Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
![Build status](https://api.cirrus-ci.com/github/soundcloud/intervene.svg) ![node.js 8](https://api.cirrus-ci.com/github/soundcloud/intervene.svg?task=test_node8) ![node.js 10](https://api.cirrus-ci.com/github/soundcloud/intervene.svg?task=test_node10) ![
Hassle free HTTP(S) API proxying for development
Quickly mock endpoints in HTTP(S) APIs, edit requests and responses, proxy everything else to the real API.
Let's say you've got a website that accesses your API at https://mycompany.com/api. There's a GET /api/cat
that returns some JSON information (name
, color
, image
) about a cat. You're planning a major update in the backend to add GET /api/dog
. It's going to take the backend developers a few days to get that implemented, but you want to start work on the frontend already.
Run this on the command line (Mac or Linux)
intervene create https://mycompany.com
It's going to ask for admin privileges because it needs to override some things. It creates a file called mycompany.com.ts
, which is an intervene
config. Leave the process running and open the file.
import { ProxyConfig, routeBuilder } from '/Users/foo/Library/node_modules/intervene';
const config: ProxyConfig = {
target: 'https://mycompany.com',
routes: {
// Some example configurations follow
// ...
}
};
export default config;
(Don't worry about path in the import
statement. It's going to depend on how you installed intervene
, but it is smart enough to automatically patch the path at runtime when importing the config)
You should see the site still works as normal (in chrome at least, you'll get a certificate warning in Firefox which you'll need to accept). GET /api/cat
still responds the same.
Now let's change the configuration to include a new route:
const config: ProxyConfig = {
target: 'https://mycompany.com',
routes: {
'/api/dog': {
name: 'Fido',
color: 'Beige',
image: 'https://dogimages.com/bestdog.jpg'
}
}
};
Save the file (no need to restart the intervene
process, it will notice and restart itself.
Now, if you curl -k https://mycompany.com/api/dog
, you'll get the JSON specified in the file. curl -k https://mycompany.com/api/cat
still responds the same, because it proxies through to the real https://mycompany.com
.
Another update is planned to also return the age
of the cat. You don't want to mock the whole endpoint, you just want to add the age
property to whatever the real backend returns.
Let's make a method endpoint.
const config: ProxyConfig = {
target: 'https://mycompany.com',
routes: {
'/api/dog': {
name: 'Fido',
color: 'Beige',
image: 'https://dogimages.com/bestdog.jpg'
},
'/api/cat': async (req, h, proxy) => {
const response = await proxy();
response.body.age = 7;
return response;
}
}
};
Save the file again, and the https://mycompany.com/api/cat endpoint now has an added age
property, with the rest of the response exactly as returned by the real server.
See the documentation at https://intervene.dev
FAQs
_Hassle free HTTP(S) API proxying for development_
The npm package intervene receives a total of 1 weekly downloads. As such, intervene popularity was classified as not popular.
We found that intervene demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.