Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
End-to-end typing for REST APIs with TypeScript
Read the blog post
Typescript is a one-way street: Once you start using it, it's hard to go back to plain JS. In fact, you'll probably want to write your entire application in TypeScript.
After happily typing all of your models, you notice that there's a disconnect: Your types don't make it over the wire! The server doesn't check types before it sends an HTTP response, and the client doesn't know what types it's receiving. Conversely, the server doesn't know what types it should receive, and the client doesn't know what to send.
RESTyped was designed to brige the gap by creating an easy way to share types across your API server and any public or private clients.
RESTyped is a specification. Once you spend a few minutes typing your API using the specification below, you can use these server and client wrappers to declare and consume your API in a type-safe manner:
You can help make RESTyped more useful by typing your favorite server framework or HTTP client!
RESTyped requires TypeScript 2.4 or higher.
It's very easy to get started with RESTyped. Just follow a few steps to type your existing API or create a new typed API:
{my_api_name}API
from a file ending in .d.ts
/api/
.GET
, POST
, PUT
, PATCH
, DELETE
, HEAD
or OPTIONS
params
: Route params in the URL (e.g. /users/:id
would have id
as a param)query
: Query string params, typically used in GET
requests (e.g. req.query
in express)body
: JSON body object (e.g. req.body
in express or data
object in an axios request)response
: The route's JSON responseExample: my-social-api.d.ts
interface User { // Model inteface--could be imported from another file
email: string
name: string
gender: 'Male' | 'Female' | 'Other'
}
export interface MySocialAPI {
'/users': { // Route name (wihout prefix, if you have one)
GET: { // Any valid HTTP method
query: { // Query string params (e.g. /me?includeProfilePics=true)
includeProfilePics?: boolean
}
response: User[] // JSON response
}
}
'/user/:id/send-message': {
POST: {
params: { // Inline route params
id: string
}
body: { // JSON request body
message: string
}
response: { // JSON response
success: boolean
}
}
}
}
food-delivery-api.d.ts
)export interface FoodDeliveryAPI {
'/me/orders': {
POST: {
body: {
foodItemIds: string[]
address: string
paymentMethod: 'card' | 'cash'
paymentCardId?: string
}
response: {
success: boolean
eta?: string
}
}
}
// ...other routes...
}
import {AsyncRouter} from 'restyped-express'
import {FoodDeliveryAPI} from './api.d.ts'
import OrderModel from './controllers/order'
const route = AsyncRouter<FoodDeliveryAPI>('/api/')
route.post('/me/orders', async (req) => {
// Will not compile if you attempt to access an invalid body property
const {foodItemId, address} = req.body
const success = await OrderModel.order(foodItemId, address)
// Will not compile if returned value is not of type {success: boolean}
return {success}
})
import axios from 'restyped-axios'
import {FoodDeliveryAPI} from './api.d.ts'
const api = axios.create({baseURL: 'https://fooddelivery.com/api/'})
async function order() {
// Will not compile if you request an invlid route or pass incorrect body params
const res = await api.post(
'/me/orders',
{
foodItemIds: ['QbY7Nmx1', '34YthU3m'],
address: '1601 Market St, Phiadelphia, PA 19103',
paymentMethod: 'cash'
}
)
// TypeScript knows that res.data is of type {success: boolean, eta?: string}
const {success, eta} = res.data
}
FAQs
End-to-end typing for REST APIs with TypeScript
The npm package restyped receives a total of 1,323 weekly downloads. As such, restyped popularity was classified as popular.
We found that restyped demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.