Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@codingame/languageserver-mutualized
Advanced tools
Readme
NPM module to plug multiple language clients on a single language server.
What you need to know:
What it allows you to do:
How it works:
npm install @codingame/languageserver-mutualized
2 functions are exported:
createLanguageClient
which create a LanguageClient
from a language server connectionbindLanguageClient
which bind a client connection on an existing LanguageClient
and return a promise resolved when the client leaves or the server is shutdownThere is an example that demonstrate how the languageserver-mutualized can be used. It uses monaco-editor and monaco-languageclient.
The important file is json-server-launcher.ts
To run it:
npm ci
npm start
It will open a page in your browser with 2 editors to illustrate the 2 use-cases:
After a change, most clients send some requests (SemanticTokens, CodeLens...). If a file is used by multiple clients, every client will send the request and the server will need to answer it multiple times.
To prevent this, a cache can be provided when creating the LanguageClient
The configuration coming from the client cannot be used. However, some language servers requires some configuration to work.
The configuration can be provided using the getConfiguration
LanguageClient option.
It will be called when:
workspace/configuration
request (the scope will be ignored)synchronizeConfigurationSections
option (old deprecated way but still used by many language servers)FAQs
A tool to plug multiple clients over a single language server implementation
We found that @codingame/languageserver-mutualized demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.