Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Axios ajax library wrapped in RxJs observables, The popular kids are doing it.
A simple reactive observable wrapper for the popular Axios library. Axios is a Promise based HTTP client for the browser and node.js. reAxios wraps axios inside an RxJs observable and exposes it. All the axios features and options are supported through reAxios.
RxJs is a JavaScript library to perform Reactive programming. RxJs is the JavaScript implementation of ReactiveX. ReactiveX is a combination of the best ideas from the Observer pattern, the Iterator pattern, and functional programming. There are many advantages for reactive programming:
Functional - Avoid intricate stateful programs, using clean input/output functions over observable streams.
Less is more - ReactiveX's operators often reduce what was once an elaborate challenge into a few lines of code.
Async error handling - Traditional try/catch is powerless for errors in asynchronous computations, but ReactiveX is equipped with proper mechanisms for handling errors.
Concurrency made easy - Observables and Schedulers in ReactiveX allow the programmer to abstract away low-level threading, synchronization, and concurrency issues.
And the popular kids are doing observables nowadays, its the new cool
Follow these steps to grab a copy of reAxios and use it in your project. The reaxios
package will have two build distributables, a regular build and minified compressed build. By default package managers are set to use the minified version
build | asset | size |
---|---|---|
compressed | reAxios.min.js | 2.73KB |
uncompressed | reAxios.js | 12KB |
This library is dependent on the following Npm packages:
Note Missing dependency will cause errors.
reAxios is a UMD module, which means it can be run across all javascript environments ranging from browsers to servers(node). reAxios can be used on browsers in conjunction with RxJs and axios in node-like browser environments as in ReactJS, AngularJS, VueJS or MarkoJS or it can be used in NodeJS apps.
Using npm
npm i --save reaxios
Using yarn
yarn add reaxios
//In your Node.js app
const ReAxios = require('reaxios');
//Or using ES6 - ES7 import statement
import reAxios from 'reaxios';
//ReAxios can take all the axios configuration parameters here
const reAxios = new ReAxios({
baseURL: 'https://jsonplaceholder.typicode.com/todos/1',
});
//GET request
reAxios.get('/').subscribe(
response => {
console.log(response.data);
},
err => {
console.error(err);
}
);
Output
{
"userId": 1,
"id": 1,
"title": "delectus aut autem",
"completed": false
}
v0.0.3
v0.0.2 - v0.0.1
Various apis provided by reAxios are documented here.
The default HTTP GET method of Axios wrapped in an observable.
reAxios.get(url, queryParams)
Parameter | Type | Description |
---|---|---|
url | String | The url to be fetched |
queryParams | Object | The query parameters to be passed along with the url |
example:
reAxios.get(url, queryParams).subscribe(
response => {
console.log(response.data);
},
err => {
console.error(err);
}
);
The default HTTP POST method of Axios wrapped in an observable.
reAxios.post(url, body, queryParams)
Parameter | Type | Description |
---|---|---|
url | String | The url to be fetched |
body | Object | The request body |
queryParams | Object | The query parameters to be passed along with the url |
example:
reAxios.post(url, body, queryParams).subscribe(
response => {
console.log(response.data);
},
err => {
console.error(err);
}
);
The default HTTP PUT method of Axios wrapped in an observable.
reAxios.put(url, body, queryParams)
Parameter | Type | Description |
---|---|---|
url | String | The url to be fetched |
body | Object | The request body |
queryParams | Object | The query parameters to be passed along with the url |
example:
reAxios.put(url, body, queryParams).subscribe(
response => {
console.log(response.data);
},
err => {
console.error(err);
}
);
The default HTTP PATCH method of Axios wrapped in an observable.
reAxios.patch(url, body, queryParams)
Parameter | Type | Description |
---|---|---|
url | String | The url to be fetched |
body | Object | The request body |
queryParams | Object | The query parameters to be passed along with the url |
example:
reAxios.patch(url, body, queryParams).subscribe(
response => {
console.log(response.data);
},
err => {
console.error(err);
}
);
The default HTTP DELETE method of Axios wrapped in an observable.
reAxios.delete(url, queryParams)
Parameter | Type | Description |
---|---|---|
url | String | The url to be fetched |
queryParams | Object | The query parameters to be passed along with the url |
example:
reAxios.delete(url, queryParams).subscribe(
response => {
console.log(response.data);
},
err => {
console.error(err);
}
);
Note All advanced RxJs operations can be performed on the observables returned by reAxios.
Continuous Integration services monitor repositories for changes, then automatically run unit tests on your behalf, typically in a containerized environment. To test this setup works in a continuous integration environment, an integration was done with Travis CI & CircleCI. According to the Travis Node.js Documentation, Travis automatically runs npm install and npm test. The only additional thing I had to add to the Travis configuration was to run npm run build before running the tests. The working Travis config looks like this:
language: node_js
node_js:
- stable
install:
- npm install
- npm install -g codecov
script:
- npm run build-dev
- npm run build-prod
- npm test
- jest ./test/reAxios.spec.js
- codecov
CircleCI is similar to Travis-CI, but is more extensible and has much more control over the build process. The CircleCI config looks like this:
# Javascript Node CircleCI 2.0 configuration file
# Check https://circleci.com/docs/2.0/language-javascript/ for more details
version: 2
jobs:
build:
docker:
# specify the version you desire here
- image: circleci/node:7.10
# Specify service dependencies here if necessary
# CircleCI maintains a library of pre-built images
# documented at https://circleci.com/docs/2.0/circleci-images/
# - image: circleci/mongo:3.4.4
working_directory: ~/repo
steps:
- checkout
# Download and cache dependencies
- restore_cache:
keys:
- v1-dependencies-{{ checksum "package.json" }}
# fallback to using the latest cache if no exact match is found
- v1-dependencies-
- run: npm install
- save_cache:
paths:
- node_modules
key: v1-dependencies-{{ checksum "package.json" }}
# run tests!
- run: npm run build-dev
- run: npm run build-prod
- run: npm test
This library uses Jest framework for unit testing. All unit tests are available in the test folder. Tests can be run by the command:
npm test
Please read CONTRIBUTING.md for details on contributing to the project and CODE_OF_CONDUCT.md for the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
reAxios is written by Sandeep Vattapparambil
The MIT License
Copyright (c) 2018- Sandeep Vattapparambil, http://www.sandeepv.in
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Made with :heart: by Sandeep Vattapparambil
FAQs
Axios ajax library wrapped in RxJs observables, The popular kids are doing it.
The npm package reaxios receives a total of 0 weekly downloads. As such, reaxios popularity was classified as not popular.
We found that reaxios demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.