Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@rmlio/matey
Advanced tools
A browser-based editor meant for writing YARRRML rules. The corresponding RML rules can be exported for use outside of Matey. Additionally, the rules can be executed on a sample of the data, which allows users to inspect the generated Linked Data.
npm i @rmlio/matey
To generate Linked Data triples, Matey does its RML mapping through a remote server. For this, Matey requires you to provide an RMLMapper endpoint. You can either provide the URL of an existing server, or set one up yourself by following the instructions here. Make sure that you provide the correct URL for the endpoint during configuration.
Put a div element with a certain id where you want your Matey editor to be:
<div id="matey-id"></div>
Try to avoid declaring div elements with id's suffixed with "-matey", as most div elements that will be inserted into your page have such an id. For example: elements with id's such as "btn-matey" or "editor-matey" are reserved by Matey.
npm install
.npm run build:browser
,
which puts the scripts in the current working directory.
You can also choose your own file destination by running
browserify lib/index.js --standalone Matey -t urify/transform -t brfs -t browserify-css | terser > my/file/destination.min.js
.init
function on an instance of the Matey
class:<head>
<!-- otherwise browsers won't be able to parse the minified script -->
<meta charset="UTF-8">
</head>
<script src="matey.min.js" type="text/javascript"></script>
<script>
let matey = new Matey();
const config = {
rmlMapperUrl: "http://localhost:4000/execute" // make sure an RMLMapper endpoint with this URL is active!
};
matey.init("matey-id", config);
</script>
In your JavaScript code, import the Matey class from the package, and
on an instance call the init
function with the id of the div element for the editor.
const Matey = require("matey");
const matey = new Matey();
const config = {
rmlMapperUrl: "https://rml.io/api/rmlmapper/execute" // make sure an RMLMapper endpoint with this URL is active!
};
matey.init("matey-id", config);
You can use browserify
from within the project's root directory to bundle up the code and its dependencies,
so you can include it into your HTML code.
The example in the folder examples/with_bundler
used the following command to bundle the code up into examples/with_with_bundler/bundle.js
:
browserify examples/with_bundler/init.js -t urify/transform -t brfs -t browserify-css --minify=true | terser > examples/with_bundler/bundle.js
The browserify transformations used in the example are necessary for Matey to work.
To configure Matey, you can pass a JSON object as an argument to Matey's init
method. The configuration options are:
rmlMapperUrl
: URL of RMLMapper Web API endpointAn example of calling init
with a configuration object would be:
let config = {
rmlMapperUrl: "http://tw06v069.ugent.be/rmlmapper/process"
};
matey.init("matey-id", config);
Examples of usage can be found in the examples
directory of the project.
Both examples illustrate the use of Matey through a single web page which only contains Matey's editors.
In these examples, Matey is configured to use an RMLMapper endpoint with URL "http://localhost:4000/execute", so if you
want these examples to run, make sure you have such an endpoint set up.
The tests also assume that an RMLMapper endpoint with URL http://localhost:4000/execute is up and running. Once you have it set up, run the following commands from inside the project directory:
npm install
npm test
This code is copyrighted by Ghent University – imec and released under the MIT license.
FAQs
Web-based editor for YARRRML rules.
We found that @rmlio/matey demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.