
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
rest-graphql
Advanced tools
Middleware for Express to adapt REST requests to GraphQL queries
rest-graphql
provides middleware that lets you define mappers from REST requests to graphql queries that fetch the same data, letting you normalize all client queries into something your GraphQL server can handle.
Install the package
npm install --save rest-graphql
Let's say you're building out a new profile page and have defined a GraphQL schema for it. You can fetch the necessary data via:
query ProfileQuery {
user(id: 1) {
profile_photo {
url
}
first_name
last_name
}
}
Create a new config and add the middleware to your express server:
import { createAdapter } from 'rest-graphql';
import type { RestAdapterConfig } from 'rest-graphql'; // If you use flow
/**
* This is the config that defines the mapping. It contains:
*
* path: string - the REST endpoint your client will hit. This follow expressjs route handling conventions
* getQuery: (request) => string - A mapping from the REST request to a GraphQL query
* transformResponse: (response) => Object - Often the raw JSON from GraphQL doesn't make sense for the client, so perform any transform you want here
*/
const profileConfig: RestAdapterConfig = {
path: '/profile/:id',
getQuery: request => `
user(id: ${request.params.id}) {
profile_photo {
url
}
first_name
last_name
}
`,
transformResponse: response => response.data.me,
}
const app = express();
app.use(createAdapter([profileConfig])); // The rest-graphql middleware. It takes an array of RestAdapterConfigs
// Any other middleware or route handlers to process graphql requests.
Which would result in:
Request:
GET https://api.test.com/profile/9
Response:
{ profile_photo: { url: "someurl" }, first_name: "Gaurav", last_name: "Kulkarni"}
Error handling is currently built to work with request-promise and looks for any StatusCodeErrors that are thrown and parses those.
FAQs
Middleware for Express to adapt REST requests to GraphQL queries
The npm package rest-graphql receives a total of 3 weekly downloads. As such, rest-graphql popularity was classified as not popular.
We found that rest-graphql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.