
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
State management lib for choo :v:. Experiment for now. Might become part of
choo
at some point, who knows.
const Model = require('choo-model')
const mount = require('choo/mount')
const html = require('choo/html')
const choo = require('choo')
const app = choo()
app.model(todosModel())
app.router(['/', mainView ])
mount('body', app.start())
function todosModel () {
const model = Model('todos')
model.state({ todos: [] })
model.reducer('add', (state, data) => state.push({ text: data }))
return model.start()
}
function mainView (state, prev, send) {
return html`
<body>
<main><p>Todos: ${state.todos}</p></main>
</body>
`
}
Create a new model instance
Return the model
object, ready for the app.model()
call.
Create a new reducer
Save new state. The resulting state is combined into a single state object under the hood.
Create a new subscription
Create a new effect
Create a new effect
$ npm install choo-model
Because experimenting outside of core is the right way to do things.
Probably the ability to set constraints on send()
calls so they can't access
everything. Also the ability to create graph data based on those constraints.
Perhaps selectors too. Y'know, basic stuff.
Having a solid story for state management is quite important. Some abstractions start to break down once apps grow; we're hitting that point. Everything else is irrelevant if we can't scale and use it ourselves on real projects.
Try it out. Build things on top of it. Build out alternatives.
Yeah, definitely - if this ever makes the cut we can statically analyze the code and precompile the result so it'll have no overhead at runtime. Yay!
FAQs
Experimental state management lib for choo
The npm package choo-model receives a total of 1 weekly downloads. As such, choo-model popularity was classified as not popular.
We found that choo-model demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.