Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@matrixai/events
Advanced tools
Events for push-flow abstractions.
AbstractEvent
// For when you just want a regular event without `detail`
// Note that the `detail` type is `undefined`, unlike `CustomEvent`
class Event1 extends AbstractEvent {}
// For when you want a event with `detail`
class Event2 extends AbstractEvent<string> {}
// Allow caller to customise the `detail` type
// Note that the `detail` type is `unknown`
// This would be rare to use, prefer `Event4`
class Event3<T> extends AbstractEvent<T> {}
// Allow caller to customise the `detail` type
class Event4<T extends Event = Event> extends AbstractEvent<T> {}
// When you need to customise the constructor signature
class Event5 extends AbstractEvent<string> {
constructor(options: EventInit & { detail: string }) {
// Make sure you pass `arguments`!
super(Event5.name, options, arguments);
}
}
When redispatching an event, you must call event.clone()
. The same instance cannot be redispatched. When the event is cloned, all constructor parameters are shallow-copied.
Evented
We combine Evented
with AbstractEvent
to gain type-safety and convenience of the wildcard any handler.
class EventCustom extends AbstractEvent {}
interface X extends Evented {}
@Evented()
class X {}
const x = new X();
// Handle specific event, use the `name` property as the key
x.addEventListener(EventCustom.name, (e) => {
console.log(e as EventCustom);
});
// Handle unhandled events
x.addEventListener(EventDefault.name, (e) => {
// This is the wrapped underlying event
console.log((e as EventDefault).detail);
});
// Handle all events
x.addEventListener(EventAll.name, (e) => {
// This is the wrapped underlying event
console.log((e as EventAny).detail);
});
You can use this style to handle relevant events to perform side-effects, as well as propagate upwards irrelevant events.
Note that some side-effects you perform may trigger an infinite loop by causing something to emit the specific event type that you are handling. In these cases you should specialise handling of those events with a once: true
option, so that they are only handled once.
x.addEventListener(EventInfinite.name, (e) => {
console.log(e as EventInfinite);
performActionThatMayTriggerEventInfinite();
}, { once: true });
This will terminate the infinite loop on the first time it gets handled.
Therefore it is a good idea to always be as specific with your event types as possible.
Furthermore any unhandled rejections or uncaught exceptions will be redispatched as EventError
. However if there's no listener registered for this, it will be thrown up as an uncaught exception.
npm install --save @matrixai/events
Run nix-shell
, and once you're inside, you can use:
# install (or reinstall packages from package.json)
npm install
# build the dist
npm run build
# run the repl (this allows you to import from ./src)
npm run ts-node
# run the tests
npm run test
# lint the source code
npm run lint
# automatically fix the source
npm run lintfix
npm run docs
See the docs at: https://matrixai.github.io/js-events/
Publishing is handled automatically by the staging pipeline.
Prerelease:
# npm login
npm version prepatch --preid alpha # premajor/preminor/prepatch
git push --follow-tags
Release:
# npm login
npm version patch # major/minor/patch
git push --follow-tags
Manually:
# npm login
npm version patch # major/minor/patch
npm run build
npm publish --access public
git push
git push --tags
FAQs
Events for push-flow abstractions
The npm package @matrixai/events receives a total of 641 weekly downloads. As such, @matrixai/events popularity was classified as not popular.
We found that @matrixai/events demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.