Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
serrano
is a low level client for Crossref APIs
Docs: https://www.rubydoc.info/gems/serrano
Other Crossref API clients:
Crossref's API issue tracker: https://gitlab.com/crossref/issues
For changes see the Changelog
Methods in relation to Crossref search API routes
/works
- Serrano.works()
/members
- Serrano.members()
/prefixes
- Serrano.prefixes()
/funders
- Serrano.funders()
/journals
- Serrano.journals()
/licenses
- Serrano.licenses()
/types
- Serrano.types()
Additional methods built on top of the Crossref search API:
Serrano.registration_agency()
Serrano.random_dois()
Other methods:
Serrano.content_negotiation()
Serrano.citation_count()
Serrano.csl_styles()
Note about searching:
You are using the Crossref search API described at https://api.crossref.org When you search with query terms, on Crossref servers they are not searching full text, or even abstracts of articles, but only what is available in the data that is returned to you. That is, they search article titles, authors, etc. For some discussion on this, see https://gitlab.com/crossref/issues/issues/101
Rate limits:
Crossref introduced rate limiting recently. The rate limits apparently vary,
so we can't give a predictable rate limit. As of this writing, the rate
limit is 50 requests per second. Look for the headers X-Rate-Limit-Limit
and X-Rate-Limit-Interval
in requests to see what the current rate
limits are.
The Polite Pool:
To get in the polite pool it's a good idea now to include a mailto
email
address. See docs for more information. TLDR: set your email in an env var CROSSREF_EMAIL
.
URL Encoding:
We do URL encoding of DOIs for you for all methods except Serrano.citation_count
which doesn't work if you encode DOIs beforehand. We use ERB::Util.url_encode
to encode.
gem install serrano
git clone git@github.com:sckott/serrano.git
cd serrano
rake install
Crossref's API will likely be used by others in the future, allowing the base URL to be swapped out. You can swap out the base URL by passing named options in a block to Serrano.configuration
.
This will also be the way to set up other user options, as needed down the road.
Serrano.configuration do |config|
config.base_url = "https://api.crossref.org"
end
We recommend you set your mailto
email here so you can get in the "polite pool" which gives you faster rate limits:
Serrano.configuration do |config|
config.mailto = "jane@doe.org"
end
Or use an env var with name CROSSREF_EMAIL
Search works by DOI
require 'serrano'
Serrano.works(ids: '10.1371/journal.pone.0033693')
Search works by query string
Serrano.works(query: "ecology")
Search works using metadata filters. See CrossRef filter docs.
Serrano.works(query: "ecology", filter: { has_abstract: true })
Search journals by publisher name
Serrano.journals(query: "peerj")
Search funding information by DOI
Serrano.funders(ids: ['10.13039/100000001','10.13039/100000015'])
Get agency for a set of DOIs
Serrano.registration_agency(ids: ['10.1007/12080.1874-1746','10.1007/10452.1573-5125'])
Get random set of DOIs
Serrano.random_dois(sample: 100)
Content negotiation
Serrano.content_negotiation(ids: '10.1126/science.169.3946.635', format: "citeproc-json")
The command line tool serrano
should be available after you install
~$ serrano
Commands:
serrano contneg # Content negotiation
serrano funders [funder IDs] # Search for funders by DOI prefix
serrano help [COMMAND] # Describe available commands or one spec...
serrano journals [journal ISSNs] # Search for journals by ISSNs
serrano licenses # Search for licenses by name
serrano members [member IDs] # Get members by id
serrano prefixes [DOI prefixes] # Search for prefixes by DOI prefix
serrano types [type name] # Search for types by name
serrano version # Get serrano version
serrano works [DOIs] # Get works by DOIs
# A single DOI
~$ serrano works 10.1371/journal.pone.0033693
# Many DOIs
~$ serrano works "10.1007/12080.1874-1746,10.1007/10452.1573-5125"
## if above two dois in a file called dois.txt
~$ cat dois.txt | xargs -I{} serrano works {}
# output JSON, then parse with e.g., jq
~$ serrano works --filter=has_orcid:true --json --limit=2 | jq '.message.items[].author[].ORCID | select(. != null)'
FAQs
Unknown package
We found that serrano demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.