Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
A javascript utility library for working with event streams in the browser.
Estreams, or event streams, are a simple abstraction for reacting to async events. Estreams deal with three different event types: data, error, and end. Estreams at their most basic are stateless transfer tools that just take in events and push them out to consumers. Unlike many other reactive libraries that conflate the concept of data streams, event streams, observables and even data within static arrays, Estream tackles a single use-case and that is async events, which can happen once or continuously throughout the life-cycle of an app.
var backendStream = estream(function(push, error, end) {
pollForData(function(err, res) {
if (err) {
error(err);
} else {
push(res);
}
});
});
backendStream.onData(function(data) {
// got some data
});
backendStream.onError(function(error) {
// got an error
});
Use the combine function: var estream3 = ES.combine([estream1, estream2])
: this wil flow data and errors from both estream1 and estream2 into estream3. However, the combined stream will not end until all of it's parent/source estreams have ended.
An object passed as the second parameter when creating new estreams.
getBuffer
.This library was inspired by my own need to create a predictable way to work with events that you want to transform, combine and observe. I've used a lot of stream and observable libraries but found that there were certain aspects of them that I found confusing or problematic. Estream tries to create a very simple abstraction for dealing with async events in the client.
I was heavily influenced by (and probably directly stole code) from flyd, highland, RxJs, and Bacon
FAQs
A javascript library with a simplified take on event streams.
The npm package estream receives a total of 5 weekly downloads. As such, estream popularity was classified as not popular.
We found that estream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.