Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Aurumjs is a DOM rendering library inspired by react and angular. In Aurum you use stream based programing (Similar to rx.js) for data management. You link your streams directly to the DOM be it into attributes, inner text or inner html, you keep your UI up to date all through streams. Components in aurum never "rerender" react style, there is no reconciliation, no watching no dirty checking and no guesswork on what will and will cause things to render because all DOM changes are directly tied to a data stream.
Aurum encourages writing UIs in a way that makes them update faster in response to data changes than even in popular modern libraries like react, vue or angular
Aurum does most of the data management overhead for you, saving time and allowing to focus on what matters: Implementing your business logic
Aurum.js has very few concepts and a small API, you can get a full understanding of Aurum.js in record time.
All chromium based browsers
Edge
Firefox
Safari
IE11 (requires several polyfills and your code bundler needs to downlevel the code to ES5 but it works)
Install:
$ npm install aurumjs
To use Aurum you need to compile JSX or TSX using babel or the typescript compiler.
Example .babelrc
{
"presets": [
"@babel/preset-env",
],
"plugins": [
[
"@babel/transform-react-jsx",
{
"pragma": "Aurum.factory"
}
]
]
}
In tsconfig.json put the jsxFactory option
"compilerOptions": {
"jsxFactory": "Aurum.factory"
}
Simple Aurum app to render a div with text in the DOM:
import {Aurum} from 'aurumjs'
Aurum.attach((<div>Hello Aurum</div>), document.body)
TODO App with creation, deletion drag and drop, editing and marking as done of tasks all under 100 lines of code with aurum: https://codepen.io/cyberphoenix90/pen/LYYMwVr
FAQs
Stream based declarative DOM rendering library for javascript
We found that aurumjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.