Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
2.0 is the current stable Falcor release. 0.x and 1.x users are welcome to upgrade.
Issues we're tracking as part of our roadmap are tagged with the roadmap label. They are split into enhancement, stability, performance, tooling, infrastructure and documentation categories, with near, medium and longer term labels to convey a broader sense of the order in which we plan to approach them.
You can check out a working example server for Netflix-like application right now. Alternately, you
can go through this barebones tutorial in which we use the Falcor Router to
create a Virtual JSON resource. In this tutorial we will use Falcor's express
middleware to serve the Virtual JSON resource on an application server at the
URL /model.json
. We will also host a static web page on the same server which
retrieves data from the Virtual JSON resource.
In this example we will use the falcor Router to build a Virtual JSON resource
on an app server and host it at /model.json
. The JSON resource will contain
the following contents:
{
"greeting": "Hello World"
}
Normally, Routers retrieve the data for their Virtual JSON resource from backend datastores or other web services on-demand. However, in this simple tutorial, the Router will simply return static data for a single key.
First we create a folder for our application server.
$ mkdir falcor-app-server
$ cd falcor-app-server
$ npm init
Now we install the falcor Router.
$ npm install falcor-router --save
Then install express and falcor-express. Support for restify is also available, as is support for hapi via a third-party implementation.
$ npm install express --save
$ npm install falcor-express --save
Now we create an index.js
file with the following contents:
// index.js
const falcorExpress = require('falcor-express');
const Router = require('falcor-router');
const express = require('express');
const app = express();
app.use('/model.json', falcorExpress.dataSourceRoute(function (req, res) {
// create a Virtual JSON resource with single key ('greeting')
return new Router([
{
// match a request for the key 'greeting'
route: 'greeting',
// respond with a PathValue with the value of 'Hello World.'
get: () => ({path: ['greeting'], value: 'Hello World'})
}
]);
}));
// serve static files from current directory
app.use(express.static(__dirname + '/'));
app.listen(3000);
Now we run the server, which will listen on port 3000
for requests for
/model.json
.
$ node index.js
Now that we've built a simple virtual JSON document with a single read-only key
greeting
, we will create a test web page and retrieve this key from the
server.
Create an index.html
file with the following contents:
<!-- index.html -->
<html>
<head>
<!-- Do _not_ rely on this URL in production. Use only during development. -->
<script src="https://netflix.github.io/falcor/build/falcor.browser.js"></script>
<!-- For production use. -->
<!-- <script src="https://cdn.jsdelivr.net/falcor/{VERSION}/falcor.browser.min.js"></script> -->
<script>
var model = falcor({source: new falcor.HttpDataSource('/model.json') });
// retrieve the "greeting" key from the root of the Virtual JSON resource
model.
get('greeting').
then(function(response) {
document.write(response.json.greeting);
});
</script>
</head>
<body>
</body>
</html>
Now visit http://localhost:3000/index.html
and you should see the message
retrieved from the server:
Hello World
git checkout master
to open master
branch locallygit pull
to merge latest code, including built dist/
and docs/
by Travisnpm run prepare
to build dist/
locallynpm version patch
(or minor
, major
, etc) to create a new git commit and taggit push origin master && git push --tags
to push code and tags to githubnpm publish
to publish the latest version to NPMFor detailed high-level documentation explaining the Model, the Router, and JSON Graph check out the Falcor website.
For a working example of a Router, check out the falcor-router-demo.
For questions and discussion, use Stack Overflow.
FAQs
A JavaScript library for efficient data fetching.
The npm package falcor receives a total of 0 weekly downloads. As such, falcor popularity was classified as not popular.
We found that falcor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 18 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.