Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@tom-s/kquery
Advanced tools
@tom-s/kquery
TODO: - handle bad user input (selector not string and replace with)
kQuery
A jQuery-like capable library.
Example
You can play with kQuery here: https://codesandbox.io/s/unruffled-davinci-8mgyt
OR You can also run the example locally:
git clone git@github.com:tom-s/kQuery.git
cd kQuery
npm install
npm run start
Usage
Add the package to your dependencies
npm install --save @tom-s/kquery
Import the library in your file
import kQuery from "@tom-s/kquery"
Use the library (make sure the DOM is loaded before you run any kQuery)
kQuery('.my-selector').remove()
API documentation
See assignment.md
Test
npm run test
Publication
npm run build`
npm publish`
Technical choices
I have made the following (debattable) choices:
- isolated collection method. Each method (get, find, etc) is isolated it its own file and doesn't require any other method. This way if a method was to to be modified/removed in the future, it wouldn't affect other methods.
- no error handling. No try/catch here, we leave to the user the handling of errors.
- browser compatibility is ensured with babel-env polyfills.
- building and bundling is handled with webpack.
- linting is done with ESLINT.
Improvements
The following improvements could be made in the future:
- make kQuery a singleton (it currently relies on npm import caching mechanism to be a singleton)
- implement more methods and group them into modules (core, traversing, event, aso.)
- add end to end testing (for instance to make sure it works on all browsers)
FAQs
TODO: - handle bad user input (selector not string and replace with)
The npm package @tom-s/kquery receives a total of 1 weekly downloads. As such, @tom-s/kquery popularity was classified as not popular.
We found that @tom-s/kquery demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Nov 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024