Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A minimal application harness that stays out of your way and out of your code.
$ npm install billy
var Application = require('billy');
var app = new Application();
app.service(function main() {
console.log('Hello, World!');
});
app.start();
The primary goal and driving philosophy of Billy is to provide a cohesive and useful set of patterns for building an application that doesn't creep its way into your business logic and domain code.
It is flexible and generic enough to work great for building server apps, browser apps, javascript games, or even CLI utilities.
Much like express, Billy strives not to be a framework that permeates all parts of your codebase, but rather the scaffolding that allows you to roll your own application architecture stack.
Billy views your application as the composition of several dependency-injected
Services. When the application is started via app.start()
, all registered
services will be instantiated in turn and be given a chance to startup.
A service should be used to create various run-time objects and register them
as dependencies with the IoC container via the app
dependency for other parts
of the application to use.
Services are effectively the place where all the various pieces of your application are booted, configured, and wired together.
Your application entry point will register a series of services that will power your app. Services can either be a simple closure or a class constructor, and can optionally use promises to signal an asynchronous startup.
The simplest example of a service is a function:
app.service(function main() {
console.log('service created');
});
If our service took some time to startup, we could return a Promise
to ensure
during the service start phase, the application would wait.
app.service(function main() {
console.log('service created');
return someAsyncTask()
.then(function() {
console.log('service started');
});
});
Note that all services are first created all at once (by calling the provided function), synchronously. Then, all of the services are started (by waiting on any promises returned in the service function).
A simple class constructor can be passed to the app.service()
method as well.
// MyService.js
module.exports = MyService;
function MyService()
{
console.log('service created');
}
In our startup file:
// main.js
var Application = require('billy');
var MyService = require('./MyService.js');
var app = new Application();
app.service(MyService);
app.start();
If this service requires some additional setup after all services have been
created, or requires an asynchronous startup, we can implement a start
method:
MyService.prototype.start = function()
{
return someAsyncTask()
.then(function() {
console.log('service started');
});
};
Any promise return is waited on until it resolves before attempting to start any subsequent services.
This is useful for things like downloading external data, verifying credentials, bootstrapping external connections, etc. The application startup process will block until the service resolves, guaranteeing a deterministic boot up.
$ npm test
This will generate the HTML documentation under ./doc
:
$ npm run doc
MIT
FAQs
A minimal application harness that stays out of your way and out of your code.
The npm package billy receives a total of 7 weekly downloads. As such, billy popularity was classified as not popular.
We found that billy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.