Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@bufbuild/connect
Advanced tools
Connect is a family of libraries for building type-safe APIs with different languages and platforms.
@bufbuild/connect brings them to TypeScript,
the web browser, and to Node.js.
With Connect, you define your schema first:
service ElizaService {
rpc Say(SayRequest) returns (SayResponse) {}
}
And with the magic of code generation, this schema produces servers and clients:
const answer = await eliza.say({sentence: "I feel happy."});
console.log(answer);
// {sentence: 'When you feel happy, what do you do?'}
Unlike REST, the RPCs you use with Connect are typesafe end to end, but they are
regular HTTP under the hood. You can see all requests in the network inspector,
and you can curl
them if you want:
curl \
--header 'Content-Type: application/json' \
--data '{"sentence": "I feel happy."}' \
https://demo.connect.build/buf.connect.demo.eliza.v1.ElizaService/Say
With Connect for ECMAScript, you can spin up a service in Node.js and call it from the web, the terminal, or native mobile clients. Under the hood, it uses Protocol Buffers for the schema, and implements RPC (remote procedure calls) with three protocols: The widely available gRPC and gRPC-web, and Connect's own protocol, optimized for the web. This gives you unparalleled interoperability with full-stack type-safety.
Follow our 10 minute tutorial where we use Vite and React to create a web interface for ELIZA.
React, Svelte, Vue, Next.js and Angular are supported (see examples), and we have an expansion pack for TanStack Query. We support all modern web browsers that implement the widely available fetch API and the Encoding API.
Follow our 10 minute tutorial to spin up a service in Node.js, and call it from the web, and from a gRPC client in your terminal.
You can use vanilla Node.js, or our server plugins for Fastify
or Express. We support the builtin http
, and http2
modules on Node.js v16 and later.
FAQs
Type-safe APIs with Protobuf and TypeScript.
The npm package @bufbuild/connect receives a total of 21,811 weekly downloads. As such, @bufbuild/connect popularity was classified as popular.
We found that @bufbuild/connect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.