Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A web framework designed for things to come.[1]
import { createServer } from 'http';
import { createApp, respond } from 'quinn';
const app = createApp(req => respond({ body: 'Hello World!' }));
createServer(app).listen(3000);
A potentially async function that takes a request and returns a response.
function handler(request) {
return result;
}
Request
An http.IncomingMessage
.
There are no additional properties or magical extension methods.
DispatchResult
Either a VirtualResponse
[2] or undefined
.
If it's undefined
, the handler was unable to handle the given request.
E.g. the handler implements routing logic and no route matched the given url.
respond
The respond
function is the primary means to create VirtualResponse
instances.
It takes one of three possible values:
VirtualResponse
instance that will be returned unchanged.
This ensures that calling respond
multiple times is idempotent.statusCode
,
headers
object, and/or a body
property.The body
can be one of the following:
Uint8Array
.null
.VirtualResponse
A pass-through stream describing the response that should be returned. While it might have additional utility functions, only the following properties and methods should be relied on:
response.setHeader(name, value)
response.getHeader(name)
response.removeHeader(name)
response.statusCode
response.write(chunk[, encoding][, callback])
response.end([data][, encoding][, callback])
The behavior of each should match ServerResponse
.
All headers and the status code should be forwarded
when the response is piped to a target.
The statusCode
by setting the property,
the headers by calls to setHeader
on the target, one header at a time.
A VirtualResponse
can either be piped to a target stream
or forwarded using response.forwardTo(req, res)
.
Lazy bodies are only supported when using forwardTo
.
When using forwardTo
, it will return a promise
that resolves once the response has been successfully written.
import express from 'express';
import { createApp as quinn, respond } from 'quinn/express';
const app = express();
app.get('/quinn-route', quinn(req => respond({ body: 'Hello World!' })));
Most of these are based on JSGI. Which would make sense if node wouldn't include an http server.
[1] In other words: an experimental mess.
[2] Because buzz word.
FAQs
A web framework designed for things to come.
We found that quinn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.