npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

sanitizr

v3.1.0

Published

Entity sanitation framework

Downloads

23

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

oliversalzburgoliversalzburg

Keywords

Readme

sanitizr

Build Status Coverage Status Code Climate GitHub license

What?

Sanitizr is an entity sanitation framework.

It allows to decorate a type description with annotations that can later be used to apply transformations on instances of the described type.

The annotations are applied on the plain object level. However, the library is primarily designed to interoperate with:

To put it simply, in your application, you will have a description of a type. In mongoose, this type comes from a schema. If you're using node-sql, you're going to have a table definition that you pass to sql.define.

sanitizr attempts to re-use that data structure and put additional, hidden information into it. That information can later be used to remove or replace certain properties from an instance of that type.

This allows you to pull an instance of that type from your database and then process it depending on the user class that requested the entity.

For example, you might annotate a single property to be hidden for the "user" user class. If the user has the "admin" user class, he would see the property. If the user has the "user" user class, he won't.

How?

Install

npm install sanitizr

Usage

node-sql

In node-sql, a complete type setup would look like this:

var sanitizr = require( "sanitizr" );
var sql      = require( "sql" ).setDialect( "postgres" );

var schema = {
	name    : "person",
	columns : [
		"id",
		"name",
		"apiKey"
	]
};
var type = sql.define( schema );

sanitizr
	.decorate( type )
	.decorate( "name", sanitizr.USERCLASS_USER, sanitizr.READ_ONLY )
	.decorate( "apiKey", sanitizr.USERCLASS_USER, sanitizr.HIDDEN );
	
var info   = sanitizr.info( schema.name, type );
var helper = sanitizr.helper( info );

When you receive an entity from a user, you can remove the read-only properties with:

var cleanPerson = helper.omitReadOnly( personFromUser );

When you want to send an entity to a user, you can remove hidden properties with:

var cleanPerson = helper.omitHidden( personForUser );

mongoose

// Example pending

Concepts

  1. sanitizr has 2 user classes pre-defined:

    • admin as USERCLASS_ADMIN
    • user as USERCLASS_USER

    The classes are just strings, feel free to use anything else.

  2. The helper has the following core methods:

    • omitNull - removes all properties that are null.
    • omitHidden - removes all properties that are marked HIDDEN.
    • omitReadOnly - removes all properties that are marked READ_ONLY.
    • conceal - replaces the values of all properties that are marked CONCEALED with true.

  3. In sanitizr, a type may be referred to as complex. This simply means that it is not a primitive, like a String, but another type, which is composed of primitives or other complex objects.

    If a property is complex, omissions and concealment will be applied by the rules of the referenced, complex type.

    Additionally, the helper provides the following utility method to handle complex properties:

    • reduceComplex - replaces the values of all properties that are complex, with the id property of the referenced object.

Errors

DecoratorError: Attempting to decorate function type property 'property' is probably unintended!

The error is thrown for mongoose schemas that use the built-in constructors as type identifiers. For example:

var schema = {
	property : String
}

Here, property uses the constructor String to identify the type. This is not supported, because decorations would be placed on an object that is shared with other properties. Also, this would modify a commonly used type, which is just as bad.

Instead, use the type property in a new object, to describe the type of the property:

var schema = {
	property : { type : String }
}

HelperError: The property can't be reduced as it has no 'id' property itself.

The error is thrown when an attempt is made to invoke reduceComplex on a property that does not have an id member.

// We define a new type and mark the "parent" property as complex.
var personType = { parent : {} };
var typeInfo   = new TypeInfo( "person", personType );
typeInfo.markComplex( "parent", "person" );

// Construct the helper for the type.
var helper = new TypeHelper( typeInfo );

// This "instance" of the type described above has a "parent" property, but that property itself has no "id" property.
// This means we can't reduce the object to an id and reduceComplex will throw.
var personInstance = { parent : {} };

helper.reduceComplex( personInstance );