npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

akt-security-advisor

v2.1.0

Published

Client library to use the IBM Security Advisor

Downloads

4

Readme

IBM Cloud Security Advisor Node.js SDK

semantic-release

Node JS client library to use the IBM Cloud Security Advisor APIs.

Overview

The IBM Cloud Security Advisor Node SDK allows developers to programmatically interact with the IBM Cloud Security Advisor Service.

Prerequisites

  • You need an IBM Cloud account.

  • Node >=10: This SDK is tested with Node versions 10 and up. It may work on previous versions but this is not officially supported.

Installation

npm install ibm-security-advisor

Authentication

IBM Cloud Security Advisor service uses token-based Identity and Access Management (IAM) authentication.

IAM authentication uses a service API key to get an access token that is passed with the call. Access tokens are valid for a limited amount of time and must be regenerated.

Authentication is accomplished using dedicated Authenticators for each authentication scheme. Import authenticators from ibm-security-advisor/auth.

Examples

Programmatic credentials

import { IamAuthenticator } from 'ibm-security-advisor/auth';

const authenticator = new IamAuthenticator({
  apikey: '{apikey}',
});

External configuration

import { getAuthenticatorFromEnvironment } from 'ibm-security-advisor/auth';

// env vars
// FINDINGS_API_AUTH_TYPE=iam
// FINDINGS_API_APIKEY=<apikey>
const iamAuthenticator = getAuthenticatorFromEnvironment('findings-api');

To learn more about the Authenticators and how to use them with your services, see the detailed documentation.

Using the SDK

Basic Usage

All methods return a Promise that either resolves with the response from the service or rejects with an Error. The response contains the body, the headers, the status code, and the status text.

const FindingsAPI =  require('ibm-security-advisor/findings-api/v1');
const { IamAuthenticator } = require('ibm-security-advisor/auth');

const findingsAPIClient = new FindingsAPI({
  authenticator: new IamAuthenticator({ apikey: '{apikey}' }),
  url: 'https://us-south.secadvisor.cloud.ibm.com/findings',
});

findingsAPIClient
  .listNotes({account_id: "account_id", provider_id: "provider_id"})
  .then(
    response => {
      // handle response
      // the body is under property `result`
      console.log(JSON.stringify(response.result, null, 2));

      // access the headers
      console.log(JSON.stringify(response.headers, null, 2));

      // access the status code
      console.log(response.status);

      // access the status text
      console.log(response.statusText);
    },
    err => {
      // handle request/SDK errors
      console.log(err);
    }
  )
  .catch(err => {
    // catch errors in response handling code
    console.log(err);
  });

Setting the Service URL

You can set or reset the base URL after constructing the client instance using the setServiceUrl method:

const FindingsAPI =  require('ibm-security-advisor/findings-api/v1');
const { IamAuthenticator } = require('ibm-security-advisor/auth');

const findingsAPIClient = new FindingsAPI({
  authenticator: new IamAuthenticator({ apikey: '{apikey}' }),
});

findingsAPIClient.setServiceUrl('https://eu-gb.secadvisor.cloud.ibm.com/findings');

Sending request headers

Custom headers can be passed with any request. There are two ways of setting them - setting default headers in the constructor or passing request-specific headers directly to one of the methods.

Default headers

Any headers passed in with the service client constructor will be stored and automatically added to every request made with said client.

const FindingsAPI =  require('ibm-security-advisor/findings-api/v1');
const { IamAuthenticator } = require('ibm-security-advisor/auth');

const findingsAPIClient = new FindingsAPI({
  authenticator: new IamAuthenticator({ apikey: '{apikey}' }),
  headers: {
    'X-Custom-Header': 'some value',
  },
});

findingsAPIClient.listNotes({account_id: "account_id", provider_id: "provider_id"}).then(res => {
  // X-Custom-Header will have been sent with the request
});

Configuring the HTTPS Agent

The SDK provides the user with full control over the HTTPS Agent used to make requests. This is available for both the service client and the authenticators that make network requests (e.g. IamAuthenticator). Outlined below are a couple of different scenarios where this capability is needed. Note that this functionality is for Node environments only - these configurtions will have no effect in the browser.

Use behind a corporate proxy

To use the SDK (which makes HTTPS requests) behind an HTTP proxy, a special tunneling agent must be used. Use the package tunnel for this. Configure this agent with your proxy information, and pass it in as the HTTPS agent in the service constructor. Additionally, you must set proxy to false in the client constructor. See this example configuration:

const tunnel = require('tunnel');
const FindingsAPI =  require('ibm-security-advisor/findings-api/v1');
const { IamAuthenticator } = require('ibm-security-advisor/auth');

const findingsAPIClient = new FindingsAPI({
  authenticator: new IamAuthenticator({ apikey: '{apikey}' }),
  httpsAgent: tunnel.httpsOverHttp({
    proxy: {
      host: 'some.host.org',
      port: 1234,
    },
  }),
  proxy: false,
});

Sending custom certificates

To send custom certificates as a security measure in your request, use the cert, key, and/or ca properties of the HTTPS Agent. See this documentation for more information about the options. Note that the entire contents of the file must be provided - not just the file name.

const tunnel = require('tunnel');
const FindingsAPI =  require('ibm-security-advisor/findings-api/v1');
const { IamAuthenticator } = require('ibm-security-advisor/auth');

const certFile = fs.readFileSync('./my-cert.pem');
const keyFile = fs.readFileSync('./my-key.pem');

const findingsAPIClient = new FindingsAPI({
  authenticator: new IamAuthenticator({
    apikey: '{apikey}',
    httpsAgent: new https.Agent({
      key: keyFile,
      cert: certFile,
    })
  }),
  httpsAgent: new https.Agent({
    key: keyFile,
    cert: certFile,
  }),
});

Disabling SSL Verification - Discouraged

The HTTP client can be configured to disable SSL verification. Note that this has serious security implications - only do this if you really mean to! ⚠️

To do this, set disableSslVerification to true in the service constructor and/or authenticator constructor, like below:

const FindingsAPI =  require('ibm-security-advisor/findings-api/v1');
const { IamAuthenticator } = require('ibm-security-advisor/auth');

const findingsAPIClient = new FindingsAPI({
  authenticator: new IamAuthenticator({ apikey: '<apikey>', disableSslVerification: true }), // this will disable SSL verification for requests to the token endpoint
  disableSslVerification: true, // this will disable SSL verification for any request made with this client instance
});

Documentation

There are auto-generated JSDocs available at

Questions

If you are having difficulties using the APIs or have a question about the Watson services, please ask a question at dW Answers or Stack Overflow.

Debug

This module uses the debug package for logging. Specify the desired environment variable to enable logging debug messages.

Tests

Running all the tests:

npm test

Running a specific test:

npm run jest -- '<path to test>'

Open source @ IBM

Find more open source projects on the IBM Github Page.

Contributing

See CONTRIBUTING.

Featured Projects

We love to highlight cool open-source projects that use this SDK! If you'd like to get your project added to the list, feel free to make an issue linking us to it.

License

This library is licensed under Apache 2.0. Full license text is available in LICENSE.