 2' } ] });
interfake.listen(3000);
/*
# Request:
$ curl http://localhost:3000/items -X GET
# Response:
200
{
"items" : [
{
"id":1
"name":"Item 1"
}
]
}
# Request:
$ curl http://localhost:3000/items -X POST
# Response:
201
{
"created":true
}
# Request:
$ curl http://localhost:3000/items -X GET
# Response:
200
{
"items" : [
{
"id":1
"name":"Item 1"
},
{
"id":2
"name":"Item 2"
}
]
}
*/
There's more options, though, including delays, custom response headers, and handling query string parameters.
The majority of Interfake users will probably be interested in the JavaScript API, which is covered below. However, there are in fact three ways to use Interfake: JavaScript, on the Command Line (using static JSON files), or using an HTTP meta-API. These are covered in detail in the Wiki.
new Interfake(options)
: creates an Interfake object. Options are:
debug
: If true
, outputs lots of annoying but helpful log messages. Default is false
.path
: Sets the API root path. E.g. if api
is used then the route at /users
will be accessible at /api/path
#createRoute(route)
: Takes a JSON object with the following:
request
response
afterResponse
(optional)#listen(port, callback)
: Takes a port and starts the server, and a callback which executes when the server is running#stop()
: Stops the server if it's been started#serveStatic(path, directory)
: Serve static (usually a website) files from a certain path. This is useful for testing SPAs. (Example use.)#loadFile(path, options)
: Load a JSON file containing an Interfake-shaped API configuration. Options includes watch
, which, if true, means that the file loaded there will be reloaded when it changes.#get|post|put|patch|delete(url)
: Create an endpoint at the specified URL. Can then be followed by each of the following, which can follow each other too e.g. get().query().body().status().body().creates.get()
etc.
#query(queryParameters)
: An object containing query parameters to accept. Overwrites matching URL params. E.g. get('/a?b=1').query({b:2})
means /a?b=2
will work but /a?b=1
will not.#status(statusCode)
: Set the response status code for the endpoint#body(body)
: Set the JSON response body of the end point#proxy(url|options)
: The response should be a proxy of another URL. Currently, options accepts both url
and headers
properties. The headers
property specifies the headers which should be sent in the request to the proxy URL#delay(milliseconds)
: Set the number of milliseconds to delay the response by to mimic network of processing lag
#responseHeaders(headers)
: An object containing response headers. The keys are header names.#creates#get|post|put|patch|delete(url)
: Specify an endpoint to create after the first execution of this one. API is the same as above.#extends#get|post|put|patch|delete(url)
: Specify an endpoint to modify after the first execution of this one. API is the same as above. The endpoints you extend are matched based on url
and query
. The status
, body
, delay
and responseHeaders
are the extendable bits. Keep in mind that keys will be replaced, and arrays will be added to.Interfake supports JSONP. Just put ?callback
on the end of the URLs being called.
$ curl http://localhost:3000/whattimeisit?callback=handleSomeJson
By using Interfake's .serveStatic()
method, you can serve some front-end HTML, JavaScript and CSS which uses the API you've created as the backend. Not only does this massively speed up development time by not having to have a real API, it serves as a great prototype for the real API, and avoids having to mock requests. This is my most common use for Interfake.
If you'd like to develop an API-driven mobile application you might not yet have a finished API available. This is a perfect example of where Interfake is useful. You can quickly mock up some dummy APIs and work on the mobile application. In parallel, perhaps another developer will be creating the real API, or you could create it later.
You can use Interfake to create dummy APIs which use data from your test setup with the HTTP method above, or by using a static set of test data. If you're writing your test suite using a NodeJS library, you can use the JavaScript API.
The HTTP API is particularly useful for developing iOS Applications which uses Automated tests written in JavaScript, or developing Node.js applications which rely on external APIs.
For an example of how to do this, please see the web page test example.
There are a number of reasons you might want to proxy another API. Three of the more common ones are:
Interfake allows you to proxy another URL quite easily and also specify any headers you like while doing so, using the proxy
option.
interfake.get('/github-issues').proxy('https://api.github.com/repos/basicallydan/interfake/tags');
The example above creates a simple proxy against the URL https://api.github.com/repos/basicallydan/interfake/tags
and will return whatever a public, non-authorized user will see. However, consider an endpoint which requires authorization.
interfake.get('/github-issues').proxy({
url: 'https://api.github.com/repos/basicallydan/interfake/tags',
headers: {
'Authorization': 'Token qoinfiu13jfcikwkhf1od091dj0'
}
});
This example uses an authorization token to authorize the request. This is one of the common use-cases. However, the first one will easily solve CORS issues, and any other headers apart from Authorization
can be specified instead.
If you have a website or mobile application which only needs static data, deploy Interfake to a server somewhere with a JSON file serving up the data, and point your application at it.
I tested this on my Mac. If you have trouble on Windows or any other platform, raise an issue.
serveStatic
but also accidental new feature. Now, 404 responses include some text: the default express text too..serveStatic
was not working on Windows because of the directory being wrong..extends
methods to extend existing endpoints.delay()
was not allowing chaininglisten
so that you know when the server has started (by bruce-one)delay(10..50)
(by bruce-one)delay()
(by bruce-one)POST /_request
to be a 201, and POST /_requests
is now the path usedInterfake
instanceInterfake is a labour of love, created for front-end and mobile developers to increase their prototyping and development speeds. If you can contribute by getting through some issues, I would be very grateful. Please read more about how to contribute in the CONTRIBUTING.md document.
It's important that the tests all pass so we can keep this little badge green:
<3 Open Source!
Alun for reading this readme.
FAQs
A simple way to create dummy APIs
The npm package interfake receives a total of 83 weekly downloads. As such, interfake popularity was classified as not popular.
We found that interfake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.