Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@antcolag/tools
Advanced tools
userfull es6 mini library
In this library you can find utilities for
I think that the test suite, the dom utilities, and the observable
and reactive
interfaces deserve quick but in depth view
This mini test class is super easy to use but work super well!
you can define your test scenario and if something goes wrong (ie if something is thrown, like an unhandled runtime error), then the test will fail and a fail message will be printed the console. Otherwise it will pass and a passed message in console will be printed.
import Test from "./test.js";
// ASSERT will throw an error if strict equal comparison fails
import { ASSERT } from "./debug.js";
// the function to be tested
const sum = (...arg) => {
// ...
// if something goes wrong
// throw it with no mercy!!
if(!arg.length){
throw new Error("no arguments!");
}
// simply sum the arguments
return arg.reduce((prev, curr) => {
return curr + prev
}, 0)
}
// define your test
const test = new Test("2 + 2 shuld return 4", (N) => {
ASSERT(sum(2, 2), 4)
// test the 1 + 2 + 3 + ... + N serie
var args = []
for(var i = 1; i <= N; i++) {
args.push(i)
}
ASSERT(sum.apply(this, args), N * (N + 1) / 2 )
})
// run it!
test.run(100)
A set of a fiew userfull utilities for building user interfaces
// import the library
import * from dom from "./dom.js";
// you can use your own elements
const myTitle = document.createElement('h2')
// print a dom fragment in the body
document.body.appendChild(dom.html `
<article>
${myTitle}
</article>
`)
// of course you can handle your element after it has been printed
myTitle.innerHTML = 'hello world'
And it work with an emmet-like sintax too!
const myTitle2 = document.createElement('h2')
// print a dom fragment in the body... in emmet dialect!
document.body.appendChild(
dom.emmet `article>${myTitle2}.title>span{hello }`
)
// of course you can still handle your element after
myTitle2.innerHTML += 'emmet!'
It implements the observer pattern in the objects where is injected.
For example:
import observable from "./observe.js"
// take your class
class FireworkClass {
now(...args){
// do some magic stuff
// then...
this.fire('fireworks!', ...args)
this.schedule()
}
// never stop the fireworks <3
schedule() {
setTimeout(
this.now.bind(this),
Math.random() * 500
)
}
}
// and inject the interface
observable.call(FireworkClass.prototype)
The observable.call(FireworkClass.prototype)
will add the function for handle events
fire will dispatch the event
// ...
// create instance
let firework = new FireworkClass()
// add an event handler for both the events
firework.on('fireworks!', (...args) => {
console.log('this fireworks are beautiful', ...args)
})
// ...
// let's do the fireworks now!
firework.now( /* [...args] */ )
Sincronize variation between different objects
import reactive from "./reactive.js"
// define MyReactiveClass
class MyReactiveClass {
constructor() {
// make magicProperty bindable
this.bindable("magicProperty")
}
}
// add reactive inteface to MyReactiveClass's prototype
reactive.call(MyReactiveClass.prototype)
After you have injected the interface, the instances can have some bindable properties
// create instance
let myReactiveInstance = new MyReactiveClass()
let myObj = {} // given an object
// you can bind the
// magicProperty of myReactiveInstance
// to myObj's magicProperty
myReactiveInstance.bind('magicProperty', myObj)
myReactiveInstance.magicProperty = 'hello reactive!'
// will print 'hello reactive!'
console.log(myObj.magicProperty)
This can be userfull when building user interfaces because...
// you can of course bind a reactive object
// with different properties another object
let element = document.querySelector('#my-element')
if(element) {
myReactiveInstance.bind(
'magicProperty',
element,
'innerHTML'
)
// the html content of #my-element
// will be updated when the magicProperty change
}
myReactiveInstance.magicProperty = 'hello again!'
sometimes can be userfull also to bind a method of an object to a bindable reactive's property
// and you can surely use it with functions
myReactiveInstance.bind(
'magicProperty',
console.log.bind(console)
)
// now we will also print the magicProperty value
// in console when the magicProperty change
myReactiveInstance.magicProperty = 'woooow!!'
FAQs
npm wrapper for tools
The npm package @antcolag/tools receives a total of 16 weekly downloads. As such, @antcolag/tools popularity was classified as not popular.
We found that @antcolag/tools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.