tremendous-rewards / tremendous-node Goto Github PK
View Code? Open in Web Editor NEWTremendous API Node client
Home Page: https://developers.tremendous.com
License: MIT License
Tremendous API Node client
Home Page: https://developers.tremendous.com
License: MIT License
Changes to the API specification were found, which suggests a new release for this library is needed.
Please run bin/generate
, review the changes and publish a new release.
cc @tremendous-rewards/platform
Changes to the API specification were found, which suggests a new release for this library is needed.
Please run bin/generate
, review the changes and publish a new release.
cc @tremendous-rewards/platform
Changes to the API specification were found, which suggests a new release for this library is needed.
Please run bin/generate
, review the changes and publish a new release.
cc @tremendous-rewards/platform
After installing tremendous, npm audit
reports some vulnerabilities in the dependencies. They are not fixable with npm audit fix
$ npm audit
# npm audit report
bl <1.2.3
Severity: high
Remote Memory Exposure in bl - https://github.com/advisories/GHSA-pp7h-53gx-mx7r
No fix available
node_modules/bl
request 2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tunnel-agent
node_modules/request
tremendous *
Depends on vulnerable versions of request
node_modules/tremendous
cryptiles <=4.1.1
Severity: critical
Insufficient Entropy in cryptiles - https://github.com/advisories/GHSA-rq8g-5pc5-wrhr
Depends on vulnerable versions of boom
No fix available
node_modules/cryptiles
hawk 0.0.6 - 6.0.2
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
node_modules/hawk
request 2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tunnel-agent
node_modules/request
tremendous *
Depends on vulnerable versions of request
node_modules/tremendous
hoek <4.2.1
Severity: moderate
Prototype Pollution in hoek - https://github.com/advisories/GHSA-jp4x-w63m-7wgm
No fix available
node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/boom
cryptiles <=4.1.1
Depends on vulnerable versions of boom
node_modules/cryptiles
hawk 0.0.6 - 6.0.2
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
node_modules/hawk
request 2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tunnel-agent
node_modules/request
tremendous *
Depends on vulnerable versions of request
node_modules/tremendous
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/sntp
tunnel-agent <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - https://github.com/advisories/GHSA-xc7v-wxcw-j472
No fix available
node_modules/tunnel-agent
request 2.16.0 - 2.83.0 || 2.85.0 - 2.86.0
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tunnel-agent
node_modules/request
tremendous *
Depends on vulnerable versions of request
node_modules/tremendous
9 vulnerabilities (5 moderate, 1 high, 3 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Changes to the API specification were found, which suggests a new release for this library is needed.
Please run bin/generate
, review the changes and publish a new release.
cc @tremendous-rewards/platform
I was unable to get the API to work based on the examples listed in the README file. After looking through the tremendous code I noticed that when constructing the URL in the client function there was no forward slash being inserted before adding the path to the URI specified.
Here is the function, notice that when constructing the URL the path value was just being combined with the URI value and since no forward slash was being inserted, you ended up with an invalid URL of https://testflight.tremendous.com/api/v2orders instead of the correct https://testflight.tremendous.com/api/v2/orders
function client(path, method, options, callback) {
var data = _.merge({}, {
url: this.uri + path,
method: method,
headers: {
"User-agent": "Tremendous Node v2.0.0",
"authorization": "Bearer " + this.accessToken
},
json: true
}, method == "GET" ? {qs: options} : {json: options});
return request(data, handleResponse(callback));
};
As such, I simply added a forward slash to the client var declaration and then everything worked as expected. This change simply updates the example description so that others don't get stuck on their first attempts to test the API.
BEFORE MY FIX:
// Sandbox environment
var client = new Tremendous("[SANDBOX_ACCESS_TOKEN]", "https://testflight.tremendous.com/api/v2");
// Production environment
var client = new Tremendous("[PRODUCTION_ACCESS_TOKEN]", "https://www.tremendous.com/api/v2");
AFTER MY FIX - I Simply added a forward slash at the end of the URI
// Sandbox environment
var client = new Tremendous("[SANDBOX_ACCESS_TOKEN]", "https://testflight.tremendous.com/api/v2/");
// Production environment
var client = new Tremendous("[PRODUCTION_ACCESS_TOKEN]", "https://www.tremendous.com/api/v2/");
The isJsonMime
function isn't found in your API documentation anywhere. However, I'm finding that it is a required field in the Configuration
type. When trying to build a Configuration
object like so:
const tremendousConfiguration: TremendousConfiguration = {
basePath: TremendousEnvironment.production,
accessToken: TREMENDOUS_API_KEY,
};
I am presented with the following Typescript error:
Peering into configuration.d.ts
that comes with the package, I see:
export declare class Configuration {
/**
* parameter for apiKey security
* @param name security name
* @memberof Configuration
*/
apiKey?: string | Promise<string> | ((name: string) => string) | ((name: string) => Promise<string>);
....
constructor(param?: ConfigurationParameters);
/**
* Check if the given MIME is a JSON MIME.
* JSON MIME examples:
* application/json
* application/json; charset=UTF8
* APPLICATION/JSON
* application/vnd.company+json
* @param mime - MIME (Multipurpose Internet Mail Extensions)
* @return True if the given MIME is JSON, false otherwise.
*/
isJsonMime(mime: string): boolean;
}
Wondering if this may have slipped into the OpenAPI spec generation by accident. Or if it is required, could you please add it to your documentation?
Thanks,
Steven Chien
Changes to the API specification were found, which suggests a new release for this library is needed.
Please run bin/generate
, review the changes and publish a new release.
cc @tremendous-rewards/platform
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.