Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-consumer-pact-interceptor
Advanced tools
A means to intercept outgoing requests for the purpose of validating consumer pacts
This is a pure nodejs implementation of the PACT system of mocking and testing system integration points. It is presently in an Alpha state and you should expect some bugs. Be sure to read the caveats below.
See the examples/passing-example
for the fastest way to get started.
(This assumes understanding of - Consumer driven contracts - The PACT v2 specification)
There is a JS DSL for creating pacts which is already compatible with the Pact v2 Spec. However, this requires the use of a ruby server with which to create assertions with.
We found that it was difficult to induct new developers into using this system and the incidental complexity barrier (often compounted by CI servers and docker-containers) was such that this became a real pain-point.
The interceptor is just wrapping the excellent MITM library which is catching outgoing HTTP requests at the NodeJS core level and allowing responses to be injected.
From a high-level, the interceptor waits for requests the URL it's watching and, once it receives them, it will try verify this against the PACT specification. If it fails to do so, it will return an assertion error, if there is no assertion failures it will respond as per the PACT specification.
FAQs
A means to intercept outgoing requests for the purpose of validating consumer pacts
We found that node-consumer-pact-interceptor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.