Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A Virtual Http adapter to allow in process xhr
Full stack testing of server and client code allows you to describe at a high level what an application does. Actually starting and running servers along with dispatching requests is slow and prone to errors.
Vine Hill allows you to "start" a server virutally and connect it with your client code by installing a bridge between XmlHttpRequest and your server. This allows the server to respond to requests in the same process as your client code and tests are running.
What you get is high performance tests with easy to ready stacktraces and great debugability.
var express = require('express');
var app = express();
app.get('/weather/:city', (req, res) => {
res.json({
city: req.params.city,
temp: '22C'
});
});
// connect your app to a host name
var vineHill = require('vinehill');
// for a single server
vineHill({'http://weather.com': app});
// or for multiple servers
// vineHill({
// 'http://weather.com': app,
// 'http://other.com': otherApp
// })
var httpism = require('httpism/browser');
httpism.get('http://weather.com/weather/london').then(response => {
console.log(response.body.temp);
});
Vinehill logs requests/responses using the excellent debug module
To log in the console set the DEBUG
env variable to vinehill*
and then run your tests.
For example:
DEBUG=vinehill* mocha
If you are using vinehill in a browser then you can enable logging by running this code in the console (or before vinehill is required)
localStorage.debug = 'vinehill*'
You can further filter logging by replacing vinehill*
:
vinehill
only logs a simplified METHOD: URL STATUS => STATUSTEXT
eg. PUT: http://server1/some/file.txt => 200 OK
vinehill:request
only log request objectsvinehill:response
only log response objectsvinehill*
log request, response and simplified versionSafari: SyntaxError: Cannot declare a parameter named 'error' as it shadows the name of a strict mode function. at /tmp/derek/node_modules/send/index.js:272:0
IE10: Object doesn't support property or method 'use' at /tmp/derek/node_modules/express/lib/application.js:143:0
FAQs
In process bridge between http requests and connect based servers
The npm package vinehill receives a total of 3 weekly downloads. As such, vinehill popularity was classified as not popular.
We found that vinehill demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.