Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stoplight/graphite
Advanced tools
Nodes'n things.
Supported in modern browsers and node.
# latest stable
yarn add @stoplight/graphite
Note, this is not all implemented, but rather an example of what it might look like.
import {
Graphite,
FilesystemPlugin,
JsonPlugin,
YamlPlugin,
Oas2Plugin
} from "@stoplight/graphite";
const graphite = Graphite();
graphite.registerPlugins(
FilesystemSource(),
JsonPlugin(),
YamlPlugin(),
Oas2Plugin()
);
// Mirror two Graphite instances. The mirroredGraphite instance has no plugins, and simply applies the results of the graphite instance.
const mirroredGraphite = Graphite();
graphite.on("did_patch", mirroredGraphite.applyPatch);
// Add a single SourceNode of type file
const n = graphite.addSourceNode({
type: FilesystemPlugin.File,
path: "/foo.json"
});
// Queue up a read task for that node
n.read();
// Wait until all processing is done
await graphite.tasksProcessed();
// The two graphs should be identical, ids and all.
// Note, the mirroredGraph did NO work - all the file reading, parsing, etc, was done by the plugins in the main graphite instance.
expect(graphite.dehydrate()).toEqual(mirroredGraphite.dehydrate());
add
and remove
nodes/edges.source
, source_map
, and virtual
.applyPatch
method.addSourceNode
, that simply build and a patch or task and call applyPatch
or queueTask
.graphite.applyPatch
method.JsonOperations
.JsonOperations
, and their inverse. This is similar to the concept of a "transaction".JsonPatch
must be queued up via a GraphTask
.add_node
, read_node
, write_node
, parse_node
, compute_node_source_map
.oas2_lint_node
.GraphTask
must always be a GraphPatch
.GraphPatch
it returns is applied to the graph.high
and low
priority queues.add_node
and read_node
will go into a high
priority queue.oas2_lint_node
and resolve_node
will go into a low
priority queue.original
, raw
, parsed
(TODO), and isDirty
.read
, write
, updateRaw
, and updateParsed
.original
property of a SourceNode
in response to read_node
tasks.SourceNode
raw property back to the data source in response to write_node
tasks.ISourceReader
and/or ISourceWriter
.SourceNodes
.parsed
value when raw
changes.raw
value when parsed
changes.SourceNode
.uri
points to a real location in the original source.SourceNode.parsed
, according to its uri
.update
method that queues a GraphPatch
to update its source node parsed value.ISourceTreeMap
that describes how a SourceNode.parsed
value should be translated into SourceMapNodes
.SourceNode
or SourceTreeNode
feature/{name}
, chore/{name}
, or fix/{name}
branch.yarn
.yarn test.prod
.yarn commit
. NOTE: Commits that don't follow the conventional format will be rejected. yarn commit
creates this format for you, or you can put it together manually and then do a regular git commit
.git push
.next
branch.FAQs
Nodes'n things.
We found that @stoplight/graphite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 26 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.