Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/Jack-Works/async-call-rpc
async-call-rpc
is a JSON RPC server and client written in TypeScript for any ES6+ environment.
CHANGELOG.md | Document of AsyncCall | Document of AsyncGeneratorCall | Playground
Chapters:
channel
channels
(including WebSocket)globalThis
), no requirement on any Web or Node APISymbol.asyncIterator
, (async function* () {}).constructor.prototype
available)Proxy
is the core of this library)async function
).channel
The channel
is the only thing you need to learn to use this library.
This library is designed to not rely on any specific platform. Only require things defined in the ECMAScript specification. In the ES spec, there is no I/O related API so it's impossible to communicate with the outer world.
You need to implement one of the following interfaces:
There are some built-in channel you can simplify the usage.
The following document will assume you have defined your channel
.
// server.ts
export function add(x: number, y: number) {
return x + y
}
export const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms))
// init.ts
import { AsyncCall } from 'async-call-rpc'
import * as server from './server'
// create a server
AsyncCall(server, { channel })
import { AsyncCall } from 'async-call-rpc'
const server = AsyncCall<typeof server>({}, { channel })
server.add(2, 40).then(console.log) // 42
You can notice from the above example,
define a server is using AsyncCall(serverImplementation, opt)
,
define a client is using AsyncCall<typeof serverImplementation>({}, opt)
.
So it is possible to define a server and a client at the same time.
AsyncCall can send Notifications.
Using notifications means results or remote errors will be dropped. Local errors won't be omitted, e.g. serializer error or network error.
import { AsyncCall, notify } from 'async-call-rpc'
const server = notify(AsyncCall<typeof server>({}, { channel }))
server.online().then(console.log) // undefined
AsyncCall can send batch request too.
import { AsyncCall, batch } from 'async-call-rpc'
const [server, emit, drop] = batch(AsyncCall<typeof server>({}, { channel }))
const a = server.req1() // pending
const b = server.req2() // pending
const c = server.req3() // pending
emit() // to send all pending requests
// request a, b, c sent
const d = server.req1() // pending
drop() // to drop all pending requests (and corresponding Promises)
// d rejected
npm i async-call-rpc
yarn add async-call-rpc
You can access https://www.jsdelivr.com/package/npm/async-call-rpc?path=out to get the latest URL and SRI.
(Supports type definition for deno out-of-box!)
import { AsyncCall } from 'https://cdn.jsdelivr.net/npm/async-call-rpc@latest/out/base.mjs'
<script src="https://cdn.jsdelivr.net/npm/async-call-rpc@2.0.1/out/base.js"></script>
<script>
const { AsyncCall } = globalThis.AsyncCall
</script>
Load the out/base.mjs
(ES Module) or out/base.js
(UMD, CommonJS or AMD) to your project.
This library has 2 entry. base
and full
. base
is the default entry point. The full
version includes the AsyncGeneratorCall
but the base version doesn't.
Please check out https://www.jsdelivr.com/package/npm/async-call-rpc?path=out
// Full version
require('async-rpc-call/full') // or
import * as RPC from 'async-rpc-call/full'
// Base version
require('async-rpc-call/base') // or
import * as RPC from 'async-rpc-call/base'
They're not part of the core library but provided as utils to increase usability.
Server | Client | |
---|---|---|
Entry point | async-call-rpc/utils/node/websocket.server.js (Source code) | TBD |
Entry point type | CommonJS | CommonJS |
Dependencies | ws | ws |
Example | ./examples/node.websocket.server.js | TBD |
Server | Client | |
---|---|---|
Entry point | https://cdn.jsdelivr.net/npm/async-call-rpc@latest/utils/deno/websocket.server.ts (Source code) | TBD |
Entry point type | ES Module | ES Module |
Dependencies | Deno std | Deno std |
Example | ./examples/deno.websocket.server.ts | TBD |
Client | |
---|---|
Entry point | https://cdn.jsdelivr.net/npm/async-call-rpc@latest/utils/web/websocket.client.js (Source code) |
Entry point type | ES Module |
Dependencies | Nothing |
Example | ./examples/browser.websocket.client.js |
⚠️ Broadcast Channel is not supported by Safari yet ⚠️
Server & Client | |
---|---|
Entry point | https://cdn.jsdelivr.net/npm/async-call-rpc@latest/utils/web/broadcast.channel.js (Source code) |
Entry point type | ES Module |
Dependencies | Nothing |
Example | TBD |
⚠️ Import a ES Module in a Web Worker is only supported by Chrome yet! ⚠️
Host & Worker | |
---|---|
Entry point | https://cdn.jsdelivr.net/npm/async-call-rpc@latest/utils/web/worker.js (Source code) |
Entry point type | ES Module |
Dependencies | Nothing |
Example | Main frame: ./examples/browser.worker-main.js Worker: ./examples/browser.worker-worker.js |
Main frame: new WorkerChannel(new Worker(...))
Worker: new WorkerChannel()
Server | |
---|---|
Entry point Node | async-call-rpc/utils/node/bson.js (Source code) |
Entry point Browser/Deno | https://cdn.jsdelivr.net/npm/async-call-rpc@latest/utils/web/bson.js (Source code) |
Dependencies | bson |
Server | |
---|---|
Entry point Node | async-call-rpc/utils/node/msgpack.js (Source code) |
Entry point Browser/Deno | https://cdn.jsdelivr.net/npm/async-call-rpc@latest/utils/web/msgpack.js (Source code) |
Dependencies | @msgpack/msgpack |
Example (Node) | ./examples/node.websocket.server.js |
Example (Deno) | ./examples/deno.websocket.server.ts |
Example (Web) | ./examples/browser.websocket.client.js |
AsyncCall has some non-standard extensions to the JSON RPC specification that can help the library easier to use. Those features aren't enabled by default.
These four methods are used to implement AsyncGeneratorCall
support.
interface JSONRPC_Internal_Methods {
// These 4 methods represent the Async Iterator protocol in ECMAScript
// this method starts an async iterator, return the id
'rpc.async-iterator.start'(method: string, params: unknown[]): Promise<string>
// this method executes `next` method on the previous iterator started by `rpc.async-iterator.start`
'rpc.async-iterator.next'(id: string, value: unknown): Promise<IteratorResult<unknown>>
// this method executes `return` method on the previous iterator started by `rpc.async-iterator.start`
'rpc.async-iterator.return'(id: string, value: unknown): Promise<IteratorResult<unknown>>
// this method executes `throw` method on the previous iterator started by `rpc.async-iterator.start`
'rpc.async-iterator.throw'(id: string, value: unknown): Promise<IteratorResult<unknown>>
}
This library can send the client the call stack to the server to make the logger better.
Controlled by option.log.sendLocalStack
. Default to false
.
interface JSONRPC_Request_object {
// This property include the caller's stack.
remoteStack?: string
}
This is a non-standard property appears when using JSONSerialization due to JSON doesn't support undefined
. It's a hint to the client, that the result is undefined
.
This behavior is controlled by the 3rd parameter of JSONSerialization(replacerAndReceiver?, space?, undefinedKeepingBehavior?: false | "keep" | "null" = "null"). Default to "null"
. To turn on this feature to "keep" undefined values, change the 3rd option to "keep".
interface JSONRPC_Response_object {
// This property is a hint.
// If the client is run in JavaScript, it should treat "result: null" as "result: undefined"
undef?: boolean
}
In the JSON RPC specification, this is implementation-defined. This is controlled by the option options.mapError
This library will try to "Recover" the Error object if there is enough information from another side.
interface JSONRPC_Error_object {
// This property will help client to build a better Error object.
data?: {
stack?: string
// Supported value for "type" field (Defined in ECMAScript specification):
type?:
| string
| 'Error'
| 'EvalError'
| 'RangeError'
| 'ReferenceError'
| 'SyntaxError'
| 'TypeError'
| 'URIError'
// Defined in HTML specification, only supported in Web
| 'DOMException'
}
}
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.