Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
fluid-framework
Advanced tools
The fluid-framework
package bundles a collection of Fluid Framework client libraries for easy use when paired with a corresponding service client package (e.g. @fluidframework/azure-client
, @fluidframework/tinylicious-client
, or @fluidframework/odsp-client (BETA)
).
This package reexports these APIs from other Fluid client packages reducing the number of direct package dependencies needed.
There are some packages there are not included as part of this fluid-framework
package which users may want to use with this package:
@fluidframework/azure-client
, @fluidframework/odsp-client (BETA)
, or @fluidframework/tinylicious-client
for local development) to allow connecting to a Fluid service.@fluidframework/app-insights-logger
: to route Fluid telemetry to Azure App Insights.When taking a dependency on a Fluid Framework library's public APIs, we recommend using a ^
(caret) version range, such as ^1.3.4
.
While Fluid Framework libraries may use different ranges with interdependencies between other Fluid Framework libraries,
library consumers should always prefer ^
.
If using any of Fluid Framework's unstable APIs (for example, its beta
APIs), we recommend using a more constrained version range, such as ~
.
To get started, install the package by running the following command:
npm i fluid-framework
This package leverages package.json exports to separate its APIs by support level. For more information on the related support guarantees, see API Support Levels.
To access the public
(SemVer) APIs, import via fluid-framework
like normal.
To access the legacy
APIs, import via fluid-framework/legacy
.
API documentation for fluid-framework is available at https://fluidframework.com/docs/apis/fluid-framework.
The fluid-framework
package consists primarily of two portions: the IFluidContainer
and a selection of distributed data structures (DDSes).
The IFluidContainer interface is one of the types returned by calls to createContainer()
and getContainer()
on the service clients such as AzureClient
.
It includes functionality to retrieve the Fluid data contained within, as well as to inspect the state of the collaboration session connection.
You'll use one or more DDS data structures in your container to model your collaborative data.
The fluid-framework
package offers the following data structures:
SharedMap
is now marked legacy. Please use SharedTree
for any new development.Check out the Hello World tutorial using fluid-framework
.
These are the platform requirements for the current version of Fluid Framework Client Packages. These requirements err on the side of being too strict since within a major version they can be relaxed over time, but not made stricter. For Long Term Support (LTS) versions this can require supporting these platforms for several years.
It is likely that other configurations will work, but they are not supported: if they stop working, we do not consider that a bug. If you would benefit from support for something not listed here, file an issue and the product team will evaluate your request. When making such a request please include if the configuration already works (and thus the request is just that it becomes officially supported), or if changes are required to get it working.
strict
options are supported.strictNullChecks
is required.exactOptionalPropertyTypes
is currently not fully supported.
If used, narrowing members of Fluid Framework types types using in
, Reflect.has
, Object.hasOwn
or Object.prototype.hasOwnProperty
should be avoided as they may incorrectly exclude undefined
from the possible values in some cases.Node16
, NodeNext
, or Bundler
resolution should be used with TypeScript compilerOptions to follow the Node.js v12+ ESM Resolution and Loading algorithm.
Node10 resolution is not supported as it does not support Fluid Framework's API structuring pattern that is used to distinguish stable APIs from those that are in development.
ES Modules: ES Modules are the preferred way to consume our client packages (including in NodeJs) and consuming our client packages from ES Modules is fully supported.
CommonJs: Consuming our client packages as CommonJs is supported only in NodeJS and only for the cases listed below. This is done to accommodate some workflows without good ES Module support. If you have a workflow you would like included in this list, file an issue. Once this list of workflows motivating CommonJS support is empty, we may drop support for CommonJS one year after notice of the change is posted here.
There are many ways to contribute to Fluid.
Detailed instructions for working in the repo can be found in the Wiki.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain Microsoft trademarks or logos for Microsoft projects, products, or services. Use of these trademarks or logos must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Not finding what you're looking for in this README? Check out fluidframework.com.
Still not finding what you're looking for? Please file an issue.
Thank you!
This project may contain Microsoft trademarks or logos for Microsoft projects, products, or services.
Use of these trademarks or logos must follow Microsoft's Trademark & Brand Guidelines.
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
FAQs
The main entry point into Fluid Framework public packages
The npm package fluid-framework receives a total of 1,036 weekly downloads. As such, fluid-framework popularity was classified as popular.
We found that fluid-framework demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.