Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
polyfill-service
Advanced tools
Makes web development less frustrating by selectively polyfilling just what the browser needs. Use it on your own site, or as a service. For usage information see the hosted service, which formats and displays the service API documentation located in the docs folder.
git clone git@github.com:Financial-Times/polyfill-service.git
)npm install
(this will also run grunt build
which you will need to do again if you edit any polyfills)To run the app for development:
Run grunt dev
from the root of the working tree. This will watch your filesystem and automatically rebuild sources and restart if you make any changes to any of the app source code or polyfills. If you change the docs, library or service (docs
, lib
and service
directories) the service will be restarted. If you change the polyfills or polyfill configs (polyfills
directory), the polyfill sources will be recompiled before the service restarts, which makes the restart slightly slower.
By default, grunt dev
also deletes historic polyfills, for a faster build. If you want to run the service with the historic polyfill collections installed, run grunt installcollections buildsources service watch
instead.
To run the app for production:
Run npm start
. Monitoring the process and restarting it if necessary is left to you (and PaaS platforms like Heroku do this for you) but if you need a tool to start the service in the background and ensure it continues running, consider forever. It doesn't watch the filesystem for changes and you won't see any console output.
In either case, once the service is running, navigate to http://localhost:3000 in your browser (you can configure the port, see environment configuration below).
Alternatively, deploy straight to Heroku:
For an HTTP API reference, see the hosted service documentation.
The service reads a number of environment variables when started as a service, all of which are optional:
PORT
: The port on which to listen for HTTP requests (default 3000)FASTLY_SERVICE_ID
, FASTLY_API_KEY
: Used to fetch and render cache hit stats on the Usage page of the hosted documentation. If not specified, no stats will be shown.PINGDOM_CHECK_ID
, PINGDOM_API_KEY
, PINGDOM_ACCOUNT
, PINGDOM_USERNAME
, PINGDOM_PASSWORD
: Used to fetch and render uptime and response time stats on the Usage page of the hosted documentation. If not specified, no stats will be shown.GRAPHITE_HOST
: Host to which to send Carbon metrics. If not set, no metrics will be sent.GRAPHITE_PORT
: Port on the GRAPHITE_HOST
to which to send Carbon metrics (default 2002).SAUCE_USER_NAME
and SAUCE_API_KEY
: Sauce Labs credentials for grunt test tasks (not used by the service itself)NODE_ENV
: Name of environment. We use dev
, prod
, ci
or qa
. Just used for logging.ENABLE_ACCESS_LOG
: Any truthy value will enable writing an HTTP access log from Node. Useful if you are not running node behind a routing layer like nginx or heroku.When running a grunt task, including running the service via grunt dev
or grunt service
, you can optionally read environment config from a file called .env.json
in the root of the working tree. This is a convenient way of maintaining the environment config that you need for development. The .env.json
file is gitignored so will not be accidentally committed.
The Polyfill service can also be used as a library in NodeJS projects. To do this:
npm install polyfill-service --save
npm install
getPolyfillString(options)
(method)Returns a promise of a polyfill bundle string. Options is an object with the following keys:
uaString
: String, required. The user agent to evaluate for polyfills that should be included conditionallyminify
: Boolean, optional. Whether to minify the bundlefeatures
: Object, optional. An object with the features that are to be considered for polyfill inclusion. If not supplied, no features will be considered and the output will be blank. To load the default feature set, set features to {default:{}}
. Each feature must be an entry in the features object with the key corresponding to the name of the feature and the value an object with the following properties:
flags
: Array, optional. Array of flags to apply to this feature (see below)unknown
: String, optional. What to do when the user agent is not recognised. Set to polyfill
to return polyfills for all qualifying features, ignore
to return nothing. Defaults to ignore
.Flags that may be applied to polyfills are:
gated
: Wrap this polyfill in a feature-detect, to avoid overwriting the native implementationalways
: Include this polyfill regardless of the user-agentExample:
require('polyfill-service').getPolyfillString({
uaString: 'Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)',
minify: true,
features: {
'Element.prototype.matches': { flags: ['always', 'gated'] },
'modernizr:es5array': {}
}
}).then(function(bundleString) {
console.log(bundleString);
});
getPolyfills(options)
(method)Returns a promise of a set of features which are configured to be applied in browsers with the specified user agent string. Options is an object with the following keys:
uaString
: String, required. The user agent to evaluate for features that should be included conditionallyfeatures
: Object, optional. An object with the features that are to be considered for polyfill inclusion. If not supplied, all default features will be considered. Each feature must be an entry in the features object with the key corresponding to the name of the feature and the value an object with the following properties:
flags
: Array, optional. Array of flags to apply to this feature (see below)Example:
require('polyfill-service').getPolyfills({
uaString: 'Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)',
features: {
'Element.prototype.matches': { flags: ['always', 'gated'] },
'modernizr:es5array': {}
}
}).then(function(polyfillSet) {
console.log(polyfillSet);
});
listAllPolyfills()
(method)Return a promise of an array all the polyfills as an array of strings. This list corresponds to directories and subdirectories in the /polyfills
directory.
Example:
require('polyfill-service').listAllPolyfills();
Our deployment of polyfill.io uses Heroku. Refer to the following dashboards / accounts for access (FT employees only):
FAQs
A polyfill combinator
The npm package polyfill-service receives a total of 144 weekly downloads. As such, polyfill-service popularity was classified as not popular.
We found that polyfill-service demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.