Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
choo-model 
State management lib for choo :v:. Experiment for now. Might become part of
choo at some point, who knows.
Usage
const Model = require('choo-model')
const mount = require('choo/mount')
const html = require('choo/html')
const choo = require('choo')
const app = choo()
app.model(todosModel())
app.router(['/', mainView ])
mount('body', app.start())
function todosModel () {
const model = Model('todos')
model.state({ todos: [] })
model.reducer('add', (state, data) => state.push({ text: data }))
return model.start()
}
function mainView (state, prev, send) {
return html`
<body>
<main><p>Todos: ${state.todos}</p></main>
</body>
`
}
API
model = Model(namespace?)
Create a new model instance
model.start()
Return the model object, ready for the app.model() call.
model.reducer(name, reducer)
Create a new reducer
model.state(state)
Save new state. The resulting state is combined into a single state object under the hood.
model.subscription(name, subscription)
Create a new subscription
model.effect(name, effect)
Create a new effect
model.effect(name, effect)
Create a new effect
Installation
$ npm install choo-model
FAQ
Why?
Because experimenting outside of core is the right way to do things.
What can we expect to land in here?
Probably the ability to set constraints on send() calls so they can't access
everything. Also the ability to create graph data based on those constraints.
Perhaps selectors too. Y'know, basic stuff.
Why aren't you doing X first?
Having a solid story for state management is quite important. Some abstractions start to break down once apps grow; we're hitting that point. Everything else is irrelevant if we can't scale and use it ourselves on real projects.
How can I contribute?
Try it out. Build things on top of it. Build out alternatives.
Is this optimizable?
Yeah, definitely - if this ever makes the cut we can statically analyze the code and precompile the result so it'll have no overhead at runtime. Yay!
License
Keywords
FAQs
Experimental state management lib for choo
The npm package choo-model receives a total of 1 weekly downloads. As such, choo-model popularity was classified as not popular.
We found that choo-model demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Oct 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025