Dan Levy justsml

## verifyUser.ts
export type User = ReturnType<typeof verifyUser>;

// ^ Type defined for 'free'
// + Pro: Less wasted effort aligning types AND validation.
// + Pro: More 'honest', not obscured by layers, `any` or `as`
// - Con: Easy to accidentally change a public interface.
//      (Prefer explicit definitions at your library/module boundaries.)
export function verifyUser(data: { [key: string]: unknown; }) {
  if (!data || typeof data !== 'object')
    throw new Error(`User must be a valid object.`);

## aws-client-options.js
const DEFAULT_LOCALSTACK_EDGE_PORT = 4566;

/**
 * Get options for use in AWS client constructors.
 *
 * Configure the `AWS_ENDPOINT` environment variable to set an endpoint.
 *
 * ### Example
 *
 * To run tests w/ LocalStack: `AWS_ENDPOINT=http://127.0.0.1:4566 jest`

## fetch-retry-with-curry.js
/**
 * A **Smarter** retry wrapper with currying!
 */
function retryCurry(fn, retriesLeft = 5) {
  const retryFn = (...args) => fn(...args)
    .catch(err => retriesLeft > 0
      ? retryFn(fn, retriesLeft - 1)
      : Promise.reject(err)
    })
  return retryFn

## location-redirect.js
const checkForRedirect = (response) => {
  // Check for temporary redirect (307), or permanent (308)
  if (response.status === 307 || response.status === 308) {
    const location = response.headers.get('location')
    if (!location) {
      return Promise.reject(new Error('Invalid HTTP Redirect! No Location header.'));
    }
    // You can change the behavior here to any custom logic:
    //   e.g. open a "confirm" modal, log the redirect url, etc.
    return fetch(location)

## extensions.json
{
	// See https://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
	// Extension identifier format: ${publisher}.${name}. Example: vscode.csharp

	// List of extensions which should be recommended for users of this workspace.
	"recommendations": [
		"streetsidesoftware.code-spell-checker",
		"kisstkondoros.vscode-codemetrics",
		"ms-azuretools.vscode-docker",
		"dbaeumer.vscode-eslint",

## targeted-feature-flag.ts
/**
 * `filteredFlagFactory` supports 3 states of a feature flag:
 * - True,
 * - False,
 * - and restricted by ID(s).
 *
 */
export function filteredFlagFactory(
  flagValue: string,
  defaultIdField = 'userId'

## asyncIterable-stream-forAwaitOf-examples.ts
export const batchStream = (size: number) =>
  async function* batchStream<TStreamType>(stream: AsyncIterable<TStreamType>) {
    let buffer: TStreamType[] = [];
    for await (const chunk of stream) {
      buffer.push(chunk);
      if (buffer.length >= size) {
        yield buffer;
        buffer = [];
      }
    }

## addSignalListener.mjs
/**
 * Handle process signal events easily with `addSignalListener()`.
 *
 * Automatically returns a convenient method to unregister your event handler(s), in case you need that functionality.
 *
 * ## Examples
 *
 * ```js
 * addSignalListener(['SIGINT', 'SIGHUP', 'SIGUSR2'], (signal, event) =>
 *   console.log(`Process received a signal! ${signal}`, { event });

## settings.json
{
  // TypeScript configuration
  // Use the project-local typescript version / may be desired, comment out on old TS versions
  "typescript.tsdk": "node_modules/typescript/lib",
  "typescript.preferences.importModuleSpecifier": "relative",

  // Terminal settings
  "terminal.integrated.scrollback": 100000, // Terminal scrollback line limit
  // Set terminal font size to match VS Code font size. See: https://www.NerdFonts.com/
  "terminal.integrated.fontFamily": "'MesloLGS NF', 'Hack Nerd Font', Menlo, Monaco, 'Courier New', monospace",

## Open-Source-Security-Tooling.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              1 star
            
          
        
        
          
              
          
          
            
                justsml
                / Open-Source-Security-Tooling.md
            
            
              Last active
              September 29, 2022 19:26
            
          
        
      
        
    
      View Open-Source-Security-Tooling.md
  
      
    Security Tooling
The following security tools are used by both attackers & defenders. That's how you know it's good.
These tools go far beyond Dependabot, and can provide far richer details than almost any 3rd party scanning services (e.g. Nessus).
Dependency Scanning
	export type User = ReturnType<typeof verifyUser>;

	// ^ Type defined for 'free'
	// + Pro: Less wasted effort aligning types AND validation.
	// + Pro: More 'honest', not obscured by layers, `any` or `as`
	// - Con: Easy to accidentally change a public interface.
	// (Prefer explicit definitions at your library/module boundaries.)
	export function verifyUser(data: { [key: string]: unknown; }) {
	if (!data \|\| typeof data !== 'object')
	throw new Error(`User must be a valid object.`);
	const DEFAULT_LOCALSTACK_EDGE_PORT = 4566;

	/**
	* Get options for use in AWS client constructors.
	*
	* Configure the `AWS_ENDPOINT` environment variable to set an endpoint.
	*
	* ### Example
	*
	* To run tests w/ LocalStack: `AWS_ENDPOINT=http://127.0.0.1:4566 jest`
	/**
	* A Smarter retry wrapper with currying!
	*/
	function retryCurry(fn, retriesLeft = 5) {
	const retryFn = (...args) => fn(...args)
	.catch(err => retriesLeft > 0
	? retryFn(fn, retriesLeft - 1)
	: Promise.reject(err)
	})
	return retryFn
	const checkForRedirect = (response) => {
	// Check for temporary redirect (307), or permanent (308)
	if (response.status === 307 \|\| response.status === 308) {
	const location = response.headers.get('location')
	if (!location) {
	return Promise.reject(new Error('Invalid HTTP Redirect! No Location header.'));
	}
	// You can change the behavior here to any custom logic:
	// e.g. open a "confirm" modal, log the redirect url, etc.
	return fetch(location)
	{
	// See https://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
	// Extension identifier format: ${publisher}.${name}. Example: vscode.csharp

	// List of extensions which should be recommended for users of this workspace.
	"recommendations": [
	"streetsidesoftware.code-spell-checker",
	"kisstkondoros.vscode-codemetrics",
	"ms-azuretools.vscode-docker",
	"dbaeumer.vscode-eslint",
	/**
	* `filteredFlagFactory` supports 3 states of a feature flag:
	* - True,
	* - False,
	* - and restricted by ID(s).
	*
	*/
	export function filteredFlagFactory(
	flagValue: string,
	defaultIdField = 'userId'
	export const batchStream = (size: number) =>
	async function* batchStream<TStreamType>(stream: AsyncIterable<TStreamType>) {
	let buffer: TStreamType[] = [];
	for await (const chunk of stream) {
	buffer.push(chunk);
	if (buffer.length >= size) {
	yield buffer;
	buffer = [];
	}
	}
	/**
	* Handle process signal events easily with `addSignalListener()`.
	*
	* Automatically returns a convenient method to unregister your event handler(s), in case you need that functionality.
	*
	* ## Examples
	*
	* ```js
	* addSignalListener(['SIGINT', 'SIGHUP', 'SIGUSR2'], (signal, event) =>
	* console.log(`Process received a signal! ${signal}`, { event });
	{
	// TypeScript configuration
	// Use the project-local typescript version / may be desired, comment out on old TS versions
	"typescript.tsdk": "node_modules/typescript/lib",
	"typescript.preferences.importModuleSpecifier": "relative",

	// Terminal settings
	"terminal.integrated.scrollback": 100000, // Terminal scrollback line limit
	// Set terminal font size to match VS Code font size. See: https://www.NerdFonts.com/
	"terminal.integrated.fontFamily": "'MesloLGS NF', 'Hack Nerd Font', Menlo, Monaco, 'Courier New', monospace",