Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A standard for JS callbacks that enables lightweight observables and iterables
Read also the announcement blog post and this introductory blog post.
(type: number, payload?: any) => void
(type: number, payload?: any) => void
type === 0
means "start" (a.k.a. "subscribe" on Observables)type === 1
means "data" (a.k.a. "next" on Observers)type === 2
means "end" (a.k.a. "unsubscribe" on Subscriptions)(type: number, payload?: any) => void
(type: 0 | 1 | 2, payload?: any) => void
0
as the first argument, we say "the callbag is greeted", while the code which performed the call "greets the callbag"1
as the first argument, we say "the callbag is delivered data", while the code which performed the call "delivers data to the callbag"2
as the first argument, we say "the callbag is terminated", while the code which performed the call "terminates the callbag"The capitalized keywords used here follow IETF's RFC 2119.
Greets: (type: 0, cb: Callbag) => void
A callbag is greeted when the first argument is 0
and the second argument is another callbag (a function).
Handshake
When a source is greeted and given a sink as payload, the sink MUST be greeted back with a callbag payload that is either the source itself or another callbag (known as the "talkback"). In other words, greets are mutual. Reciprocal greeting is called a handshake.
Termination: (type: 2, err?: any) => void
A callbag is terminated when the first argument is 2
and the second argument is either undefined (signalling termination due to success) or any truthy value (signalling termination due to failure).
After the handshake, the source MAY terminate the sink. Alternatively, the sink MAY terminate the source after the handshake has occurred. If the source terminates the sink, then the sink SHOULD NOT terminate the source, and vice-versa. In other words, termination SHOULD NOT be mutual. A callbag MUST NOT be terminated more than once.
Data delivery (type: 1, data: any) => void
Amount of deliveries:
Window of valid deliveries:
Reserved codes
A callbag SHOULD NOT be called with any of these numbers as the first argument: 3
, 4
, 5
, 6
, 7
, 8
, 9
. Those are called reserved codes. A callbag MAY be called with codes other than those in the range [0-9]
, but this specification makes no claims in those cases.
This project is offered to the Public Domain in order to allow free use by interested parties who want to create compatible implementations. For details see COPYING
and CopyrightWaivers.txt
.
To the extent possible under law,
Callbag Standard Special Interest Group
has waived all copyright and related or neighboring rights to
Callbag Standard.
This work is published from:
Finland.
FAQs
A standard for JS callbacks
The npm package callbag receives a total of 9,045 weekly downloads. As such, callbag popularity was classified as popular.
We found that callbag demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.