Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@ably/zeromq
Advanced tools
ØMQ bindings for Node.js. The goals of this library are:
async
/await
and async iterators.Install ZeroMQ.js with prebuilt binaries:
npm install zeromq@6.0.0-beta.17
Requirements for using prebuilt binaries:
The following platforms have a prebuilt binary available:
If a prebuilt binary is not available for your platform, installing will attempt to start a build from source.
If a prebuilt binary is unavailable or if you want to pass certain options during build, you can build this package from source.
Make sure you have the following installed before attempting to build from source:
To install from source:
npm install zeromq@6.0.0-beta.17 --build-from-source
If you want to link against a shared ZeroMQ library, you can build skip downloading libzmq
and link with the
installed library instead as follows:
npm install zeromq@6.0.0-beta.17 --zmq-shared
If you wish to use any DRAFT sockets then it is also necessary to compile the library from source:
npm install zeromq@6.0.0-beta.17 --zmq-draft
Note: These examples assume the reader is familiar with ZeroMQ. If you are new to ZeroMQ, please start with the ZeroMQ documentation.
More examples can be found in the examples directory.
This example demonstrates how a producer pushes information onto a socket and how a worker pulls information from the socket.
producer.js
Creates a producer to push information onto a socket.
const zmq = require("zeromq")
async function run() {
const sock = new zmq.Push
await sock.bind("tcp://127.0.0.1:3000")
console.log("Producer bound to port 3000")
while (true) {
await sock.send("some work")
await new Promise(resolve => { setTimeout(resolve, 500) })
}
}
run()
worker.js
Creates a worker to pull information from the socket.
const zmq = require("zeromq")
async function run() {
const sock = new zmq.Pull
sock.connect("tcp://127.0.0.1:3000")
console.log("Worker connected to port 3000")
for await (const [msg] of sock) {
console.log("work: %s", msg.toString())
}
}
run()
This example demonstrates using zeromq
in a classic Pub/Sub,
Publisher/Subscriber, application.
publisher.js
Create the publisher which sends messages.
const zmq = require("zeromq")
async function run() {
const sock = new zmq.Publisher
await sock.bind("tcp://127.0.0.1:3000")
console.log("Publisher bound to port 3000")
while (true) {
console.log("sending a multipart message envelope")
await sock.send(["kitty cats", "meow!"])
await new Promise(resolve => { setTimeout(resolve, 500) })
}
}
run()
subscriber.js
Create a subscriber to connect to a publisher's port to receive messages.
const zmq = require("zeromq")
async function run() {
const sock = new zmq.Subscriber
sock.connect("tcp://127.0.0.1:3000")
sock.subscribe("kitty cats")
console.log("Subscriber connected to port 3000")
for await (const [topic, msg] of sock) {
console.log("received a message related to:", topic, "containing message:", msg)
}
}
run()
This example illustrates a request from a client and a reply from a server.
client.js
const zmq = require("zeromq")
async function run() {
const sock = new zmq.Request
sock.connect("tcp://127.0.0.1:3000")
console.log("Producer bound to port 3000")
await sock.send("4")
const [result] = await sock.receive()
console.log(result)
}
run()
server.js
const zmq = require("zeromq")
async function run() {
const sock = new zmq.Reply
await sock.bind("tcp://127.0.0.1:3000")
for await (const [msg] of sock) {
await sock.send(2 * parseInt(msg, 10))
}
}
run()
This library provides typings for TypeScript version 3.0.x and later.
Requirements
compilerOptions.target
to esnext
or later (e.g. es2018
)compilerOptions.lib
(and include their corresponding polyfills if needed):
es2015
, ESNext.AsyncIterable
Example Usage
import { Request } from "zeromq"
// or as namespace
import * as zmq from "zeromq"
const reqSock = new Request()
//...
const repSock = new zmq.Reply()
More advanced examples can be found in the examples directory of this repository.
Or you can browse the API reference documentation to see all socket types, methods & options as well as more detailed information about how to apply them.
The next generation version of the library features a compatibility layer for ZeroMQ.js versions 4 and 5. This is recommended for users upgrading from previous versions.
Example:
const zmq = require("zeromq/v5-compat")
const pub = zmq.socket("pub")
const sub = zmq.socket("sub")
pub.bind("tcp://*:3456", err => {
if (err) throw err
sub.connect("tcp://127.0.0.1:3456")
pub.send("message")
sub.on("message", msg => {
// Handle received message...
})
})
If you are interested in making contributions to this project, please read the following sections.
In order to develop and test the library, you'll need the tools required to build from source (see above).
Additionally, having clang-format is strongly recommended.
Socket and context options can be set at runtime, even if they are not implemented by this library. By design, this requires no recompilation if the built version of ZeroMQ has support for them. This allows library users to test and use options that have been introduced in recent versions of ZeroMQ without having to modify this library. Of course we'd love to include support for new options in an idiomatic way.
Options can be set as follows:
const {Dealer} = require("zeromq")
/* This defines an accessor named 'sendHighWaterMark', which corresponds to
the constant ZMQ_SNDHWM, which is defined as '23' in zmq.h. The option takes
integers. The accessor name has been converted to idiomatic JavaScript.
Of course, this particular option already exists in this library. */
class MyDealer extends Dealer {
get sendHighWaterMark(): number {
return this.getInt32Option(23)
}
set sendHighWaterMark(value: number) {
this.setInt32Option(23, value)
}
}
const sock = new MyDealer({sendHighWaterMark: 456})
When submitting pull requests for new socket/context options, please consider the following:
camelCase
naming conventions.The test suite can be run with:
npm install
npm run build
npm run test
The test suite will validate and fix the coding style, run all unit tests and verify the validity of the included TypeScript type definitions.
Some tests are not enabled by default:
INCLUDE_COMPAT_TESTS=1 npm run test
To publish a new version, run:
npm version <new version>
git push && git push --tags
Wait for continuous integration to finish. Prebuilds will be generated for all supported platforms and attached to a Github release. Documentation is automatically generated and committed to gh-pages
. Finally, a new NPM package version will be automatically released.
Version 6+ is a complete rewrite of previous versions of ZeroMQ.js in order to be more reliable, correct, and usable in
modern JavaScript & TypeScript code as first outlined in this issue.
Previous versions of ZeroMQ.js were based on zmq
and a fork that included prebuilt binaries.
See detailed changes in the CHANGELOG.
FAQs
Next-generation ZeroMQ bindings for Node.js (ably fork)
The npm package @ably/zeromq receives a total of 41 weekly downloads. As such, @ably/zeromq popularity was classified as not popular.
We found that @ably/zeromq demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.