Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The 'ow' npm package is a powerful and expressive validation library for Node.js. It allows developers to validate arguments and inputs in a concise and readable manner. 'ow' provides a variety of built-in validators and supports custom validation logic, making it a versatile tool for ensuring data integrity in applications.
Basic Type Validation
This feature allows you to validate the type of a variable. In this example, the function `validateString` checks if the input is a string. If the input is not a string, an error is thrown.
const ow = require('ow');
const validateString = (input) => {
ow(input, ow.string);
};
validateString('Hello, World!'); // Passes
validateString(123); // Throws an error
Complex Object Validation
This feature allows you to validate the shape and properties of an object. In this example, the function `validateUser` checks if the user object has a `name` property that is a string with a minimum length of 3 and an `age` property that is a positive integer.
const ow = require('ow');
const validateUser = (user) => {
ow(user, ow.object.exactShape({
name: ow.string.minLength(3),
age: ow.number.integer.positive
}));
};
validateUser({ name: 'Alice', age: 25 }); // Passes
validateUser({ name: 'Al', age: -5 }); // Throws an error
Custom Validation
This feature allows you to create custom validation logic. In this example, the function `validateEvenNumber` checks if the input is an even number. If the input is not an even number, an error is thrown with a custom message.
const ow = require('ow');
const validateEvenNumber = (input) => {
ow(input, ow.number.validate(n => ({
validator: n % 2 === 0,
message: 'Expected an even number'
})));
};
validateEvenNumber(4); // Passes
validateEvenNumber(3); // Throws an error
Joi is a powerful schema description language and data validator for JavaScript. It allows you to create blueprints or schemas for JavaScript objects to ensure validation of key information. Compared to 'ow', Joi offers a more extensive API and is widely used in the industry for complex validation tasks.
Yup is a JavaScript schema builder for value parsing and validation. It is similar to Joi but is often preferred for its simplicity and ease of use, especially in React applications. Yup provides a fluent API for object schema validation and is highly customizable.
Validator is a library of string validators and sanitizers. It is less comprehensive than 'ow' but is highly efficient for validating and sanitizing strings. Validator is often used for simple validation tasks such as checking email formats, URLs, and other string-based validations.
Function argument validation for humans
$ npm install ow
import ow from 'ow';
const unicorn = input => {
ow(input, ow.string.minLength(5));
// …
};
unicorn(3);
//=> ArgumentError: Expected `input` to be of type `string` but received type `number`
unicorn('yo');
//=> ArgumentError: Expected string `input` to have a minimum length of `5`, got `yo`
We can also match the shape of an object.
import ow from 'ow';
const unicorn = {
rainbow: '🌈',
stars: {
value: '🌟'
}
};
ow(unicorn, ow.object.exactShape({
rainbow: ow.string,
stars: {
value: ow.number
}
}));
//=> ArgumentError: Expected property `stars.value` to be of type `number` but received type `string` in object `unicorn`
Test if value
matches the provided predicate
. Throws an ArgumentError
if the test fails.
Test if value
matches the provided predicate
. Throws an ArgumentError
with the specified label
if the test fails.
The label
is automatically inferred in Node.js but you can override it by passing in a value for label
. The automatic label inference doesn't work in the browser.
Returns true
if the value matches the predicate, otherwise returns false
.
Create a reusable validator.
const checkPassword = ow.create(ow.string.minLength(6));
const password = 'foo';
checkPassword(password);
//=> ArgumentError: Expected string `password` to have a minimum length of `6`, got `foo`
Create a reusable validator with a specific label
.
const checkPassword = ow.create('password', ow.string.minLength(6));
checkPassword('foo');
//=> ArgumentError: Expected string `password` to have a minimum length of `6`, got `foo`
Returns a predicate that verifies if the value matches at least one of the given predicates.
ow('foo', ow.any(ow.string.maxLength(3), ow.number));
Makes the predicate optional. An optional predicate means that it doesn't fail if the value is undefined
.
ow(1, ow.optional.number);
ow(undefined, ow.optional.number);
All the below types return a predicate. Every predicate has some extra operators that you can use to test the value even more fine-grained.
int8Array
uint8Array
uint8ClampedArray
int16Array
uint16Array
int32Array
uint32Array
float32Array
float64Array
The following predicates are available on every type.
Inverts the following predicate.
ow(1, ow.number.not.infinite);
ow('', ow.string.not.empty);
//=> ArgumentError: [NOT] Expected string to be empty, got ``
Use a custom validation function. Return true
if the value matches the validation, return false
if it doesn't.
ow(1, ow.number.is(x => x < 10));
ow(1, ow.number.is(x => x > 10));
//=> ArgumentError: Expected `1` to pass custom validation function
Instead of returning false
, you can also return a custom error message which results in a failure.
const greaterThan = (max: number, x: number) => {
return x > max || `Expected \`${x}\` to be greater than \`${max}\``;
};
ow(5, ow.number.is(x => greaterThan(10, x)));
//=> ArgumentError: Expected `5` to be greater than `10`
MIT
FAQs
Function argument validation for humans
The npm package ow receives a total of 740,008 weekly downloads. As such, ow popularity was classified as popular.
We found that ow demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.