Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
node-consumer-pact-interceptor
Advanced tools
A means to intercept outgoing requests for the purpose of validating consumer pacts
This is a pure nodejs implementation of the PACT system of mocking and testing system integration points. It is presently in an Alpha state and you should expect some bugs. Be sure to read the caveats below.
See the test/test.js
for the fastest way to get started.
(This assumes understanding of - Consumer driven contracts - The PACT v2 specification)
There is a JS DSL for creating pacts which is already compatible with the Pact v2 Spec. However, this requires the use of a ruby server with which to create assertions with.
We found that it was difficult to induct new developers into using this system and the incidental complexity barrier (often compounded by CI servers and docker-containers) was such that this became a real pain-point.
The interceptor is just wrapping the excellent MITM library which is catching outgoing HTTP requests at the NodeJS core level and allowing responses to be injected.
From a high-level, the interceptor waits for requests the URL it's watching and, once it receives them, it will try verify this against the PACT specification. If it fails to do so, it will return an assertion error, if there is no assertion failures it will respond as per the PACT specification.
As yet this does not fully implement Pact V2. At the time of writing I have been unable to fully meet the requirements of nested type-matching.
Outgoing HTTP or socket requests which are not part of the pact test are going to be blocked. This is unfortunate and less than ideal. I have not yet found a way to use MITM's API to allow HTTP requests on a per-url basis.
FAQs
A means to intercept outgoing requests for the purpose of validating consumer pacts
The npm package node-consumer-pact-interceptor receives a total of 1 weekly downloads. As such, node-consumer-pact-interceptor popularity was classified as not popular.
We found that node-consumer-pact-interceptor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.