
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@design-pattern/pattern
Advanced tools
****
抽象和梳理编码过程中使用的设计模式,持续增加中..
npm i @design-pattern/patter --save
import { StateMachine, t } from '@design-pattern/patter/state'
enum State {
idle = 1 << 0,
start = 1 << 1,
stop = 1 << 2,
}
enum Event {
start = 1 << 0,
stop = 1 << 1,
}
interface Callback {
[Event.start]: () => void
[Event.stop]: () => void
}
const stateMachine = new StateMachine<State, Event, Callback>(
State.start,
[
t(State.idle, Event.start, State.start, () => {}),
t(State.start, Event.stop, State.stop, () => {})
]
)
void stateMachine.dispatch(Event.start)
封装、抽象、继承、多态
泛化(Generalization)表示B继承A
classDiagram
direction RL
classA <|-- classB
实现(Realization)表示B实现A的相关接口
classDiagram
direction RL
class classA
<<interface>> classA
classA <|.. classB
组合(Composition)强依赖,生命周期相同,表示 A 由 B 组成
classDiagram
direction RL
classA *-- classB
聚合(Aggregation)弱依赖,生成周期不同,表示 A 由 B 组成
classDiagram
direction RL
classA o-- classB
关联(Association)一般A成员变量包含B,方向代表 A知道B,但是B不知道A
classDiagram
direction RL
classA --> classB
依赖(Dependency) A 依赖 B,一般 A 中方法接收 B
classDiagram
direction RL
classA ..> classB
UML 图进行实现看修改代码会不会牵一发而动全身。除此之外,还有一个直接的衡量标准,也是我在阅读源码的时候经常会用到的,那就是把模块与模块之间、类与类之间的依赖关系画出来,根据依赖关系图的复杂性来判断是否需要解耦重构。
FAQs
combing and summarizing the design pattern
The npm package @design-pattern/pattern receives a total of 2 weekly downloads. As such, @design-pattern/pattern popularity was classified as not popular.
We found that @design-pattern/pattern demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.