Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@conveyal/woonerf
Advanced tools
React/Redux bootstrapping and common libs for Conveyal.
Modern JavaScript applications take a lot of bootstrapping. This library helps with some common libs to include and use on the client to help.
"Woonerf" is a Dutch word for a small neighborhood street where vehicles must move very slowly. The kind of road you can imagine allowing kids to play in. Although it's fun to pronounce it as "woo nerf", the break is after the n (woon == living, erf == yard). A good transliteration for an American English speaker would be "Vone Airf".
Let's create a Redux application:
const mount = require('@conveyal/woonerf/mount')
const Application = require('./containers/application')
const reducers = require('./reducers')
mount({
app: Application,
id: 'root',
reducers
})
This will create a redux store with the fetch
, history
, logger
, multi
, and promise
middleware applied, wrap your application with a redux provider, initialize the browser history, and mount your component to #id
.
Create a simple login component with custom Auth0-lock options.
import Auth0 from '@conveyal/woonerf/components/auth0-lock'
export default function Login () {
const lockOptions = {}
return (
<Auth0
lockOptions={lockOptions}
/>
)
}
Refresh a user. To be used within a redux connected component. Will send update actions to a redux store based on response from Auth0.
import {refreshUser} from '@conveyal/woonerf/auth0'
...
function mapDispatchToProps (dispatch) {
return {
refreshUserToken: () => refreshUser(dispatch)
}
}
...
fetch({url, options, next, retry})
Create a fetch action to be dispatched by the store. Key features:
JSON.stringify
bodies that are objects and automatically JSON.parse
responses that are application/json
.next
is a function that's result will be dispatched by the store. It can be an async
function.retry
is a function that receives the response and needs to resolve to a Boolean. It can be an async
function.const fetch = require('@conveyal/woonerf/fetch')
store.dispatch(fetch({
url: 'http://conveyal.com',
options: {
method: 'post',
body: {hello: 'world'}
},
retry: async (response) => {
if (response.status !== 200) {
await timeout(2000)
return true
} else {
return false
}
},
next: async (error, response) => {
return actionBasedOn(response)
}
}))
fetchMultiple({fetches, next})
Allows you to dispatch a single action that will call next with all of the responses.
const {fetchMultiple} = require('@conveyal/woonerf/fetch')
store.dispatch(fetchMultiple({
fetches: [{
url: 'http://conveyal.com',
options: {
body: {hello: 'world'}
}
}],
next: async (error, responses) => {
return actionBasedOn(response)
}
}))
html({title})
mount({app, id, reducers})
With yarn installed, run
$ yarn add @conveyal/woonerf
MIT
FAQs
React/Redux bootstrapping and common libs for Conveyal
The npm package @conveyal/woonerf receives a total of 47 weekly downloads. As such, @conveyal/woonerf popularity was classified as not popular.
We found that @conveyal/woonerf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.