Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
JavaScript's dependency injection like Autofac in .Net
The recommended way of using this package is using it with code transformers like cheap-di-ts-transform
. Because in this way you will get the truly dependency injection:
abstract class Logger {
abstract debug: (message: string) => void;
}
class ConsoleLogger implements Logger {
constructor(public prefix: string) {}
debug(message: string) {
console.log(`${this.prefix}: ${message}`);
}
}
class Service {
constructor(private logger: Logger) {}
doSome() {
this.logger.debug('Hello world!');
}
}
/**
* With cheap-di-ts-transform here will be added information about Service dependencies.
* */
// somewhere in you application initialization
import { container } from 'cheap-di';
const myLogPrefix = 'INFO: ';
container.registerType(ConsoleLogger).as(Logger).with(myLogPrefix);
// somewhere in inside your code
// or you may use some middleware to do this, to get rid of Service Locator antipattern
import { container } from 'cheap-di';
const service = container.resolve(Service);
service.doSome();
But if you can't use transformers you still may use cheap-di with decorators:
import { inject } from 'cheap-di';
abstract class SessionAccessor {
abstract getSession(): string;
}
abstract class Logger {
abstract debug(message: string): void;
}
abstract class InfoLogger extends Logger {}
abstract class ErrorLogger extends Logger {}
// non-classes-arguments specified as "unknown"
@inject('unknown', SessionAccessor)
class ConsoleLogger implements Logger {
constructor(public prefix: string, private sessionAccessor: SessionAccessor) {}
debug(message: string) {
console.log(`[${this.sessionAccessor.getSession()}] ${this.prefix}: ${message}`);
}
}
class Service {
constructor(private logger: InfoLogger) {}
doSome() {
this.logger.debug('Hello world!');
}
}
// somewhere
import { container } from 'cheap-di';
const infoPrefix = 'INFO: ';
container.registerType(ConsoleLogger).as(InfoLogger).with(infoPrefix);
const errorPrefix = 'ERROR: ';
container.registerType(ConsoleLogger).as(ErrorLogger).with(errorPrefix);
// somewhere in inside your code
// or you may use some middleware to do this, to get rid of Service Locator antipattern
import { container } from 'cheap-di';
const service = container.resolve(Service);
service.doSome();
If you would like to specify implementation of your interface:
import { container } from 'cheap-di';
abstract class Service {/**/}
class ServiceImpl extends Service {/**/}
container
.registerImplementation(ServiceImpl)
.as(Service);
Or if you want to inject some parameters to its constructor:
import { container } from 'cheap-di';
class Some {
constructor(private name: string) {}
}
container
.registerImplementation(Service)
.inject('some name');
Or if you want to have only one instance of the implementation class:
import { container } from 'cheap-di';
class Some {}
container
.registerImplementation(Service)
.asSingleton();
And singleton also may be used with interface specification:
import { container } from 'cheap-di';
abstract class Service {/**/}
class ServiceImpl extends Service {/**/}
container
.registerImplementation(ServiceImpl)
.asSingleton(Service);
And even with argument injection:
import { container } from 'cheap-di';
abstract class Service {/**/}
class ServiceImpl extends Service {
constructor(private name: string) {
super();
}
}
container
.registerImplementation(ServiceImpl)
.asSingleton(Service)
.inject('some name');
If you want to register some instance as interface
import { container } from 'cheap-di';
abstract class Database {
abstract get(): Promise<string>;
}
const db: Database = {
async get() {
return Promise.resolve('name1');
},
};
container.registerInstance(db).as(Database);
You can see more examples in cheap-di/src/ContainerImpl.test.ts
FAQs
Easy way to create nice web routes for you application
The npm package cheap-di receives a total of 94 weekly downloads. As such, cheap-di popularity was classified as not popular.
We found that cheap-di demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.