Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
baselinejs
Advanced tools
Share code and data between the client and the server in full stack JavaScript applications.
basline.js is a small library that organizes application logic and data in node.js web applications into interdependent services that can be used both on the client and the server. It provides a small, simple, in-memory data store to organize and access data on the client. The same in-memory database and logic can also be used on the server side.
A baseline object may be initialized both on the server and on the client. On the server, a baseline object is initialized on a per request basis. For example, in an express.js app,
var baseline = require( 'baseline' );
app.use( function( req, res, cb ) {
req.baseline = new Baseline( {
rt : new ContactsService( { collectionName : 'contacts' } )
} );
} );
On the client, a single baseline object is initialized and attached to the window
object.
window.Wikkem.baseline = new Baseline( {
rt : new ContactsService(),
} );
A baseline instance is made up of services. A service is a module that contains application logic and potentially accessors for in-memory data that is operated on by that logic. Services may depend on each other.
collectionServices contain the application logic and the means to access in-memory data that is a subset of the data in a database collection or table.
When used on the client side, collectionServices are very similar to backbone.js collections, with a few key differences:
The process of bootstrapping data from the client to the server is streamlined using steamer.
To
app.use( function( req, res, cb ) {
req.baseline = new Baseline( {
rt : new ContactsService( { collectionName : 'contacts' } )
} );
req.bootstrapBoat = req.baseline.createBoat();
steamer.stuffMiddleware( 'bootstrapBoat' )( req, res, cb );
} );
THIS DOCUMENTATION IS A WORK IN PROGRESS. If you want to see more, please star the repo.
FAQs
Share code and data between the client and the server in full stack JavaScript applications.
We found that baselinejs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.