
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
Zzz is a Lightweight Node.js REST Framework - Currently, Zzz supports the following http request methods: GET, POST, PUT, and DELETE.
$ npm install zzz
// Load Zzz module and create a server instance
var Zzz = require("zzz");
// Create a new Zzz server
var server = new Zzz.Server();
// Define a GET request
server.get("/my/route", function(request, response) {
response.end("Hello World, I serve GET requests!")
});
// Define a POST request
server.post("/my/route", function(request, response) {
response.end("Hello World, I serve POST requests!")
});
// Start listening for requests
server.listen(80);
Routes are defined by assigning a callback to a http request method and request path:
server.[get|post|put|delete]("/some/path", callback);
server.get("/some/static/path", function(request, response) {
// do something here
response.end("I did something.");
});
Zzz will always pass http.serverRequest and http.serverResponse objects to the callback. However, if there are dynamic path segments denoted by a ':', these will be passed via an object of key/value pairs as the third argument to the callback.
server.post("/some/:dynamic/path", function(request, response, uriParams) {
var body = "";
// do something with post params here
request.on("data", function(chunk) {
body += chunk;
});
request.on("end", function() {
var postBody = querystring.parse(body);
response.write("<p>I was" + uriParams.dynamic + "</p>");
response.end("<pre>" + postBody + "</pre>");
});
});
$ make test
$ make coverage
Note: The code coverage report depends on having jscoverage installed.
FAQs
Unknown package
The npm package zzz receives a total of 22 weekly downloads. As such, zzz popularity was classified as not popular.
We found that zzz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.