Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Framework for rapidly creating high quality, server-side node.js applications, using plugins like building blocks
The 'base' npm package is a framework for rapidly building high-quality node.js applications, using plugins like building blocks. It's designed to be a foundation on which to build complex applications.
Plugin Management
Base allows you to easily manage and use plugins, enabling modular application development. Plugins can add specific functionalities to the base application, which can be initialized and used as needed.
const Base = require('base');
const app = new Base();
app.use(require('some-plugin'));
app.init();
Event Handling
Base provides an event handling system. You can define custom events and handlers, making it easy to manage events within your application.
const Base = require('base');
const app = new Base();
app.on('event', () => console.log('Event triggered!'));
app.emit('event');
Task Execution
Base supports defining and running tasks. This feature allows you to organize code into tasks that can be executed on demand, simplifying complex operations into manageable units.
const Base = require('base');
const app = new Base();
app.task('do something', () => console.log('Task done!'));
app.run('do something');
Express is a web application framework for Node.js, designed for building web applications and APIs. It differs from Base in that it's specifically tailored for HTTP server functionality, whereas Base is more generalized and plugin-oriented.
Hapi is another Node.js framework for building applications and services. Hapi is similar to Base in that it supports plugins, but it is more focused on server-side applications and provides a robust configuration-led approach, compared to Base's flexible plugin system.
Base is a foundation for creating modular, unit testable and highly pluggable server-side node.js APIs.
Most importantly, once you learn Base, you will be familiar with the core API of all applications built on Base. This means you will not only benefit as a developer, but as a user as well.
The core team follows these principles to help guide API decisions:
Compact API surface: The smaller the API surface, the easier the library will be to learn and use.
Easy to extend: Implementors can use any npm package, and write plugins in pure JavaScript. If you're building complex apps, Base dramatically simplifies inheritance.
Easy to test: No special setup should be required to unit test Base
or base plugins
100% Node.js core style
The API was designed to provide only the minimum necessary functionality for creating a useful application, with or without plugins.
Base core
Base itself ships with only a handful of useful methods, such as:
.set
: for setting values on the instance.get
: for getting values from the instance.has
: to check if a property exists on the instance.define
: for setting non-enumerable values on the instance.use
: for adding pluginsBe generic
When deciding on method to add or remove, we try to answer these questions:
Plugin system
It couldn't be easier to extend Base with any features or custom functionality you can think of.
Base plugins are just functions that take an instance of Base
:
var base = new Base();
function plugin(base) {
// do plugin stuff, in pure JavaScript
}
// use the plugin
base.use(plugin);
Add "smart plugin" functionality with the base-plugins plugin.
Inheritance
Easily inherit Base using .extend
:
var Base = require('base');
function MyApp() {
Base.call(this);
}
Base.extend(MyApp);
var app = new MyApp();
app.set('a', 'b');
app.get('a');
//=> 'b';
Inherit or instantiate with a namespace
By default, the .get
, .set
and .has
methods set and get values from the root of the base
instance. You can customize this using the .namespace
method exposed on the exported function. For example:
var Base = require('base');
// get and set values on the `base.cache` object
var base = Base.namespace('cache');
var app = base();
app.set('foo', 'bar');
console.log(app.cache.foo);
//=> 'bar'
NPM
Install with npm:
$ npm install --save base
yarn
Install with yarn:
$ yarn add base && yarn upgrade
var Base = require('base');
var app = new Base();
// set a value
app.set('foo', 'bar');
console.log(app.foo);
//=> 'bar'
// register a plugin
app.use(function() {
// do stuff (see API docs for ".use")
});
Create an instance of Base
with the given cache
and options
. Learn about the cache object.
Params
cache
{Object}: If supplied, this object is passed to cache-base to merge onto the the instance.options
{Object}: If supplied, this object is used to initialize the base.options
object.Example
// initialize with `cache` and `options`
const app = new Base({isApp: true}, {abc: true});
app.set('foo', 'bar');
// values defined with the given `cache` object will be on the root of the instance
console.log(app.baz); //=> undefined
console.log(app.foo); //=> 'bar'
// or use `.get`
console.log(app.get('isApp')); //=> true
console.log(app.get('foo')); //=> 'bar'
// values defined with the given `options` object will be on `app.options
console.log(app.options.abc); //=> true
Set the given name
on app._name
and app.is*
properties. Used for doing lookups in plugins.
Params
name
{String}returns
{Boolean}Example
app.is('collection');
console.log(app.type);
//=> 'collection'
console.log(app.isCollection);
//=> true
Returns true if a plugin has already been registered on an instance.
Plugin implementors are encouraged to use this first thing in a plugin to prevent the plugin from being called more than once on the same instance.
Params
name
{String}: The plugin name.register
{Boolean}: If the plugin if not already registered, to record it as being registered pass true
as the second argument.returns
{Boolean}: Returns true if a plugin is already registered.Events
emits
: plugin
Emits the name of the plugin being registered. Useful for unit tests, to ensure plugins are only registered once.Example
const base = new Base();
base.use(function(app) {
if (app.isRegistered('myPlugin')) return;
// do stuff to `app`
});
// to also record the plugin as being registered
base.use(function(app) {
if (app.isRegistered('myPlugin', true)) return;
// do stuff to `app`
});
Call a plugin function or array of plugin functions on the instance. Plugins are called with an instance of base, and options (if defined).
Params
name
{String|Function|Array}: (optional) plugin nameplugin
{Function|Array}: plugin function, or array of functions, to call.returns
{Object}: Returns the item instance for chaining.Example
const app = new Base()
.use([foo, bar])
.use(baz)
The .define
method is used for adding non-enumerable property on the instance. Dot-notation is not supported with define
.
Params
key
{String}: The name of the property to define.value
{any}returns
{Object}: Returns the instance for chaining.Example
// example of a custom arbitrary `render` function created with lodash's `template` method
app.define('render', (str, locals) => _.template(str)(locals));
Getter/setter used when creating nested instances of Base
, for storing a reference to the first ancestor instance. This works by setting an instance of Base
on the parent
property of a "child" instance. The base
property defaults to the current instance if no parent
property is defined.
Example
// create an instance of `Base`, this is our first ("base") instance
const first = new Base();
first.foo = 'bar'; // arbitrary property, to make it easier to see what's happening later
// create another instance
const second = new Base();
// create a reference to the first instance (`first`)
second.parent = first;
// create another instance
const third = new Base();
// create a reference to the previous instance (`second`)
// repeat this pattern every time a "child" instance is created
third.parent = second;
// we can always access the first instance using the `base` property
console.log(first.base.foo);
//=> 'bar'
console.log(second.base.foo);
//=> 'bar'
console.log(third.base.foo);
//=> 'bar'
Static method for adding global plugin functions that will be added to an instance when created.
Params
fn
{Function}: Plugin function to use on each instance.returns
{Object}: Returns the Base
constructor for chainingExample
Base.use(function(app) {
app.foo = 'bar';
});
const app = new Base();
console.log(app.foo);
//=> 'bar'
Cache
User-defined properties go on the cache
object. This keeps the root of the instance clean, so that only reserved methods and properties on the root.
Base { cache: {} }
You can pass a custom object to use as the cache
as the first argument to the Base
class when instantiating.
const myObject = {};
const Base = require('base');
const base = new Base(myObject);
Base is part of the Toolkit suite of applications.
Toolkit is a collection of node.js libraries, applications and frameworks for helping developers quickly create high quality node.js applications, web projects, and command-line experiences. There are many other libraries on NPM for handling specific tasks, Toolkit provides the systems and building blocks for creating higher level workflows and processes around those libraries.
Toolkit can be used to create a static site generator, blog framework, documentaton system, command line, task or plugin runner, and more!
Building Blocks
The following libraries can be used as "building blocks" for creating modular applications.
Lifecycle Applications
The following applications provide workflows and automation for common phases of the software development lifecycle. Each of these tools can be used entirely standalone or bundled together.
data
method to base-methods. | homepagebase
application. | homepageoption
, enable
and disable
. See the readme… more | homepagepkg
method that exposes pkg-store to your base application. | homepageRunning and reviewing unit tests is a great way to get familiarized with a library and its API. You can install dependencies and run tests with the following command:
$ npm install && npm test
Pull requests and stars are always welcome. For bugs and feature requests, please create an issue.
If Base doesn't do what you need, please let us know.
See the changelog;
Jon Schlinkert
Brian Woodward
Copyright © 2018, Jon Schlinkert. MIT
This file was generated by verb-generate-readme, v0.6.0, on March 29, 2018.
[3.0.0]
Breaking changes
.get
, .get
, .has
, .del
and other method use the base.cache
object. This can be customized by doing new Base.create('foo')
where foo
is the property name to use for the cache.FAQs
Framework for rapidly creating high quality, server-side node.js applications, using plugins like building blocks
We found that base demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.