Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Lightweight HTTP/HTTPS router with virtual hosts. Sets an accurate Allow
header based on routes.
"use strict";
const http = require("http");
let router = require("woodland")({defaultHeaders: {"Cache-Control": "no-cache"}});
router.use("/", (req, res) => {
res.writeHead(200, {"Content-Type": "text/plain"});
res.end("Hello World!");
});
http.createServer(router.route).listen(8000);
Executes if the connection was terminated before res.end()
was called or able to flush.
Executes if the request cannot be routed, default handler sends a basic text response.
Executes after the response has been sent.
Returns a woodland router.
Calls routes()
and returns a Boolean
to indicate if method
is allowed for uri
.
Returns a String
for the Allow
header. Caches value, & will update cache if override
is true
.
Blacklists fn
for calculating the return of allows()
.
Decorates allow
, body
, ip
, parsed
, query
, & host
on req
and header()
& locals{}
on res
.
Returns a murmur3hash of arg
.
Determines the host
for arg
.
Function for http.createServer()
or https.createServer()
.
Returns an Array
of middleware for the request. Caches value, & will update cache if override
is true
.
Registers a virtual host with the woodland.
Registers middleware for a route. path
is a regular expression, and if not passed it defaults to /.*
. method
can be all
if you want the middleware to be used for all HTTP methods.
Constructs a full URL from req
.
Copyright (c) 2016 Jason Mulligan Licensed under the BSD-3 license.
FAQs
Lightweight HTTP framework with automatic headers
The npm package woodland receives a total of 27 weekly downloads. As such, woodland popularity was classified as not popular.
We found that woodland demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.