Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
wadm-js-client
Advanced tools
This package exposes the API of Werkaandemuur via a JavaScript wrapper. It is pretty basic but should help you get started in combining data for your own use. It might also work for data that's exposed on OhMyPrints (sibling company), but I haven't had a usecase nor tested it.
The package is meant and tested to use (preferably) on a NodeJs environment. It could work well on the client side, but I strongly recommend against it, since you'll be exposing either your own API key to the interwebs and it also implies you are making an API call on every possible request, which conflicts with the fair use policy.
The REST API is exposed based by WadM on a fair usage policy. I've added a specific User Agent marker on the headers of every request it makes. With unfair usage, the package may get throttled or blocked.
Please consider caching the result one way or another (it's not that you'd need live connection since uploading is a manual task).
The API only exposes your own data, so don't bother trying to access some other profiles' data.
Make sure you have a personal API key. You can register one via your dashboard via the WordPress plugin page, since we piggyback on the methods the WordPress plugin exposes. Store the Artist ID
and API Key
somewhere safe (secrets 🤫).
Start a new instance of the client with the following:
const WadmClient = require('./wadm-js-client')
const client = new WadmClient(USER_ID, API_KEY)
For a mock implementation, take peek at example.js
All methods return a promise (prefer async/await
notation):
Checks whether the API is reachable. Returns true
or false
:
async () => {
const isConnected = await client.connectionTest()
}
Checks whether the protected part of the API is reachable (all other endpoints). Use this the verify that the User Id
and API Key
are valid. Returns true
or false
:
async () => {
const isAuthenticated = await client.authenticationTest()
}
Returns the JSON object of a particular artwork based on the provided Id. Returns an object artwork: {}
:
async () => {
const artwork = await client.getArtworkById(SOME_ID)
}
Returns an object containing artworks and stats. The artworks contain an array of JSON objects of a particular page of artworks based on the provided page number. If page number is not provided, it wil default to return page 1. The stats give you the paging properties which can be used to get a different page. The maximum number of items per page is 33. The client is set to 25. Returns an object { artworks: [{}], stats }
:
async () => {
const artworks = await client.getPagedArtworks(SOME_PAGE_NUMBER)
}
Uses the paged result and maps the pages to a single array.
Returns the array of all artworks based for the user. Returns an Array [ { artwork } ]
:
async () => {
const artworks = await client.getArtworks()
}
If you want to contribute, feel free to drop me a line or open up an Issue on the repo. Then we can discuss how the change would fit in with the client.
I am not affiliated with WadM or OhMyPrints. If the API changes, this wrapper will inevitably fail and will need some manual updating. Feel free to contribute to this repo if you like.
FAQs
Client for connecting to the REST APIs via a JS library
We found that wadm-js-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.