Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
JavaScript's dependency injection like Autofac in .Net
npm i cheap-di
The recommended way of using this package is using it with code transformers like cheap-di-ts-transform
. Because in this way you will get the true dependency injection:
Note: You may wonder, why we use abstract classes?
- It is syntax analog of interface.
But why don't we use interfaces?
- Because we need some unique "token" compatible with JavaScript, to be able to register and resolve implementations. You can't use TypeScript interface in runtime (because it doesn't exists in JavaScript), and you can use classes!
Some another DI libraries use symbols to achieve that, but we don't see necessity to map somewhere symbols with implementations if we may use only classes everywhere. Less code -> less issues.
abstract class Logger {
abstract debug: (message: string) => void;
}
class ConsoleLogger implements Logger {
constructor(public prefix: string) {}
debug(message: string) {
console.log(`${this.prefix}: ${message}`);
}
}
class Service {
constructor(private logger: Logger) {}
doSome() {
this.logger.debug('Hello world!');
}
}
/**
* With cheap-di-ts-transform here will be added metadata about Service dependencies.
* */
// somewhere in your application initialization
import { container } from 'cheap-di';
const myLogPrefix = 'INFO: ';
container.registerImplementation(ConsoleLogger).as(Logger).inject(myLogPrefix);
// somewhere inside your code
// or you may use some middleware to do this, to get rid of Service Locator antipattern
import { container } from 'cheap-di';
const service = container.resolve(Service);
service.doSome();
But if you can't use transformers you still may use cheap-di with @inject
decorator (it supports stage 2 and stage 3 TypeScript syntax):
import { inject } from 'cheap-di';
abstract class SessionAccessor {
abstract getSession(): string;
}
abstract class Logger {
abstract debug(message: string): void;
}
abstract class InfoLogger extends Logger {}
abstract class ErrorLogger extends Logger {}
// non-classes-arguments specified as "unknown" (or any other string)
// we use `dependencies.filter((dependency) => typeof dependency !== 'string'))` code to filter non-clases dependencies
@inject('unknown', SessionAccessor)
class ConsoleLogger implements Logger {
constructor(public prefix: string, private sessionAccessor: SessionAccessor) {}
debug(message: string) {
console.log(`[${this.sessionAccessor.getSession()}] ${this.prefix}: ${message}`);
}
}
@inject(InfoLogger)
class Service {
constructor(private logger: InfoLogger) {}
doSome() {
this.logger.debug('Hello world!');
}
}
// somewhere
import { container } from 'cheap-di';
const infoPrefix = 'INFO: ';
container.registerImplementation(ConsoleLogger).as(InfoLogger).inject(infoPrefix);
const errorPrefix = 'ERROR: ';
container.registerImplementation(ConsoleLogger).as(ErrorLogger).inject(errorPrefix);
// somewhere in inside your code
// or you may use some middleware to do this, to get rid of Service Locator antipattern
import { container } from 'cheap-di';
const service = container.resolve(Service);
service.doSome();
To use stage 2 decorators you need to adjust your tsconfig.json like:
{
"compilerOptions": {
// ...
"experimentalDecorators": true
}
}
To use stage 3 decorators you don't need extra setup.
If you would like to specify implementation of your interface:
import { container } from 'cheap-di';
abstract class Service {/**/}
class ServiceImpl extends Service {/**/}
container
.registerImplementation(ServiceImpl)
.as(Service);
Or if you want to inject some parameters to its constructor:
import { container } from 'cheap-di';
class Foo {
constructor(private name: string) {}
}
container
.registerImplementation(Foo)
.inject('some name');
Or if you want to have only one instance of the implementation class:
import { container } from 'cheap-di';
class Foo {}
container
.registerImplementation(Foo)
.asSingleton();
And singleton also may be used with interface specification:
import { container } from 'cheap-di';
abstract class Service {/**/}
class ServiceImpl extends Service {/**/}
container
.registerImplementation(ServiceImpl)
.asSingleton(Service);
And even with argument injection:
import { container } from 'cheap-di';
abstract class Service {/**/}
class ServiceImpl extends Service {
constructor(private name: string) {
super();
}
}
container
.registerImplementation(ServiceImpl)
.asSingleton(Service)
.inject('some name');
If you want to register some instance as interface. Result is similar to singleton registration except the fact you have to instantiate class by your self
import { container } from 'cheap-di';
class Database {
get() {
return Promise.resolve('name1');
}
}
container
.registerInstance(new Database())
.as(Database);
And you may use any object value as instance
import { container } from 'cheap-di';
abstract class Database {
abstract get(): Promise<string>;
}
const db: Database = {
async get() {
return Promise.resolve('name1');
},
};
container
.registerInstance(db)
.as(Database);
You can see more examples of container methods in ContainerImpl.test.ts
FAQs
Easy way to create nice web routes for you application
The npm package cheap-di receives a total of 76 weekly downloads. As such, cheap-di popularity was classified as not popular.
We found that cheap-di demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.