Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@stoplight/graphite
Advanced tools
Nodes'n things.
Supported in modern browsers and node.
# latest stable
yarn add @stoplight/graphite
Note, this is not all implemented, but rather an example of what it might look like.
import {
Graphite,
FilesystemPlugin,
JsonPlugin,
YamlPlugin,
Oas2Plugin
} from "@stoplight/graphite";
const graphite = Graphite();
graphite.registerPlugins(
FilesystemSource(),
JsonPlugin(),
YamlPlugin(),
Oas2Plugin()
);
// Mirror two Graphite instances. The mirroredGraphite instance has no plugins, and simply applies the results of the graphite instance.
const mirroredGraphite = Graphite();
graphite.on("did_patch", mirroredGraphite.applyPatch);
// Add a single SourceNode of type file
const n = graphite.addSourceNode({
type: FilesystemPlugin.File,
path: "/foo.json"
});
// Queue up a read task for that node
n.read();
// Wait until all processing is done
await graphite.tasksProcessed();
// The two graphs should be identical, ids and all.
// Note, the mirroredGraph did NO work - all the file reading, parsing, etc, was done by the plugins in the main graphite instance.
expect(graphite.dehydrate()).toEqual(mirroredGraphite.dehydrate());
add
and remove
nodes/edges.source
, source_map
, and virtual
.applyPatch
method.addSourceNode
, that simply build and a patch or task and call applyPatch
or queueTask
.graphite.applyPatch
method.JsonOperations
.JsonOperations
, and their inverse. This is similar to the concept of a "transaction".JsonPatch
must be queued up via a GraphTask
.add_node
, read_node
, write_node
, parse_node
, compute_node_source_map
.oas2_lint_node
.GraphTask
must always be a GraphPatch
.GraphPatch
it returns is applied to the graph.high
and low
priority queues.add_node
and read_node
will go into a high
priority queue.oas2_lint_node
and resolve_node
will go into a low
priority queue.original
, raw
, parsed
(TODO), and isDirty
.read
, write
, updateRaw
, and updateParsed
.original
property of a SourceNode
in response to read_node
tasks.SourceNode
raw property back to the data source in response to write_node
tasks.ISourceReader
and/or ISourceWriter
.SourceNodes
.parsed
value when raw
changes.raw
value when parsed
changes.SourceNode
.uri
points to a real location in the original source.SourceNode.parsed
, according to its uri
.update
method that queues a GraphPatch
to update its source node parsed value.ISourceTreeMap
that describes how a SourceNode.parsed
value should be translated into SourceMapNodes
.SourceNode
or SourceTreeNode
feature/{name}
, chore/{name}
, or fix/{name}
branch.yarn
.yarn test.prod
.yarn commit
. NOTE: Commits that don't follow the conventional format will be rejected. yarn commit
creates this format for you, or you can put it together manually and then do a regular git commit
.git push
.next
branch.FAQs
Nodes'n things.
The npm package @stoplight/graphite receives a total of 85 weekly downloads. As such, @stoplight/graphite popularity was classified as not popular.
We found that @stoplight/graphite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 26 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.