Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@shopify/decorators
Advanced tools
@shopify/decorators
A set of decorators to aid your JavaScript journey.
$ yarn add @shopify/decorators
memoize
The memoize decorator creates a function that memoizes the results of the function it is decorating.
The cache key for storing the results are based on the first argument provided to the memoized function.
If the memoization key cannot be inferred from the first argument alone, a resolver
should be passed in to ensure a unique key. (ex: the unique key is in the second argument, or the unique key is a combination of a few arguments)
Know that memoization will be skipped on server process and the cached results have a maximum limit of 50 entries on a first in first out basis.
import {memoize} from '@shopify/decorators';
class MyClass {
@memoize()
addOne(number: number) {
return number + 1;
}
}
const myClass = new MyClass();
myClass.addOne(1); // -> 2, addOne is executed
myClass.addOne(1); // -> 2, result is from cache
When memoizing a function with object as first argument, make sure the object is immutable.
import {memoize} from '@shopify/decorators';
class MyClass {
@memoize()
getValues(someObject: {one: string; two: string}) {
return;
}
}
const myClass = new MyClass();
const testObject1 = {one: 1, two: 2};
myClass.getValues(testObject1); // -> [1, 2], getValues is executed
myClass.getValues(testObject1); // -> [1, 2], result is from cache
testObject1.two = 3;
myClass.getValues(testObject1); // -> [1, 2], result is from cache, BAD
The resolver takes in the same arguments as the function it is decorating. Be sure that the resolver returns a unique identifer.
import {memoize} from '@shopify/decorators';
class MyClass {
@memoize((command: string, value: string) => `${command}${value}`)
getByCommand(command: string, value: string) {
// implementation for getByCommand
}
}
const myClass = new MyClass();
myClass.getByCommand('command name 1', 'command value 1'); // runCommand is executed
myClass.getByCommand('command name 1', 'command value 2'); // runCommand is executed
Next let's fix the example from above so the results will always be correct.
import {memoize} from '@shopify/decorators';
class MyClass {
@memoize((someObject: {id: string; value: string}) => `${id}${value}`)
getValues(someObject: {id: string; value: string}) {
return Object.values(someObject);
}
}
const myClass = new MyClass();
const testObject1 = {id: 1, value: 2};
myClass.getValues(testObject1); // -> [1, 2], getValues is executed
myClass.getValues(testObject1); // -> [1, 2], result is from cache
testObject1.value = 3;
myClass.getValues(testObject1); // -> [1, 3], getValues is executed
FAQs
A set of decorators to aid your JavaScript journey
The npm package @shopify/decorators receives a total of 49,155 weekly downloads. As such, @shopify/decorators popularity was classified as popular.
We found that @shopify/decorators demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 27 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.