Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A solid framework for building webapps.
How to reach each of the goals.
Different parts of the application will always require some kind of configuration. Instead of putting the configuration in a global location, each part gets the configuration passed on instantiation.
This can be done automatically by mapping the configuration section to the name of the object that needs variables.
By defining strict rules for how object constructors may look this can be generalized.
By writing the framework itself as a separate project we can further force ourselves to separate app logic from framework logic.
Each controller should return a view object. The view object is an object that defines how a page should be rendered. The framework will then inspect this object and render it and pass it to the browser.
During AJAX requests this view object can be serialized to JSON and sent to the browser for rendering on the client.
The view layer could possibly be abstracted to work with streams in some way.
On the client side there should be a router layer that correctly invokes the controller for the current page.
The view objects from the server should be made to work on the client.
View objects defines a target for how it should be rendered. For incremental requests (like endless scrolling) they can set a selector and wether the result should be prepended or appended to the target.
The client side should support single page applications where supported by the browser. Pages should be stored in the DOM to make jumping back and forth a breeze.
I believe this is achieved by writing clear, separated logic. Hooks and events will have to be provided for this kind of functionality to sit outside the app.
The application should provide a simple way of doing logging. Runtime configurations can then be made to decide where the log messages are sent.
Callbacks should all do error first. All that good jazz.
Keep convention over configuration for stuff like folder structure etc. Provide scaffolding methods for creating models, helpers, controllers etc.
FAQs
Yet another web framework.
The npm package arthus receives a total of 1 weekly downloads. As such, arthus popularity was classified as not popular.
We found that arthus demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.