Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A web framework designed for things to come.[1]
import { createServer } from 'http';
import quinn from 'quinn';
import respond from 'quinn/respond';
const app = quinn(req => respond({ body: 'Hello World!' }));
createServer(app).listen(3000);
A potentially async function that takes a request and returns a response.
function handler(request) {
return result;
}
Request
An http.IncomingMessage
.
There are no additional properties or magical extension methods.
DispatchResult
Either a VirtualResponse
[2] or undefined
.
If it's undefined
, the handler was unable to handle the given request.
E.g. the handler implements routing logic and no route matched the given url.
VirtualResponse
A pass-through stream describing the response that should be returned. While it might have additional utility functions, only the following properties and methods should be relied on:
response.setHeader(name, value)
response.getHeader(name)
response.removeHeader(name)
response.statusCode
response.write(chunk[, encoding][, callback])
response.end([data][, encoding][, callback])
The behavior of each should match ServerResponse
.
All headers and the status code should be forwarded
when the response is piped to a target.
The statusCode
by setting the property,
the headers by calls to setHeader
on the target, one header at a time.
Quinn itself only cares that it has a pipe
method
which is used to forward the data to a ServerResponse
.
import express from 'express';
import quinn from 'quinn/express';
import respond from 'quinn/respond';
const app = express();
app.get('/quinn-route', quinn(req => respond({ body: 'Hello World!' })));
Most of these are based on JSGI. Which would make sense if node wouldn't include an http server.
[1] In other words: an experimental mess.
[2] Because buzz word.
FAQs
A web framework designed for things to come.
The npm package quinn receives a total of 5 weekly downloads. As such, quinn popularity was classified as not popular.
We found that quinn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.