
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
spider_req
Advanced tools
以包装 uni-app 请求api 为例;
import initializer from 'spider_req';
// 初始化实例
const options = {
host: 'https://my-server-host.com',
layout: '/api/v1/',
extraData: {token: 'ASDFGHJKL'},
beforeSuccess: (res)=>{
console.log('成功拦截器,成功之前统一调用')
}
};
const myRequest = initializer(uni.request,options);
// 使用
// 示例1:获取商品列表
myRequest({
url:'/products',
method: 'GET',
data: {
someData:'someData'
},
success: (res)=>{
console.log('响应成功了')
}
});
// 根据提供的 options 上面的请求会执行如下操作:
// 1、请求地址包裹为:
// "https://my-server-host.com/api/v1/products"
// 2、请求数据包裹为:
// { someData:'someData', token:'ASDFGHJKL' }
// 3、请求的响应将会被拦截函数拦截,执行完毕后才会执行success函数。即控制台输出为:
// '成功拦截器,成功之前统一调用'
// '响应成功了'
import initializer from 'spider_req';
// 仅需要将初始化器中传入需要挂载的instance即可。
initializer(uni.request,options,uni); // 在第三个参数传入挂载点,这里以 uni 对象为例。
// 使用:
uni.req({
url:'/products',
method: 'GET',
data: {
someData:'someData'
},
success: (res)=>{
console.log('响应成功了')
}
});
extraData : 要追加到请求参数中的固定参数。beforeSuccess : 成功前钩子函数。beforeFail : 失败前钩子函数。beforeSend : 发送前钩子函数。sendPreHandler : 发送前预处理。将会发送该函数 return 出来的值。receivePreHandler : 接受时预处理。工作原理同上。appendDataFrom : 所有请求追加参数的函数,每次发送都会调用该函数,该函数返回值将会被携带在请求中。适用于动态固定参数。resetSchema : 重置语法。handlerDelay : 所有处理函数延迟执行。单位毫秒。{
"url": "url",
"data": "data",
"header": "header",
"method": "method",
"dataType": "dataType",
"responseType": "responseType",
"sslVerify": "sslVerify",
"success": "success",
"fail": "fail",
"complete": "complete"
}
skipBeforeFail : 该请求跳过全局的beforeFail。skipBeforeSend : 原理同上。realSuccess : 逻辑上的请求成功函数。即相应status < 400 时调用。常规的success是网络通了就视为成功。statusFail : 逻辑上的请求失败函数。即相应的status >= 400 时调用。重新初始化会自动销毁原对象(仅适用于以挂载点的方式初始化),然后用新的配置进行初始化。
FAQs
## 支持 - 请求地址统一包装 - 统一处理响应 - 统一处理错误 - 定制不同平台配置项 - 挂载至指定对象
The npm package spider_req receives a total of 7 weekly downloads. As such, spider_req popularity was classified as not popular.
We found that spider_req demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.