Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
express-yui
Advanced tools
Express extension for YUI Applications.
This compontent extends express by adding a new member to the
express application thru app.yui
. This object is responsible
for exposing the yui_config
and yui_seed
configurations into
the view engine. Also, it provides a set of runtime
utilities that can be used to customize the YUI config for
the client side, creates a Y instance on the server side when
needed to provide access to the registered modules on the server
side, and provides a set of middleware to expose data into the
runtime and the client side.
Install using npm:
$ npm install express-yui
static
assets from origin server, including
combo capabilities built-in.expose
yui_config
and yui_seed
into the view engine
so they can be used in the templates to boot YUI in the client side.app.yui.use()
as compiled templates.express-yui
is a conventional express
extension, which means it will extend
the functionalities provided on express
by augmenting the express app instance
with a new member called yui
. At the same time, express-yui
provides a set of
static methods that you can call directly off the express-yui
module, those
methods are utility methods and express middleware.
Aside from that, express-yui
will try to extend the express
peer dependency to
augment the app instance automatically everytime you call express()
to create a
brand new instance. This is useful, and in most cases just enough. Here is an example:
var express = require('express'),
yui = require('express-yui'),
app = express();
app.yui.applyConfig({ foo: 'something' });
As you can see in the example above, the yui
member is now available for the app, and
the only thing you have to keep in mind is the order of the require
statements.
But this is not always the case. Sometimes you have a 3rd party module that is requiring
express
, and even creating the app under the hood, in which case you can just augment
an existing express app instance by doing this:
var yui = require('express-yui'),
express = require('express'),
app = express();
// calling a yui static method to augment the `express` app instance
yui.augment(app);
app.yui.applyConfig({ foo: 'something' });
TBD
TBD
app.yui.setCoreFromAppOrigin();
app.yui.registerGroup('foo', 'path/to/foo-1.2.3'); // if you use locator, this is not needed
app.use(yui.static());
With this configuration, a group called foo
with version 1.2.3
, and yui
version 3.10.2
, it will produce urls like these:
If you plan to serve the build folder from CDN, then make sure you set that before registering any group, so loader can know about it. Here is the example:
app.yui.setCoreFromCDN();
app.set('yui combo config', {
comboBase: 'http://mycdn.com/path/to/combo?',
comboSep: '&',
maxURLLength: 1024
});
app.set('yui default base', 'http://mycdn.com/path/to/static/{{groupDir}}/');
app.set('yui default root', 'static/{{groupDir}}/');
app.yui.registerGroup('foo', 'path/to/foo-1.2.3'); // if you use locator, this is not needed
in which case you don't need to use yui.static
middleware since you are not
serving local files.
With this configuration, a group called foo
with version 1.2.3
will produce urls like these:
This software is free to use under the Yahoo! Inc. BSD license. See the LICENSE file for license text and copyright information.
See the CONTRIBUTE file for info.
FAQs
Express extension for YUI Applications
The npm package express-yui receives a total of 21 weekly downloads. As such, express-yui popularity was classified as not popular.
We found that express-yui demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.