Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@absinthe/socket
Advanced tools
Absinthe Socket
All received and returned objects with the exception of AbsintheSocket instances (there are plans to make this immutable too) are treated in an immutable way. Objects have no methods and instead we provide independant stateless functions to interact with them.
If provided phoenix socket instance is not connected, then instead of connecting at creation time, connection will be established on the next invocation of send.
Pending mutations will be aborted, queries will be resent, and subscriptions reestablished.
Calling cancel removes given notifier from absintheSocket instance and sends a Cancel event to all its observers and unsubscribes in case it holds a subscription request.
If an already sent request is given to send, then instead of sending it again, the notifier associated with it will be returned.
Since connection lost is handled, then two events needs to exist to represent this fact: Error (recoverable), Abort (unrecoverable).
Calling send returns a notifier which allows attaching any number of observers that will be notified when result arrives.
For the case of subscriptions, Start event is dispatched when the subscription is established, while for the other types (queries and mutations), when the request is sent.
$ npm install --save phoenix @absinthe/socket
$ yarn add phoenix @absinthe/socket
type RequestStatus = "canceled" | "canceling" | "pending" | "sent" | "sending";
// from @jumpn/utils-graphql
type GqlRequest<Variables: void | Object = void> = {
operation: string,
variables?: Variables
};
// from @jumpn/utils-graphql
type GqlResponse<Data> = {
data?: Data,
errors?: Array<GqlError>
};
// from @jumpn/utils-graphql
type GqlOperationType = "mutation" | "query" | "subscription";
type Observer<Result, Variables: void | Object = void> = {|
onAbort?: (error: Error) => any,
onCancel?: () => any,
onError?: (error: Error) => any,
onStart?: (notifier: Notifier<Result, Variables>) => any,
onResult?: (result: Result) => any
|};
type Notifier<Result, Variables: void | Object = void> = {|
activeObservers: $ReadOnlyArray<Observer<Result, Variables>>,
canceledObservers: $ReadOnlyArray<Observer<Result, Variables>>,
isActive: boolean,
operationType: GqlOperationType,
request: GqlRequest<Variables>,
requestStatus: RequestStatus,
subscriptionId?: string
|};
type AbsintheSocket = {|
channel: Channel,
channelJoinCreated: boolean,
notifiers: Array<Notifier<any>>,
phoenixSocket: PhoenixSocket
|};
Cancels a notifier sending a Cancel event to all its observers and unsubscribing in case it holds a subscription request
absintheSocket
AbsintheSocketnotifier
Notifier<any, any>import * as withAbsintheSocket from "@absinthe/socket";
withAbsintheSocket.cancel(absintheSocket, notifier);
Returns AbsintheSocket
Creates an Absinthe Socket using the given Phoenix Socket instance
phoenixSocket
PhoenixSocketimport * as withAbsintheSocket from "@absinthe/socket";
import {Socket as PhoenixSocket} from "phoenix";
const absintheSocket = withAbsintheSocket.create(
new PhoenixSocket("ws://localhost:4000/socket")
);
Returns AbsintheSocket
Observes given notifier using the provided observer
absintheSocket
AbsintheSocketnotifier
Notifier<Result, Variables>observer
Observer<Result, Variables>import * as withAbsintheSocket from "@absinthe/socket"
const logEvent = eventName => (...args) => console.log(eventName, ...args);
const updatedNotifier = withAbsintheSocket.observe(absintheSocket, notifier, {
onAbort: logEvent("abort"),
onError: logEvent("error"),
onStart: logEvent("open"),
onResult: logEvent("result")
});
Sends given request and returns an object (notifier) to track its progress (see observe function)
absintheSocket
AbsintheSocketrequest
GqlRequest<Variables>import * as withAbsintheSocket from "@absinthe/socket";
const operation = `
subscription userSubscription($userId: ID!) {
user(userId: $userId) {
id
name
}
}
`;
// This example uses a subscription, but the functionallity is the same for
// all operation types (queries, mutations and subscriptions)
const notifier = withAbsintheSocket.send(absintheSocket, {
operation,
variables: {userId: 10}
});
Returns Notifier<Result, Variables>
Creates an Observable that will follow the given notifier
absintheSocket
AbsintheSocketnotifier
Notifier<Result, Variables>options
Object? (optional, default {}
)
import * as withAbsintheSocket from "@absinthe/socket";
const unobserveOrCancelIfNeeded = (absintheSocket, notifier, observer) => {
if (notifier && observer) {
withAbsintheSocket.unobserveOrCancel(absintheSocket, notifier, observer);
}
};
const logEvent = eventName => (...args) => console.log(eventName, ...args);
const observable = withAbsintheSocket.toObservable(absintheSocket, notifier, {
onError: logEvent("error"),
onStart: logEvent("open"),
unsubscribe: unobserveOrCancelIfNeeded
});
Returns Observable
Detaches observer from notifier
absintheSocket
AbsintheSocketnotifier
Notifier<any, any>observer
Observer<any, any>import * as withAbsintheSocket from "@absinthe/socket";
withAbsintheSocket.unobserve(absintheSocket, notifier, observer);
Returns AbsintheSocket
Cancels notifier if there are no more observers apart from the one given, or detaches given observer from notifier otherwise
absintheSocket
AbsintheSocketnotifier
Notifier<Result, Variables>observer
Observer<Result, Variables>import * as withAbsintheSocket from "@absinthe/socket";
withAbsintheSocket.unobserve(absintheSocket, notifier, observer);
MIT :copyright: Jumpn Limited.
FAQs
Absinthe Socket
The npm package @absinthe/socket receives a total of 17,251 weekly downloads. As such, @absinthe/socket popularity was classified as popular.
We found that @absinthe/socket demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.