Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Typology is a lightweight data validation library for Node.js and the browser (with or without Browserify).
It can validate variables against native JavaScript types as well as against custom types you can define.
Install with npm:
// Latest release
npm install typology
// Development version
npm install git+https://github.com/jacomyal/typology.git
Include the typology.js
(or the minified version typology.min.js
) file client-side if you do not want to use Browserify or a similar library.
var types = require('typology');
types.get(true);
>>> 'boolean'
types.get(/abc/);
>>> 'regexp'
// Native types being:
// 'boolean', 'number', 'string'
// 'function', 'array', 'arguments'
// 'regexp', 'date', 'object'
// 'null', 'undefined', 'primitive'
// 'map', 'set', 'weakmap', 'weakset', 'symbol'
A custom type can be either be defined by a function returning a boolean or an expressive string or object describing the type you want to check.
Example
// Type defined by a function
var customType = function(variable) {
// Here is an example to know if a variable is an integer:
return typeof variable === 'number' && variable === (variable | 0);
};
// Type defined by an expressive string
var customType = '?string'; // Means you want an optional string
var customType = 'string|number'; // Means you want either a string or a number
// Type defined by a complex object
var customType = {
firstname: 'string',
lastname: 'string',
age: 'number'
};
Expression | Description | Examples | Validates |
---|---|---|---|
'type' | required | 'string' | 'hello' |
'?type' | optional | '?string' | 'hello' , undefined , null |
`'type1 | type2'` | multi-types | `'string |
{prop: 'type'} | complex | {firstname: 'string'} | {firstname: 'Joachim'} |
['type'] | lists | ['number'] | [1, 2, 3] |
'!type' | exclusive | '!string' | 42 |
Note also that expression can be combined. For instance '?string|number'
means an optional string or number variable and '!string|object'
means anything but a string or an object.
Overkill example
var myCustomType = {
firstname: 'string',
pseudo: '?string',
account: {
total: '?number|string',
bills: ['number']
}
}
Using functions to perform ad-hoc validation
var myCustomType = {
age: 'number',
name: function(v) {
return v === 'Jack' || v === 'John';
}
};
var types = require('typology');
types.check(myType, myVariable);
// Example
types.check('number', 1);
>>> true
types.check(
{
firstname: 'string',
lastname: 'string',
age: 'number'
},
{
firstname: 'Joachim',
lastname: 'Murat'
}
);
>>> false
var types = require('typology');
types.scan(myType, myVariable);
// Example
types.scan('number', 1);
>>> { expected: 'number',
>>> type: 'number',
>>> value: 1 }
types.scan(
{
firstname: 'string',
lastname: 'string',
age: 'number'
},
{
firstname: 'Joachim',
lastname: 'Murat'
}
);
>>> { error: 'Expected a "number" but found a "undefined".',
>>> expected: 'number',
>>> type: 'undefined',
>>> value: undefined,
>>> path: [ 'age' ] }
var Typology = require('typology');
var myTypology = new Typology();
// Then add custom definitions
myTypology.add(myCustomType);
// Example
myTypology.add('User', {
firstname: 'string',
lastname: 'string',
age: '?number'
});
// Then you can use it likewise
myTypology.check('User', {hello: 'world'});
>>> false
// And use it in other types' definition
myTypology.check('User|number', myVar);
var types = require('typology');
types.isValid(customType);
// Example
types.isValid('?string');
>>> true
types.isValid('randomcrap');
>>> false
Contributions are welcome. Please be sure to add and pass unit tests if relevant before submitting any code.
To setup the project, just install npm dependencies with npm install
and run tests with npm test
.
Typology is under a MIT license.
FAQs
A data validation library for Node.js and the browser.
We found that typology demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.