Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rezdy/dependency-injection
Advanced tools
import DIContainer, { object, get, factory, IDIContainer } from "@rezdy/dependency-injection";
const config = {
"ENV": "PRODUCTION", // define raw value
"AuthStorage": object(AuthStorage).construct(
get("Storage") // refer to another dependency
),
"Storage": object(CookieStorage), // constructor without arguments
"BrowserHistory": factory(configureHistory), // factory (will be called only once)
};
const container = new DIContainer();
container.addDefinitions(config);
function configureHistory(container: IDIContainer): History {
const history = createBrowserHistory();
const env = container.get("ENV");
if (env === "production") {
// do what you need
}
return history;
}
// in your code
const env = container.get<string>("ENV"); // PRODUCTION
const authStorage = container.get<AuthStorage>("AuthStorage"); // object of AuthStorage
const history = container.get<History>("BrowserHistory"); // History singleton will be returned
All definitions are resolved once and their result is kept during the life of the container.
Popular solutions like inversify
or tsyringe
use reflect-metadata
that allows to fetch argument types and based on
those types and do autowiring. Autowiring is a nice feature but the trade-off is decorators.
Disadvantages of other solutions
@injectable()
class Foo {
}
Why component Foo should know that it's injectable?
More details thoughts in my blog article
import DIContainer from "@rezdy/dependency-injection";
const container = new DIContainer();
container.addDefinitions({
"ENV": "PRODUCTION",
"AuthStorage": new AuthStorage(),
"BrowserHistory": createBrowserHistory(),
});
const env = container.get<string>("ENV"); // PRODUCTION
const authStorage = container.get<AuthStorage>("AuthStorage"); // instance of AuthStorage
const authStorage = container.get<History>("BrowserHistory"); // instance of AuthStorage
When you specify raw values (i.e. don't use object
, factory
definitions) @rezdy/dependency-injection
will resolve as it is.
import DIContainer, { object, get } from "@rezdy/dependency-injection";
const container = new DIContainer();
container.addDefinitions({
"Storage": object(CookieStorage), // constructor without arguments
"AuthStorage": object(AuthStorage).construct(
get("Storage") // refers to existing dependency
),
"UsersController": object(UserController),
"PostsController": object(PostsController),
"ControllerContainer": object(ControllerContainer)
.method('addController', get("UsersController"))
.method('addController', get("PostsController"))
});
object(ClassName)
- the simplest scenario that will call new ClassName()
. When you need to pass arguments to the
constructor, you can use constructor
method. You can refer to the existing definitions via get
helper.
If you need to call object method after initialization you can use method
it will be called after constructor. You also
can refer to the existing definitions via get
method.
You can use factory definition when you need more flexibility during initialisation. container: IDIContainer
will be
pass as an argument to the factory method.
import DIContainer, { factory, IDIContainer } from "@rezdy/dependency-injection";
const container = new DIContainer();
container.addDefinitions({
"BrowserHistory": factory(configureHistory),
});
function configureHistory(container: IDIContainer): History {
const history = createBrowserHistory();
const env = container.get("ENV");
if (env === "production") {
// do what you need
}
return history;
}
const history = container.get<History>("BrowserHistory");
FAQs
dependency injection container
We found that @rezdy/dependency-injection demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.