Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@qvvg/templar
Advanced tools
use them backticks, because they are a thing now
import {templar} from "@qvvg/templar"
const template = templar`
From: ${o => o.from}
To: ${o => o.to}
Message: ${o => o.msg}
`
const letter = template({
from: "Bob the Builder",
to: "Postman Pat",
msg: "Please pick up your black and white cat.",
})
// prettier-ignore
assert( letter, `
From: Bob the Builder
To: Postman Pat
Message: Please pick up your black and white cat.
`)
import {templar} from "@qvvg/templar"
const template1 = templar`
a: ${o => o.a}
b: ${o => o.b}
`
const template2 = templar`
x: ${o => o.x}
y: ${o => o.y}
`
const template3 = templar`
${template1}
${template2}
oh hello!
${template1}
${template2}
`
const rawr = template3({a: "A", b: "B", x: "X", y: "Y"})
// prettier-ignore
assert(rawr, `
a: A
b: B
x: X
y: Y
oh hello!
a: A
b: B
x: X
y: Y
`)
Role your own graphql libary
// gql.js
import {templar} from "@qvvg/templar"
export const gql = templar
export const gqlr = (...args) => (opts = {}) => {
const params = opts.params || {}
const headers = opts.headers || {}
const endpoint = opts.endpoint || ""
return fetch(endpoint, {
method: "POST",
headers: {
"Content-Type": "application/json",
...headers,
},
body: JSON.stringify({
query: gql(...args)(params),
}),
}).then(d => d.json())
}
// somewhere-else.js
import React, {useEffect, useState} from "react"
import {gqlr, gql} from "./gql"
const USER = gql`
fragment USER on User {
username
}
`
const query = gqlr`
query {
me { ...USER }
}
${USER}
`
export const Username = () => {
const [username, setUsername] = useState(null)
useEffect(() => {
query({
endpoint: "http://...",
headers: {authorization: "bearer ..."},
}).then(response => setUsername(response.data.me.username))
}, [])
return username == null ? null : username
}
Role your own pipeline thing?
const pipe = (fns = []) => token => {
return fns.reduce((token, fn) => fn(token), token)
}
const param = (key, value) => token => {
token.params = token.parms || {}
token.params[key] = value
return token
}
const script = (...args) => token => {
token.type = "script"
token.value = templar(...args)(token.params)
return token
}
const query = (...args) => token => {
token.type = "query"
token.value = templar(...args)(token.parms)
return token
}
const desc = (...args) => token => {
token.description = templar(...args)(token.params)
return token
}
const rawr = pipe([
param("msg", "woot woot im a boot"),
script`
pub fun main() {
log("msg: ${o => o.msg}")
}
`,
desc`
the message: ${o => o.msg}
`,
])
assert(rawr, {
params: {
msg: "woot woot im a boot",
},
type: "script",
code: `
pub fun main() {
log("msg: woot woot im a boot")
}
`,
descrition: `
the message: woot woot im a boot
`,
})
FAQs
tagged template literals
The npm package @qvvg/templar receives a total of 0 weekly downloads. As such, @qvvg/templar popularity was classified as not popular.
We found that @qvvg/templar demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.