Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@push-rpc/next
Advanced tools
Client/server framework
Remote function. A function that is implemented at the server side and can be called from the client side. Function can either be called synchronously or subscribed to. Subscribed function needs to be "triggered" at the server side to resend the data to the subscribed clients. Sometimes remote function is called "item".
Remote function must return Promise and can accept any number of arguments. Note! Variables number of arguments is not supported (because optional argument is used for context and CallOptions). Remote function can throw an error, which will be propagated to the client.
Services. Services are used to group remote functions. Services object can be instances of classes or plain objects. Services can be nested.
Context. Only lives at the server side. Contains metadata about request and connection. It is passed to all the
middlewares and remote functions as the last parameter. For subscriptions, context is initially created during '
subscribe' invocation and copied to each 'trigger' invocation. Context, created by overriding createContext
, should
contain only JSON data, to allow copying. Context can be modified in middlewares; these modification doesn't have to be
JSON-only.
Middlewares. Middlewares are used to intercept client and server requests. Both calls and subscriptions can be intercepted?. Middlewares can be attached on both client and server side. Middlewares receive context as the last arguments in the invocation. Middleware can modify context.
Throttling. Used to limit number of notifications from the remote functions. With throttling enabled, not all triggers will result in new notifications. Throttling can be used with reducers to aggregate values supplied in triggers.
FAQs
A TypeScript framework for organizing bidirectional typesafe client-server communication. Supports server-initiated data push (subscriptions). Uses HTTP, JSON and, optionally, WebSockets. Main focus is on simplicity and good developer experience.
The npm package @push-rpc/next receives a total of 87 weekly downloads. As such, @push-rpc/next popularity was classified as not popular.
We found that @push-rpc/next demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.