
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@workerhive/flow-provider
Advanced tools
Connecting all the pipes together to make a big beautiful graph that can be searched with graphql
Workhub Flow ProviderConnecting all the pipes together to make a big beautiful graph that can be searched with graphql
The following snippet generates an apollo-server configured with a SensitiveType and a Hash no resolvers are set up for the hash but the SensitiveType will now have resolvers for
these will be routed by default to the app store provided, if the configurable directive has been set the user can choose which store they would like to use
const Flow = require('@workerhive/flow-provider')
const typeDefs = `
type MergedType @crud @configurable{
id: ID
name: String @input
description: String @input
applicationField: String
}
type SensitiveType @crud @configurable{
id: ID
name: String @input
description: String @input
sensitiveKey: Int
}
`
let flowDefs = {
MergedType: {
id: "app:MergedTypes:_id",
name: "app:MergedTypes:JobName",
description: "app:MergedType:description",
applicationField: "app:MergedType:applicationField",
refs: {
"id": ["app:MergedType:_id"],
}
},
SensitiveType: {
name: "app:Sensitive:name",
sensitiveKey: "app:Sensitive:key",
refs: {
"id": ["app:Sensitive:_id"],
}
}
}
let resolvers = {
}
let server = Flow(typeDefs, flowDefs, resolvers)
server.listen({port: 4001}).then((conn) => {
const {url} = conn;
console.log(`🚀 Server ready at ${url}`);
})
Type definitions follow normal GraphQL syntax with the addition of a few directives baked into the flow-provider
The crud directive informs the flow provider to set up routes for CRUD operations following the naming convention $operation$TypeName and to setup input types based on the keys in the type with the @input directive
Lets the flow provider know it should allow these types to be configured by flow definitions
Signals relevant fields to be used for input type setup
Flow definitions are a JSON description of where a model is storing key values and how it should go about retrieving them
Example
{
$TypeName: {
$modelKey: "$store:$pathway:$key",
$otherKey: "$otherstore:$pathway:$key2"
}
}
FAQs
Connecting all the pipes together to make a big beautiful graph that can be searched with graphql
The npm package @workerhive/flow-provider receives a total of 9 weekly downloads. As such, @workerhive/flow-provider popularity was classified as not popular.
We found that @workerhive/flow-provider demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.