Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
By Douglas Coburn - Sep 13, 2024
libnpmhook
Advanced tools
What is libnpmhook?
The libnpmhook package is a Node.js library for managing npm hooks. It allows you to create, list, update, and delete hooks for npm packages. This can be useful for automating workflows and integrating with other services.
What are libnpmhook's main functionalities?
Create Hook
This feature allows you to create a new npm hook for a package. The code sample demonstrates how to create a 'pre-publish' hook for 'my-package' with a specified endpoint and secret.
const libnpmhook = require('libnpmhook');
const createHook = async () => {
await libnpmhook.create({
name: 'my-package',
type: 'pre-publish',
endpoint: 'https://example.com/hook',
secret: 'my-secret'
}, {
token: 'your-npm-token'
});
};
createHook();List Hooks
This feature allows you to list all hooks for a specific npm package. The code sample demonstrates how to list hooks for 'my-package'.
const libnpmhook = require('libnpmhook');
const listHooks = async () => {
const hooks = await libnpmhook.ls('my-package', {
token: 'your-npm-token'
});
console.log(hooks);
};
listHooks();Update Hook
This feature allows you to update an existing npm hook for a package. The code sample demonstrates how to update the 'pre-publish' hook for 'my-package' with a new endpoint and secret.
const libnpmhook = require('libnpmhook');
const updateHook = async () => {
await libnpmhook.update({
name: 'my-package',
type: 'pre-publish',
endpoint: 'https://example.com/new-hook',
secret: 'new-secret'
}, {
token: 'your-npm-token'
});
};
updateHook();Delete Hook
This feature allows you to delete an existing npm hook for a package. The code sample demonstrates how to delete the 'pre-publish' hook for 'my-package'.
const libnpmhook = require('libnpmhook');
const deleteHook = async () => {
await libnpmhook.rm({
name: 'my-package',
type: 'pre-publish'
}, {
token: 'your-npm-token'
});
};
deleteHook();Other packages similar to libnpmhook
octokit
Octokit is a library for interacting with GitHub's REST API. While it is not specifically for npm hooks, it provides similar functionality for managing webhooks in GitHub repositories. It offers a broader range of features for GitHub integration compared to libnpmhook, which is focused solely on npm hooks.
node-github
Node-GitHub is another library for interacting with GitHub's API. It allows you to manage webhooks, issues, repositories, and more. Similar to Octokit, it provides webhook management but is not limited to npm packages, offering a wider scope of GitHub-related functionalities.
webhooks.js
Webhooks.js is a lightweight library for creating and managing webhooks. It is not specific to npm or GitHub but can be used to handle webhooks for various services. It provides a more general approach to webhook management compared to the specialized npm hook management offered by libnpmhook.
libnpmhook
libnpmhook is a Node.js library for
programmatically managing the npm registry's server-side hooks.
For a more general introduction to managing hooks, see the introductory blog post.
Table of Contents
Example
const hooks = require('libnpmhook')
console.log(await hooks.ls('mypkg', {token: 'deadbeef'}))
// array of hook objects on `mypkg`.
Install
$ npm install libnpmhook
API
opts for libnpmhook commands
libnpmhook uses npm-registry-fetch.
All options are passed through directly to that library, so please refer to its
own opts
documentation
for options that can be passed in.
A couple of options of note for those in a hurry:
opts.token- can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.opts.otp- certain operations will require an OTP token to be passed in. If alibnpmhookcommand fails witherr.code === EOTP, please retry the request with{otp: <2fa token>}
> hooks.add(name, endpoint, secret, [opts]) -> Promise
name is the name of the package, org, or user/org scope to watch. The type is
determined by the name syntax: '@foo/bar' and 'foo' are treated as packages,
@foo is treated as a scope, and ~user is treated as an org name or scope.
Each type will attach to different events.
The endpoint should be a fully-qualified http URL for the endpoint the hook
will send its payload to when it fires. secret is a shared secret that the
hook will send to that endpoint to verify that it's actually coming from the
registry hook.
The returned Promise resolves to the full hook object that was created,
including its generated id.
See also: POST /v1/hooks/hook
Example
await hooks.add('~zkat', 'https://example.com/api/added', 'supersekrit', {
token: 'myregistrytoken',
otp: '694207'
})
=>
{ id: '16f7xoal',
username: 'zkat',
name: 'zkat',
endpoint: 'https://example.com/api/added',
secret: 'supersekrit',
type: 'owner',
created: '2018-08-21T20:05:25.125Z',
updated: '2018-08-21T20:05:25.125Z',
deleted: false,
delivered: false,
last_delivery: null,
response_code: 0,
status: 'active' }
> hooks.find(id, [opts]) -> Promise
Returns the hook identified by id.
The returned Promise resolves to the full hook object that was found, or error
with err.code of 'E404' if it didn't exist.
See also: GET /v1/hooks/hook/:id
Example
await hooks.find('16f7xoal', {token: 'myregistrytoken'})
=>
{ id: '16f7xoal',
username: 'zkat',
name: 'zkat',
endpoint: 'https://example.com/api/added',
secret: 'supersekrit',
type: 'owner',
created: '2018-08-21T20:05:25.125Z',
updated: '2018-08-21T20:05:25.125Z',
deleted: false,
delivered: false,
last_delivery: null,
response_code: 0,
status: 'active' }
> hooks.rm(id, [opts]) -> Promise
Removes the hook identified by id.
The returned Promise resolves to the full hook object that was removed, if it
existed, or null if no such hook was there (instead of erroring).
See also: DELETE /v1/hooks/hook/:id
Example
await hooks.rm('16f7xoal', {
token: 'myregistrytoken',
otp: '694207'
})
=>
{ id: '16f7xoal',
username: 'zkat',
name: 'zkat',
endpoint: 'https://example.com/api/added',
secret: 'supersekrit',
type: 'owner',
created: '2018-08-21T20:05:25.125Z',
updated: '2018-08-21T20:05:25.125Z',
deleted: true,
delivered: false,
last_delivery: null,
response_code: 0,
status: 'active' }
// Repeat it...
await hooks.rm('16f7xoal', {
token: 'myregistrytoken',
otp: '694207'
})
=> null
> hooks.update(id, endpoint, secret, [opts]) -> Promise
The id should be a hook ID from a previously-created hook.
The endpoint should be a fully-qualified http URL for the endpoint the hook
will send its payload to when it fires. secret is a shared secret that the
hook will send to that endpoint to verify that it's actually coming from the
registry hook.
The returned Promise resolves to the full hook object that was updated, if it
existed. Otherwise, it will error with an 'E404' error code.
See also: PUT /v1/hooks/hook/:id
Example
await hooks.update('16fxoal', 'https://example.com/api/other', 'newsekrit', {
token: 'myregistrytoken',
otp: '694207'
})
=>
{ id: '16f7xoal',
username: 'zkat',
name: 'zkat',
endpoint: 'https://example.com/api/other',
secret: 'newsekrit',
type: 'owner',
created: '2018-08-21T20:05:25.125Z',
updated: '2018-08-21T20:14:41.964Z',
deleted: false,
delivered: false,
last_delivery: null,
response_code: 0,
status: 'active' }
> hooks.ls([opts]) -> Promise
Resolves to an array of hook objects associated with the account you're authenticated as.
Results can be further filtered with three values that can be passed in through
opts:
opts.package- filter results by package nameopts.limit- maximum number of hooks to returnopts.offset- pagination offset for results (use withopts.limit)
See also:
Example
await hooks.ls({token: 'myregistrytoken'})
=>
[
{ id: '16f7xoal', ... },
{ id: 'wnyf98a1', ... },
...
]
> hooks.ls.stream([opts]) -> Stream
Returns a stream of hook objects associated with the account you're
authenticated as. The returned stream is a valid Symbol.asyncIterator on
node@>=10.
Results can be further filtered with three values that can be passed in through
opts:
opts.package- filter results by package nameopts.limit- maximum number of hooks to returnopts.offset- pagination offset for results (use withopts.limit)
See also:
Example
for await (let hook of hooks.ls.stream({token: 'myregistrytoken'})) {
console.log('found hook:', hook.id)
}
=>
// outputs:
// found hook: 16f7xoal
// found hook: wnyf98a1
FAQs
programmatic API for managing npm registry hooks
We found that libnpmhook demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 15 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Wildcard Gamble: Understanding the Risks of Floating Dependency Ranges in npm
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
By Sarah Gooding - Sep 13, 2024
Security News
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.
By Sarah Gooding - Sep 12, 2024