Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@pager/minion
Advanced tools
Minion — Microservice Framework for RabbitMQ Workers
install minion
:
npm install --save @pager/minion
Create an index.js and export a function like this:
module.exports = (message) => {
return 'Hello World'
}
Ensure that the main
property inside package.json
points to your microservice (which is inside index.js
in this example case) and add a start
script:
{
"main": "index.js",
"scripts": {
"start": "minion"
}
}
Instead of pointing to a single file on the package.json main
property, set it to a directory, and create a file for each service you want:
{
"main": "lib",
"scripts": {
"start": "minion"
}
}
Once the project is done, start the worker:
npm start
Optionally you can configure a default exchange name or exchange type when launching
minion, if not set the exchange name will be the same of the service, and the type of
the exchange will be topic
Exchange Type
{
"main": "lib",
"scripts": {
"start": "minion -t fanout"
}
}
Exchange Name
{
"main": "lib",
"scripts": {
"start": "minion -x myExchange"
}
}
Minion provides a debug mode to test services via node repl
{
"main": "myService.js",
"scripts": {
"debug": "minion -i"
}
}
npm run debug
This will launch an interactive console where you can debug existing services or use minion itself
▶ npm run debug
> Ready to process myService
> services.myService.publish({ test: 'message'})
Within the console you have acces to services
thats a list of existing services, each service have
a publish method that you can use to test the service, you can also access minion itself to test new services
> const hello = (message) => { console.log(`Hello ${message}`) }
> const service = minion(hello)
> service.publish('World')
> Processing "World" routed with key hello
Hello World
You can change default worker configuration by adding a setting property as an object with configuration values like this:
const handler = (message) => {
return 'Hello World'
}
handler.settings = {
key: 'message.example.key',
name: 'message.queue'
}
module.exports = handler
Check below for supported options and default values.
name
- Queue name. Defaults to handler function or file nameexchangeType
- Defaults to 'topic'exchangeName
- Defautls to the name of the handler function.key
- Key to bind the queue to. Defaults to service file name or queue name.exclusive
- Defaults to false.durable
- Defaults to true.autoDelete
- Defaults to false.deadLetterExchange
- By default all queues are created with a dead letter exchange. The name defaults to the name of the exchange following the .dead
suffix. If you want to disable the dead letter exchange , set it as false
.logger
- Defaults to Bunyan logger, but can receive a custom logger.rabbitUrl
- (Optional) RabbitMQ connection URL string. Defaults to 'amqp://localhost'.rabbit
- (Optional) Jackrabbit connection instance, in case you want to build your own. Make sure to use this if you want the connection to be shared amongst several minions.You can create Minion services programmatically by requiring it directly, and passing a handler as the first argument and options as the second argument:
const minion = require('@pager/minion')
minion((message) => {
return 'Hello World'
}, {
key: 'my.routing.key'
})
With async / await support
const minion = require('@pager/minion')
minion(async (message) => {
return await request('https://foo.bar.zz')
})
You can create a Minion publisher programmatically by requiring it directly, and passing options as the first argument and an optional properties object:
const minion = require('@pager/minion')
const publish = minion()
publish({ hello: 'world' }, 'a.routing.key')
const minion = require('@pager/minion')
const publish = minion()
// adding an object with a property to give to the message a time-to-live of 60 seconds.
publish({ hello: 'world' }, 'a.routing.key', { expiration: 60000 })
You can also test your services by publishing directly to them
const minion = require('@pager/minion')
const service = minion((message) => {
return 'Hello World'
}, {
key: 'my.routing.key'
})
service.publish({ hola: 'mundo' })
We recommend using minion-joi or writing your own validation following that as an example.
The RabbitMQ connection URL is read from a RABBIT_URL
env var, if not present it will default to: amqp://localhost
If the handler throws an error the message will be nacked and not requeued ({ requeue: false }
), if you want to requeue on failure
minion provider a custom error to do so
Your service:
const minion = require('@pager/minion')
const Requeue = minion.Requeue
const handler = async (message) => {
throw new Requeue('My message')
}
Also errors will be logged to stderr
when thrown
When calling Minion programatically you receive an instance of a function you can use to inject messages directly. Assuming you're using ava for testing (as we do), you can test like this:
Your service:
const handler = (message) => {
return true
}
Your test:
test('acks message with true', async t => {
const service = minion(handler)
const message = {hello: 'world'}
const res = await service.handle(message)
t.true(res)
})
FAQs
Microservice Framework for RabbitMQ Workers
We found that @pager/minion demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.