Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@bnaya/objectbuffer
Advanced tools
For Modern browsers and node.
Save, read and update plain javascript objects into ArrayBuffer
(And not only TypedArrays), using regular javascript object api, without serialization/deserialization, or pre-defined schema.
In other words, It's an implementation of javascript objects in user-land.
That's enables us to transfer
or share objects in-memory with WebWorker
without additional memory or serialization
While the library is not 1.0
, it is usable.
A core part of the library is an allocator, that allocates & free memory on the ArrayBuffer
for us!
The allocator in use is @thi.ng/malloc, part of the amazing thi.ng/umbrella project
Using this library, and workers in general, will not necessarily make you code faster.
First be sure where are your bottlenecks and if you don't have a better and more simple workaround.
I personally also really like what's going on around the main thread scheduling proposal and react userland scheduler that powers concurrent react
import { createObjectBuffer, getUnderlyingArrayBuffer } from "@bnaya/objectbuffer";
const initialValue = {
foo: { bar: new Date(), arr: [1], nesting:{ WorksTM: true } }
};
// ArrayBuffer is created under the hood
const myObject = createObjectBuffer(
{},
// size in bytes
1024,
initialValue
);
const arrayBuffer = getUnderlyingArrayBuffer(myObject);
myObject.additionalProp = "new Value";
myObject.arr.push(2);
See also main.js for shared memory example.
to run it: clone the repo, yarn install
and yarn browser-playground
Exchanging plain objects with WebWorkers
is done by serializing and copying the data to the other side.
for some use-cases, it's slow and memory expensive.
ArrayBuffer
can be transferred
without a copy, and SharedArrayBuffer
can be directly shared, but out of the box, it's hard to use ArrayBuffer
as more than a TypedArray.
For many cases FlatBuffers is the right tool!
FlatBuffers requires full re-serialization when changing values. inside. The api is also more different than javascript objects.
I'm working on it mostly from personal interest, and i'm not using it for any project yet.
Before putting any eggs in the basket, please go over the implementation details document
foo.bar2 = foo.bar
will not create a copy, but a reference)disposeWrapperObject
or to have WeakRef supportfoo.bar === foo.bar
will be true)ArrayBuffer
. When exceed that size, exception will be thrown. (Can be extended later with a utility function, but not automatically)bigint
bigger than 64 bitJSON.stringify
Symbol
There's a huge place for optimizations, code hygiene, and features!
Feel free to open issues and maybe implementing missing parts.
The code is Written in TypeScript 🦾, but the semantics are more like C
🥵
Have a look on the issues and see if you find something interesting
FAQs
Object-like api, backed by an array buffer
The npm package @bnaya/objectbuffer receives a total of 17 weekly downloads. As such, @bnaya/objectbuffer popularity was classified as not popular.
We found that @bnaya/objectbuffer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.