Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/Cililing/container
An IoC container for Go projects. It provides simple, fluent and easy-to-use interface to make dependency injection in GoLang easier.
It requires Go v1.11
or newer versions.
To install this package run the following command in the root of your project
go get github.com/golobby/container
GoLobby Container like any other IoC container is used to bind abstractions to their implementations. Binding is a process of introducing an IoC container that which concrete (implementation) is appropriate for each abstraction. In this process, you also determine how it must be resolved, singleton or transient. In singleton binding, the container provides an instance once and returns it for each request. In transient binding, the container always returns a brand new instance for each request. After the binding process, you can ask the IoC container to get the appropriate implementation of the abstraction your code depends on. In this case, your code depends on abstractions, not implementations.
Singleton binding using Container:
container.Singleton(func() Abstraction {
return Implementation
})
It takes a resolver function which its return type is the abstraction and the function body configures the related concrete (implementation) and returns it.
Example for a singleton binding:
container.Singleton(func() Database {
return &MySQL{}
})
Transient binding is also similar to singleton binding, see the snippet below.
container.Transient(func() Abstraction {
return Implementation
})
Example for a transient binding:
container.Transient(func() Shape {
return &Rectangle{}
})
Container resolves the dependencies with the method make()
.
One way to get the appropriate implementation you need is to declare an instance of the abstraction type and pass its reference to Container this way:
var a Abstraction
container.Make(&a)
// a will be the implementation of Abstraction
Example:
var m Mailer
container.Make(&m)
m.Send("info@miladrahimi.com", "Hello Milad!")
Another way to resolve the dependencies is by using a function (receiver) that its arguments are the abstractions you need. Container will invoke the function and pass the related implementations for each abstraction.
container.Make(func(a Abstraction) {
// a will be the implementation of Abstraction
})
Example:
container.Make(func(db Database) {
// db will be an instance of MySQL
db.Query("...")
})
You can also resolve multiple abstractions this way:
container.Make(func(db Database, s Shape) {
db.Query("...")
s.Area()
})
You can also resolve a dependency at the binding time in your resolver function like the following example.
// Bind Config to JsonConfig
container.Singleton(func() Config {
return &JsonConfig{...}
})
// Bind Database to MySQL
container.Singleton(func(c Config) Database {
// c will be an instance of JsonConfig
return &MySQL{
Username: c.Get("DB_USERNAME"),
Password: c.Get("DB_PASSWORD"),
}
})
Notice: You can only resolve the dependencies in a binding resolver function that has already bound.
The package Container inevitably uses reflection in binding and resolving processes. If performance is a concern, you should use this package more carefully. Try to bind and resolve the dependencies out of the processes that are going to run many times (for example, on each request), put it where that run only once when you run your applications like main and init functions.
GoLobby Container is released under the MIT License.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.