Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
division.js
Advanced tools
division.js is just a small boilerplate to have a prototype project demonstrating a centrally managed data model and business logic between a nodejs server and Knockoutjs-based client(s).
Unfortunately there is no official way allowing you to define and manage and maintain data model, business logic functions and validation rules for both sides only at one place.
But this minimalist project gives you a way to achieve this easily with nodejs on the server-side and Knockoutjs on client-side.
No need for "double-entry bookkeeping" as for code/model management or use different syntax or format or tools to describe how you want to manage your data just because you are working on client or on server side.
Quite the opposite. You will see how easy-to-use this project really is. :)
A model is defined/managed by the server-side:
Model definition - server/model.js
This would be the "common understanding" of both sides as for the business processes. You can structure it as you want to to any depth/level.
It contains business logic functions, computed values, static attributes and validation rules. Everything you need.
The model is used to automatically generate mongoose schema and model objects via the mongoose-schemagen.
That library extends the model object with validation services as well, so server can store received objects directly to the DB with automated validation!
The defined model is available to the client(s) via simple REST call using connect-rest and funcsync.
REST services - server/restMaker.js
By retrieving this model (including functions, rules, etc.) via simple GET request,
Client mapping - www/js/shared.js
, the client is able to build up the complete structure using the same funcsync library as the server did and map it nicely and completely to Knockoutjs using the plugins Knockout-Parsley and knockout.mapper.js.
Just a few lines of code!
This way, the client can map it to the UI allowing the user to interact.
After a few seconds, if no validation issue or whatsoever comes up - the data is sent back to the server, where the server builds up a mongoose recodrd by the model generated at start-time. The record will be stored to the DB which functionality includes the validation as weel provided by the lib Vindication.js.
FAQs
Central JS logic management module
We found that division.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.