Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@travetto/base
Advanced tools
Bootstrapping, application phase management, environment config and common utilities for travetto applications.
Base is the foundation of all travetto
applications. It is intended to be a minimal application bootstrap, as well as support for commonly shared functionality. The key areas that it offers
This is a programmatic interface to package.json
, which provides key information on:
The framework does a bit of file system scanning to auto load files, and to have knowledge of what files are available. The tools provide:
A simple example of finding all .config
files in your codebase:
function processServiceConfigs(svc: string) {
const svcConfigs = await findAppFiles('.config', file => path.basename(file).startsWith(`${svc}.`));
for (const conf of svcConfigs) {
... do work
}
}
The framework provides basic environment information, e.g. in prod/test/dev. This is useful for runtime decisions. This is primarily used by the framework, but can prove useful to application developers as well. The information that is available is:
prod: boolean
- is the application in prod modedev: boolean
- is the application in development modetest: boolean
- is the application currently in test modewatch: boolean
- is the application currently watching for file changes and reloads (normally only during development)all: string[]
- a list of all the environments that are passed in and configureddocker: boolean
- does the environment support docker, and should it use it if neededdebug: boolean
- is the application currently in debug modetrace: boolean
- is the application currently in trace modecwd: string
- what is the root folder of the applicationThis is centralized functionality for running operations on shutdown. Primarily used by the framework for cleanup operations, this provides a clean interface for registering shutdown handlers and awaiting shutdown to finish.
As a registered handler, you can do.
Shutdown.onShutdown('handler-name', async () => {
// Do important work
})
If knowing when shutdown finishes is all you want, you can simply use:
async function messageOnShutdown() {
await Shutdown.onShutdownPromise();
console.log('Shutdown is complete!');
}
Integration with trace.js
to handle asynchronous call stacks, and provide higher quality stack traces. The stack filtering will remove duplicate or unnecessary lines, as well as filter out framework specific steps that do not aid in debugging. The final result should be a stack trace that is concise and clear.
From a test scenario:
function test() {
setTimeout(function inner1() {
setTimeout(function inner2() {
setTimeout(function inner3() {
throw new Error('Uh oh');
}, 1);
}, 1);
}, 1);
}
test();
Will produce the following stack trace:
Error: Uh oh
at Timeout.inner3 [as _onTimeout] (./test/stack.js:6:23)
at Timeout.inner2 [as _onTimeout] (./test/stack.js:5:13)
at Timeout.inner1 [as _onTimeout] (./test/stack.js:4:9)
at Object.load [as .ts] (./bin/travetto.js:27:12)
During the lifecycle of an application, there is a need to handle different phases of execution
phase.<phase>.ts
files under node_modules/@travetto
, and in the root of your projectphase.<phase>.ts
An example would be something like phase.bootstrap.ts
in the Config
module.
export const init = {
priority: 1, // Lower is of more importance, and runs first
action: () => {
require('../src/service/config').init();
}
}
The needed functionality cannot be loaded until init.action
executes, and so must be required only at that time.
Simple functions for providing a minimal facsimile to lodash
, but without all the weight. Currently util
only includes:
isPrimitive(el: any)
determines if el
is a string
, boolean
, number
or RegExp
isPlainObject(obj: any)
determines if the obj is a simple objectisFunction(o: any)
determines if o
is a simple Function
isClass(o: any)
determines if o
is a class constructorisSimple(a: any)
determines if a
is a simple valuedeepAssign(a: any, b: any, mode?)
which allows for deep assignment of b
onto a
, the mode
determines how aggressive the assignment is, and how flexible it is. mode
can have any of the following values:
loose
, which is the default is the most lenient. It will not error out, and overwrites will always happencoerce
, will attempt to force values from b
to fit the types of a
, and if it can't it will error outstrict
, will error out if the types do not matchthrottle(fn, threshhold?: number)
produces a function that will execute fn
, at most once per threshold
A very simple file watching library, with a substantially smaller footprint than gaze
or chokidar
.
const watcher = new Watcher({cwd: 'base/path/to/...'});
watcher.add([
'local.config',
{
testFile: x => x.endsWith('.config') || x.endsWith('.config.json')
}
]);
watcher.run();
FAQs
Environment config and common utilities for travetto applications.
The npm package @travetto/base receives a total of 30 weekly downloads. As such, @travetto/base popularity was classified as not popular.
We found that @travetto/base demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.