Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
This module allows you to connect to many shipping carriers like UPS and FedEx and download tracking data for your packages in a common schema
shipit
is a node module that allows you to retrieve data from shipping carriers like UPS and FedEx in a common format. It interfaces with tracking APIs when available, and falls back to screen scraping. For carriers that expose tracking APIs, user is expected to acquire and provide credentials like license numbers, meter numbers, user IDs and passwords.
Really, why do users have to know that a tracking number was provided by a particular carrier. That step is just totally unnecessary, given that we can guess the carrier from the tracking number in 90% of the cases. shipit
provides a convenience function for this.
Add shipit to your package.json
and then npm install it.
npm install shipit
Use it to initialize the shipper clients with your account credentials.
{
UpsClient,
FedexClient,
UspsClient,
DhlClient,
LasershipClient,
OnTracClient,
UpsMiClient
} = require 'shipit'
ups = new UpsClient
licenseNumber: '1C999A999B999999'
userId: 'shipit-user'
password: 'shhh-secret'
fedex = new FedexClient
key: 'xyxyxyxyabababab'
password: 'asdfawasfdasdfasdf1'
account: '123456789'
meter: '99999999'
usps = new UspsClient
userId: '590XABCR3210'
clientIp: '10.5.5.1'
lsClient = new LasershipClient()
dhlClient = new DhlClient
userId: 'SHIPI_79999'
password: 'shipit'
onTrac = new OnTracClient()
upsmi = new UpsMiClient()
amazonClient = new AmazonClient()
Use an initialized client to request tracking data.
ups.requestData {trackingNumber: '1Z1234567890123456'}, (err, result) ->
console.log "[ERROR] error retrieving tracking data #{err}" if err?
console.log "[DEBUG] new tracking data received #{JSON.stringify(result)}" if result?
You can use the Amazon client to query status of an item by its order ID and shipment ID (packageId defaults to 1 - shipit does not yet support multiple shipments per order).
orderID = '106-9151392-7203433'
orderingShipmentId = '2759102494123'
amazonClient.requestData {orderID, orderingShipmentId}, (err, result) ->
console.log "[ERROR] error retrieving tracking data #{err}" if err?
console.log "[DEBUG] new tracking data received #{JSON.stringify(result)}" if result?
Example response returned:
{
"status": 2,
"activities": [
{
"location": "Memphis, TN 38118",
"timestamp": "2014-02-16T22:19:00.000Z",
"details": "Departed FedEx location"
},
{
"location": "East Hanover, NJ 07936",
"timestamp": "2014-02-15T23:57:00.000Z",
"details": "Left FedEx origin facility"
},
{
"location": "East Hanover, NJ 07936",
"timestamp": "2014-02-15T15:57:00.000Z",
"details": "Picked up"
}
],
"weight": "0.2 LB",
"service": "FedEx Priority Overnight",
"eta": "2014-02-17T15:30:00.000Z",
"destination": "US",
"request": {
"trackingNumber": "9400110200881269505160"
}
}
There's usually only one carrier that matches a tracking number (UPS is the only carrier that uses '1Z' prefix for its tracking numbers), but there are several cases, where there are multiple matches. For example, FedEx uses a service called SmartPost, where it relies on USPS to deliver the package at the last mile. In such cases, FedEx provides tracking through most of the package's journey, and then USPS either takes over, or provides duplicate tracking in the last leg. The tracking number used is the same between the two carriers. Similar situation with UPS Mail Innovations as well. Therefore, the guessCarrier()
function returns an array, and we leave it up to the user to decide manually or through other automated means which carrier is the real one or provides more accurate tracking.
{guessCarrier} = require 'shipit'
possibleCarriers = guessCarrier '1Z6V86420323794365'
[ 'ups' ]
possibleCarriers = guessCarrier '9274899992136003821767'
[ 'fedex', 'usps' ]
possibleCarriers = guessCarrier 'EC207920162US'
[ 'usps' ]
Clone this repo (or first fork it)
git clone git@github.com:sailrish/shipit.git
Install dependencies
npm install
Just use grunt.
$ grunt
. . .
. . .
182 passing (347ms)
Done, without errors.
ShipperClient
generateRequest(trk, reference)
requestOptions({trk, reference})
validateResponse(response, cb)
Copyright (c) 2014 Rishi Arora
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
I learnt how to build a node module from Nick Desaulniers here. This article talks about everything you need to know - using grunt to set up test tasks, using mocha and chai for testing, and how to npm publish, etc.
FAQs
This module allows you to connect to many shipping carriers like UPS and FedEx and download tracking data for your packages in a common schema
The npm package shipit receives a total of 121 weekly downloads. As such, shipit popularity was classified as not popular.
We found that shipit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.