Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A full stack web framework designed for tight integration with frontend MVCs
Restla is a full-stack Node.js web framework written in TypeScript. It is specifically designed for developing the backend REST APIs of web applications.
Rather than reinvent the wheel, Restla provides a solid foundation that simplifies and integrates existing libraries commonly used in Node.js development. Restla integrates the Koa web framework and Squell, a type-safe wrapper for the Sequelize SQL ORM, to provide a completely promise-driven API that supports the async/await paradigm.
Restla extends Koa 2.x with additional functionality, but Koa's core functionality remains the same. This means you can use any official or third-party Koa middleware with Restla. By default, Restla applications have the following Koa middleware enabled:
Resource
, a router that can generate generic REST resource routes from a Squell model.
The default functionality can easily be change by extending the Resource
class.Auth
, an authentication helper that is backend agnostic (i.e. you could authenticate
with a third-party authentication.npm install --save restla
By default Restla catches all error during requests, coerces them
into ApplicationError
s if they're not already an application error
and then sends them to the client with a response similar to:
{
"message": "Some error message",
"errors": []
}
Restla automatically coerces ModelSafe validation errors into a 400 response and any authentication errors into 402 responses. Any other unknown errors are then turned into 500 errors. The validation error response (400 bad request) looks similar to the above but is populated with error messages for each field:
{
"message": "Validation failed",
"errors": [{
"path": "name",
"message": "Is required"
}]
}
If you hit any errors you should reject (or throw if you're using the async keyword) with an an ApplicationError
in your route or resource. It takes a status code and error message like so:
throw new ApplicationError(404, 'Not Found');
Restla will automatically catch any rejected errors and send them using the ApplicationContext
's error method.
You can provide your own error response handling method by passing in a custom ApplicationContext
when instantiating
a Restla application.
The API documentation generated using TypeDoc is available online.
To generate API documentation from the code into the docs
directory, run:
npm run docs
First install the library dependencies and the SQLite3 library:
npm install
npm install sqlite3
To execute the test suite using SQLite as the backend, run:
npm run test
FAQs
A full stack web framework designed for tight integration with frontend MVCs
The npm package restla receives a total of 11 weekly downloads. As such, restla popularity was classified as not popular.
We found that restla demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.