Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stamp/collision
Advanced tools
Controls collision behavior: forbid or defer
The defer
collects same named methods and wraps them into a single method.
This stamp (aka behavior) will check on every compose
call if there are any conflicts. Throws an Error
in case of a forbidden collision or ambiguous setup.
import Collision from '@stamp/collision';
import {Border, Button, Graph} from './drawable/primitives';
const UiComponent = Collision.collisionSetup({defer: ['draw']})
.compose(Border, Button, Graph);
const component = UiComponent();
component.draw(); // will draw() all three primitives
Forbid or Defer an exclusive method
stamp.collisionSetup({forbid: ['methodName1'], defer: ['methodName2']}) -> Stamp
Forbid any collisions, excluding those allowed
stamp.collisionProtectAnyMethod({allow: ['methoName']}) -> Stamp
Remove any Collision settings from the stamp
stamp.collisionSettingsReset() -> Stamp
See the comments in the code:
import compose from '@stamp/compose';
import Collision from '@stamp/collision';
import Privatize from '@stamp/privatize';
// General purpose behavior to defer "draw()" method collisions
const DeferDraw = Collision.collisionSetup({defer: ['draw']});
const Border = compose(DeferDraw, {
methods: {
draw: jest.fn() // Spy function
}
});
const Button = compose(DeferDraw, {
methods: {
draw: jest.fn() // Spy function
}
});
// General purpose behavior to privatize the "draw()" method
const PrivateDraw = Privatize.privatizeMethods('draw');
// General purpose behavior to forbid the "redraw()" method collision
const ForbidRedrawCollision = Collision.collisionSetup({forbid: ['redraw']});
// The aggregating component
const ModalDialog = compose(PrivateDraw) // privatize the "draw()" method
.compose(Border, Button) // modal will consist of Border and Button
.compose(ForbidRedrawCollision) // there can be only one "redraw()" method
.compose({
methods: {
// the public method which calls the deferred private methods
redraw(int) {
this.draw(int);
}
}
});
// Creating an instance of the stamp
const dialog = ModalDialog();
// Check if the "draw()" method is actually privatized
expect(dialog.draw).toBeUndefined();
// Calling the public method, which calls the deferred private methods
dialog.redraw(42);
// Check if the spy "draw()" deferred functions were actually invoked
expect(Border.compose.methods.draw).toBeCalledWith(42);
expect(Button.compose.methods.draw).toBeCalledWith(42);
// Make sure the ModalDialog throws every time on the "redraw()" collisions
const HaveRedraw = compose({methods: {redraw() {}}})
expect(() => compose(ModalDialog, HaveRedraw)).toThrow();
FAQs
Detect and manipulate method collisions
The npm package @stamp/collision receives a total of 1 weekly downloads. As such, @stamp/collision popularity was classified as not popular.
We found that @stamp/collision demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.