Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
routington2
Advanced tools
Routington2 is a fork of Routington, a trie-based URL router. Its goal is only to define and match URLs. It does not handle methods, headers, controllers, views, etc., in anyway. It is faster than traditional, linear, regular expression-matching routers, although insignficantly, and scales with the number of routes.
The purpose of this router isn't for performance, but to bring more structure to URL routing. The intention is for you to build a framework on top either in node.js or in the browser.
var routington = require('routington2')
var router = routington()
router
is the root Node
in the trie. All node
s will have router
as furthest ancestor.
Every node on a tree is an instance of Node
. You only construct the root. A node
has the following properties:
child {}Node
- String based child definitions.
For example, node.child['post']
will return a child node with node.string === 'post'
children []Node
- Name/regex based child definitionsparent Node
- The parent of the nodename
- Name of the node (for parameter matching)string
- String to match the URL fragmentregex
- Regular expression to match the URL fragmentvar nodes = router.define('/:identity(page|petition)/:id([0-9a-f]{24})')
route
is a definition of a route and is an extension of Express' routing syntax.
route
, however, can only be a string.nodes
is an array of node
s.Each fragment of the route, delimited by a /
, can have the following signature:
string
- ex /post
string|string
- |
separated strings, ex /post|page
:name
- Wildcard route matched to a name(regex)
- A regular expression match without saving the parameter (not recommended):name(regex)
- Named regular expression matchYou should always name your regular expressions otherwise you can't use the captured value.
The regular expression is built using new RegExp('^(' + regex + ')$', 'i')
,
so you need to escape your string, ie \\w
.
You can always pre-define names or regular expressions before. For example, I can define:
router.define('/page/:id(\\w{3,30})')
// later, :id will have the same regexp
// so you don't have to repeat yourself
router.define('/page/:id/things')
router.define('/page/:id(\\w{3,30})')
var match = router.match('/page/taylorswift')
match
, unless null
, will be an object with the following properties:
param
- A list of named parameters, ex, match.param.id === 'taylorswift'
.node
- The matched node.
Will always have name.string === ''
.Each URL you define creates a node,
and you are free to do whatever you'd like with each node as long you don't overwrite any prototype properties (basically just define
, match
, and parse
).
Adding any features to routington shouldn't be necessary.
For example, suppose you want to attach callbacks to a node by extending routington:
router.get('/:id/:controller', function (req, res, next) {
console.log('do something')
})
You can attach the middleware to a node.GET
array:
router.get = function (path, handler) {
var node = router.define(path)[0]
node.GET = node.GET || []
node.GET.push(handler)
}
Now, dispatching is easy:
function dispatcher(req, res, next) {
var match = router.match(url.parse(req.url).pathname)
if (!match)
// this is a 404
var node = match.node
var callbacks = node[req.method]
if (!callbacks)
// this is a 405
// execute all the callbacks.
// async.series won't actually work here,
// but you get the point.
async.series(callbacks, next)
}
Properties attached to the node will be exposed on the match. For example, suppose you wanted to label a node:
var node = router.define('/:id/:controller')[0]
node.label = 'controller'
When matched, it will be available via match.node.label
:
var match = router.match('/someid/somecontroller')
assert(match.node.label === 'label')
Since reaching into match.node
is a little inconvenient and you probably don't want your end users to touch it,
you should expose in your dispatcher:
var match = router.match(url.parse(req.url).pathname)
// ...
req.param = match.param
req.label = match.node.label
IE9+
FAQs
Trie-based URL Routing
We found that routington2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.