Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
sofa-model
Advanced tools
Readme
Sofa Model is a simple model class to sanitize and validate your data. It is 100% data store agnostic and perfect for use with schema-less NoSQL DBs like CouchDB.
Right now it is built for Node.js, but browser support is coming soon. It can be used 100% synchronously, or asynchronously based on Promises.
For issues and feature requests visit the issue tracker.
var Model = require('sofa-model');
var testData = {
name: "Colin ",
age: "17",
telephones: {
home: "123",
mobile: "456"
},
role: "admin"
};
var userModelOptions = {
blacklist: [
"role"
],
sanitize: {
name: ["trim", "toUpperCase"],
age: "toInt",
"telephones.home": {prepend: "+1 "},
"telephones.mobile": {prepend: "+1 "}
},
validate: {
name: {presence: true},
age: {
presence: true,
numericality: {
onlyInteger: true,
greaterThanOrEqualTo: 21,
lessThan: 150,
message: "invalid age"
}
},
"telephones.home": {
presence: true
},
"telephones.work": {
presence: true
}
},
static: {
role: "user"
}
};
var UserModel = new Model(userModelOptions);
var testUser = new UserModel(testData);
var results = testUser.process().results;
var errors = testUser.errors;
console.log(results);
console.log(errors);
This outputs:
{
name: 'COLIN',
age: 17,
telephones: { home: '+1 123', mobile: '+1 456' },
role: 'user'
}
{
age: [ 'Age invalid age' ],
'telephones.work': [ 'Telephones work can\'t be blank' ]
}
Simply add async: true
to the options when you instantiate your model. Each transformation you apply to the model will then return a Promise that will resolve with the result of the transformation. If there are validation errors the promise will be rejected with the list of errors.
testModelOptions.async = true;
testUser.process()
.then(function(results) {
console.log('Yeah! Validation successful');
console.log(results);
}, function(errors) {
console.log('Oh snap, there were validation errors');
console.log(errors);
});
First set the options for your model, then create a new instance from the data you want to process.
var BlogpostModel = new Model(options);
var blogEntry = new BlogpostModel(data);
Validation is handled by Validate.js. Specify your validation constraints in options.validate
when you instantiate your model. To get a list of errors (with synchronous validation):
console.log(blogEntry.validate().errors);
Custom validator functions can be specified within the customValidators
field of your Model options. They work per the Validate.js documentation.
customValidators: {
checkMiss: function(value) {
var regex = /^Ms\.\s/;
if(!regex.test(value)) {
return "oh snap, " + value + " is not a Miss!";
}
}
}
Sanitize is handled mostly by Validator.js. options.sanitize
is an object where the keys correspond to the data fields you want to process. The value is either an array of operations you want to apply or an object where is key is an operation and the value represents the options for that operation.
sanitize: {
name: ["trim", "toUpperCase"],
age: "toInt",
"telephones.home": {prepend: "+1 "},
"telephones.mobile": {prepend: "+1 "}
}
Sanitize functions: (see the Validator.js documentation)
Custom sanitizer functions can be specified within the customSanitizers
field of your Model options.
A list of fields that are allowed to be present in your output data. If the Whitelist option is specified, any field not specifically whitelisted will be removed.
A list of fields that are not allowed in your output data. Any field specified under blacklist will be removed if present.
An object where the keys are the fields you want to rename, and the values are what you want to change them to.
rename: {
username: '_id',
password: 'token'
}
A list of static fields and their values that will be merged on top of your data.
static: {
type: 'blog_post'
}
An object that will be merged behind your data.
blogEntry.merge(template);
Applies whitelist
, blacklist
, sanitize
, validate
, rename
, and static
in that order based on your options.
For synchronous use, all of Sofa Model's methods are chained. To get the final results, simply access the results
property. Note that you need to specifically check the errors
property to detect validation errors.
For async use the results are returned as each promise resolves. Validation errors will cause the promise to reject.
var results = blogEntry.validate().sanitize().results;
FAQs
A simple model class to sanitize and validate your javascript data.
We found that sofa-model demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.