Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@ably-labs/graphql-ably-pubsub
Advanced tools
This is an Ably implementation of the PubSubEngine
base-class to enable Subscriptions in Apollo Server. This implementation uses Ably as the message transport for the WebSocket portion of Apollo Subscriptions, allowing you to use the feature without managing and maintaining your own WebSocket Server.
Please consult the Apollo Server documentation for more information on how to use this feature.
In order to run use the AblyPubSub class, you will need an Ably API key. If you are not already signed up, you can sign up now for a free Ably account. Once you have an Ably account:
You need to create a .env
file in the root with a variable defined called ABLY_API_KEY
to store your secret.
You can do this from the command line if you like:
cd api
echo ABLY_API_KEY=YOUR-API-KEY-HERE > .env
npm install --save @ably-labs/graphql-ably-pubsub
You can run a full example by running
npm run start
But the more important parts of the example are shown here
import AblyPubSub from "./index.js";
// The AblyPubSub constructor accepts all the same configuration options as the Ably JS SDK.
// Make sure to keep your API key safe! Here, we're loading it from the environment.
const pubsub = new AblyPubSub({ key: process.env.ABLY_API_KEY });
// ...
// Resolver map
const resolvers = {
Query: {
currentNumber() {
return currentNumber;
},
},
Subscription: {
numberIncremented: {
subscribe: () => pubsub.asyncIterator(["NUMBER_INCREMENTED"]),
},
},
};
// ...
// In the background, increment a number every second and notify subscribers when
// it changes.
let currentNumber = 0;
function incrementNumber() {
currentNumber++;
pubsub.publish("NUMBER_INCREMENTED", { numberIncremented: currentNumber });
setTimeout(incrementNumber, 1000);
}
// Start incrementing
incrementNumber();
Ably makes it simple for developers to build live experiences for millions of people. Our platform provides a highly available, massively scalable, low latency, globally distributed WebSockets infrastructure - at the call of an API.
We provide serverless pub/sub messaging with unique data integrity guarantees, delivered at the edge over WebSockets. Our highly reliable, elastic infrastructure was specifically designed for building high-scale realtime web and mobile applications. We free engineers to focus on building core functionality, rather than having to provision and maintain WebSocket servers and cloud infrastructure.
This example is based on the "Subscriptions in Apollo Server v3" sample.
The text below is lifted directly from the sample, with the AblyPubSub
implementation of the PubSubEngine
replacing the original PubSub
implementation referenced in the official documentation as "not fit for production use".
This example demonstrates a basic subscription operation in Apollo Server. See the docs on subscriptions
The example server exposes one subscription (numberIncremented
) that returns
an integer that's incremented on the server every second.
After you start up this server, you can test out running a subscription with the
Apollo Studio Explorer by following the link from http://localhost:4000/graphql
to the Apollo Sandbox. You may need to edit the Apollo Sandbox connection
settings to select the
graphql-ws
subscriptions implementation.
You'll see the subscription's value update every second.
subscription IncrementingNumber {
numberIncremented
}
npm install
npm run start
FAQs
GraphQL Subscriptions using Ably PubSub
We found that @ably-labs/graphql-ably-pubsub demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.