Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@furystack/inject
Advanced tools
Dependency injection / Inversion of control package for FuryStack
Injectors act as containers, they are responsible for creating / retrieving service instances based on the provided Injectable metadata. You can create an injector with simply instantiating the class
const myInjector = new Injector()
You can organize your injector(s) in trees by creating child injectors. You can use the children and services with scoped lifetime for contextual services.
const childInjector = myInjector.createChild({ owner: 'myCustomContext' })
You can create an injectable service from a plain class when decorating with the @Injectable()
decorator.
@Injectable({
/** Injectable options */
})
export class MySercive {
/** ...service implementation... */
constructor(s1: OtherInjectableService, s2: AnotherInjectableService) {}
}
The constructor parameters (s1: OtherInjectableService
and s2: AnotherInjectableService
) should be also decorated and will be resolved recursively.
You can define a specific Lifetime for Injectable services on the decorator
@Injectable({
lifetime: 'transient',
})
export class MySercive {
/** ...service implementation... */
}
The lifetime can be
Injectables can only depend on services with longer lifetime, e.g. a transient can depend on a singleton, but inversing it will throw an error
You can retrieve a service by calling
const service = myInjector.getInstance(MySercive)
There are cases that you have to set a service instance explicitly. You can do that in the following way
class MyService {
constructor(public readonly foo: string)
}
myInjector.setExplicitInstance(new MyService('bar'))
A simple injector can easily extended from 3rd party packages with extension methods, just like the FuryStack packages. These extension methods usually provides a shortcut of an instance or sets up a preconfigured explicit instance of a service. You can build clean and nice fluent API-s in that way - you can check this logger extension method for the idea
Circular imports: If two of your services are importing each other, one of them will be ignored by CommonJs. Typescript won't complain at compile time, but if you get this:
Uncaught TypeError: SomeService is not a constructor
- you should start reviewing how your injectables depends on each other.
There is also a limitation by design: A service can depend only a service with a higher or equal lifetime then it's lifetime. That means a singleton can not depend on a transient or scoped service - you should get an exception at runtime if you try it.
FAQs
Core FuryStack package
The npm package @furystack/inject receives a total of 179 weekly downloads. As such, @furystack/inject popularity was classified as not popular.
We found that @furystack/inject demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.