Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
block-sequence
Advanced tools
A sequential id generator, which grabs blocks of ids rather than just one at a time
A sequential id generator, which grabs blocks of ids rather than just one at a time.
var BlockArray = require('block-sequence').BlockArray
var init = require('block-sequence-mysql')
// Initialise the MySql Block Sequence Driver. Other drivers are available
init({ host: '127.0.0.1', database: 'bs_test', user: 'root' }, function(err, driver) {
if (err) throw err
// Ensure the sequence exists
driver.ensure({ name: 'my-sequence' }, function(err, sequence) {
if (err) throw err
// Create a block array containing 1000 ids per block (defaults to 2 blocks)
var idGenerator = new BlockArray({ block: { sequence: sequence, driver: driver, size: 1000 } })
// Grab the next id
idGenerator.next(function(err, id) {
if (err) throw err
console.log(id)
})
})
})
UUIDs a great for creating unique ids in a distributed environment without a shared persistent storge. Unfortunately they look horrible and aren't very user friendly if you need to read them out to anyone.
I like shortId, but in a multi process / multi host architecture you need to congure each process with a unique worker id. There are also limitations on alphabet making it likely you'll need to use mixed case letters. This can cause problems for MySQL which is case insenstive by defaults and doesn't have a case sensitive utf-8 character set, meaning you have to do horrible things like use different character sets for id columns and data columns in the same table.
Unless performance is a genuine concern I choose strings, and make it obvious that they are strings by prefixing them with some alphabetic characters. The reasons to avoid integers are...
In a non type safe language like JavaScript frameworks such as express, and datastores such as redis return data as string. This causes havoc when you attempt to retrieve a record from mongo, without parsing the id first.
If you only use numbers a malicious script or accidental programming mistake could burn through ids very rapidly. If you've prefixed your ids with a string, you can change the prefix and reset the sequence.
I use <system>-<entity>-<left padded sequence number>-<environment>
, i.e. if I were developing a Jobs board and wanted an id generator for vacancies in the live environment an example id would be jbs-vac-00070012-l
. block-sequence lets you do just this.
Yes. That's why block-sequence reads blocks of ids, and recharges exhausted blocks while the current block is draining.
block-sequence uses plugable drivers to keep track of sequences. The current drivers are
To add another driver please ensure it passes the block-sequence-compliance-tests
{
"size": 2,
"block": {
"size": 100,
"retry": {
"limit": 1000,
"interval": 100
},
"sequence": {
"name": "job-vacancies",
"value": 0,
"metadata": {
"description": "Add any properties you like to metadata",
"system": "jbs",
"entity": "vac",
"environment": "l"
}
},
"padding": {
"size": 10
},
"template": "{{=sequence.metadata.system}}-{{=sequence.metadata.entity}}-{{=id}}-{{=sequence.metadata.environment}}"
}
}
The above configuration will configure a block array containing two blocks. The blocks of 100 ids each. When the first block drains completely the array will start drawing from the second block and the first block will be recharged. The recharging process will automatically retry up to 1000 times at 100ms intervals.
The padding and doT.js template will cause blockArray.next
to yield an id similar to jbs-vac-0000001234-l
See the specific driver readme for how to configure the drivers
FAQs
A sequential id generator, which grabs blocks of ids rather than just one at a time
The npm package block-sequence receives a total of 3 weekly downloads. As such, block-sequence popularity was classified as not popular.
We found that block-sequence demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.