Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Amend is a dependency-injection framework for use in node and in the browser. Amend aims to have no impact on the code you write and to minimize configuration as much as possible.
npm i amend -S
or
npm install amend --save
Instead of forcing you to use code specific to this library when creating your components, amend lets you write components using the regular require
and module.exports
function and variable. Depenencies between the components are wired up through a configuration object. This means that unlike many other di frameworks, no variables specific for amend are introduced in your code.
The configuration is a normal javascript object that maps names of components to their path for require. A module can be one of these three types:
Factories are functions that can have dependencies injected in them. The factory function is executed by amend and whatever the factory returns is what you get when you access the module through amend. The dependency arguments should correspond to the names of the modules that are to be injected.
module.exports = function(dependency1, dependency2, ...) {
return //returned function/object
}
Classes are similair to factories in that they can have dependencies injected in them. But the function is treated like a constuctor and is therefore invoked with new
. This means that you can assign values to this
and access them in your created module.
module.exports = function(dependency1, dependency2, ...) {
this.foo = something;
}
Values are simpler than factories and constructors, they cannot have dependencies themselves. Whatever you assign to module.exports will be what you get when you access the module through amend.
module.exports = //returned function/object
Returns a di container with modules loaded acording to the specified configuration. options
is passed to the created container.
The configuration is a normal javascript object that contains the key modules
which keys are the names of the modules. A module can have two configuration options.
require
is the path by which the module will be required. Require paths can be realtive or to an installed dependency, relative paths should be relative to the root directory of the poject.
type
is either "factory", "class" or "value".
var conf = {
modules: {
foo: {
require: './lib/foo',
type: 'factory'
}
}
}
It is also possible to use "short" notation where only the path is configured:
var conf = {
modules: {
foo: './lib/foo'
}
}
When using "short" notation the module is assumed to be a factory if it returns a function, otherwise it is treated as a value. This means that it is only neccesary to use "long" notation when registering a class or when the module consists of a function that should be treated as a value.
Manually create a container. This is not the recommended way to do it as a container is created and populated with amend.fromConfig
. The container constuctor is required by reuire('amend').Container
.
Returns the component with the specified name. If the component is a factory or a class it will be initialized on the first call to get. On subsquent calls the initialized component will be returned.
All components are lazy loaded, only initialized when they are required. This method will initialize all modules however. If there are any missmatching dependencies in the container, a call to this method will detect them by throwing an error.
Manually register a factory.
Manually register a class.
Manually register a value.
A little dice game:
// file: ./config.json
{
"modules": {
"rollDice": "./roll-dice.js",
"playGame": "./play-game.js",
"_": {
"require": "lodash",
"type:": "value"
}
}
}
// file: ./roll-dice.js
module.exports = function(_) {
return function() {
return _.random(1, 6);
};
};
// file: ./playGame.js
module.exports = function(rollDice) {
return function() {
return "The roll was " + rollDice()
};
};
//file ./main.js
var amend = require('amend');
var config = require('./config.json');
var di = amend.fromConfig(config);
var playGame = di.get('playGame');
console.log(playGame()); // prints "The roll was 4"
Annotate takes an amend configuration and produces an output which describes the dependencies between the different components. This output can then be used when creating a container in a minified enviroment where the names of dependencies have been obfuscated. Annotate is included as an executable and can thus be accessed through adding an npm script, through the node_modules/.bin
folder or if amend is installed globally. To execute the binary, run:
ammend-annotate config.json
This will print the output to standard out.
It is also possible to use the api:
var annotate = require('amend/tools').annotate;
var config = require('./my-config.json');
var di = amend.fromConfig(config);
var out = getMyWriteStream()
annotate(di, out);
Use the annotated output when creating your container. If you have written the output to ./dependencies.json
then create a container like this:
var amend = require('amend');
var config = require('./config.json');
var dependencies = require('./dependencies.json');
var opts = {
modules: dependencies
};
var di = amend.fromConfig(config, opts);
FAQs
Dependency injection module and IoC container.
The npm package amend receives a total of 1,144 weekly downloads. As such, amend popularity was classified as popular.
We found that amend demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.