Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
client-ketchup
Advanced tools
A simple interface for keeping remote clients up to date with their authoritative state
A simple interface for keeping remote clients up to date with their authoritative state
The goal of client-ketchup
is to be a small API for managing the states of a constantly changing set of connected clients.
A server might have an enormous application state object but each client only needs to know about different pieces of this data.
When a specific client's state changes, we generate a small set of string-ified patches to send to them so that they can update (or catch-up) their local state.
This helps avoid sending a massive amount of data over whenever we have new state information to each connected client.
The intended use case was for running multiplayer game servers, but an example potential different case might be a websocket powered real-time database.
$ npm install --save client-ketchup
/*
* On our server
*/
// Use this to generate new client state trackers
var CreateClientStateTracker = require('client-ketchup')
// Create a new client state tracker. You'll typically use one of these and add/remove different clients to it
var CST = CreateClientStateTracker({
differ: require('minimal-object-diff').diff
})
// Add a new client
CST.add('some-client-id-1')
// Update our clients view of the world and then receive a set of JSON stringified patches that we can send over
var minimalPatches = CST.update({foo: 'bar', bazz: 'buzz'})
// Use whatever network protocol you please in order to send updates
myClients['some-client-id-1'].websocket.send(JSON.stringify(minimalPatches))
/*
* Later on our client
*/
var patchObject = require('minimal-object-diff').patch
var minimalPatches = GetPatchesFromServerSomehow()
var myLocalState = GetLocalState()
myLocalState = patchObject(myLocalState, JSON.parse(minimalPatches))
client-ketchup
only concerns itself with helping to keep track of and generate optimized diffs for your client data.
The method of transport
(websocket, server-sent events, carrier pidgen, etc)
is up to the consumer.
Typically you'll already have your network protocol in place and client-ketchup
will be added in to reduce bandwidth.
CST.{add, del, update}
Add a client to our client pool
CST.add('cuid-1')
CST.add('cuid-2', {thisIsOur: 'inital state object'})
Remove a client from our client pool
CST.del('cuid-1')
Overwrite the clients state and receive JSON patches to send to a client
Applying these patches to the old state creates the new state
CST.add('cuid3', {hello: 'world'})
var patches = CST.update('cuid2', {hello: 'mars'})
// Client `cuid3` now has a state of {hello: 'mars'}
// ... Later ... Likely on one of your clients
var patch = require('minimal-object-diff').patch
var patchedObject = patch({hello: 'world'}, JSON.parse(patches))
console.log(patchedObject)
// => {hello: 'mars'}
MIT
FAQs
A simple interface for keeping remote clients up to date with their authoritative state
The npm package client-ketchup receives a total of 7 weekly downloads. As such, client-ketchup popularity was classified as not popular.
We found that client-ketchup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.