Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
flux-standard-action
Advanced tools
Unfortunately I (timche) don't have the required time anymore to maintain this library and give it the necessary attention. Therefore I'm looking for maintainers that are willing to take care of this library on a long-term basis.
Requirements:
It's also possible to join redux-utilities, an umbrella organization of complementing redux utility libraries like this one, to take care of few or all libraries. Please let me know if you are interested in that.
Please send me an email (adress on my profile) with the subject "flux-standard-action" and some information about you, if you want to be a maintainer.
A human-friendly standard for Flux action objects. Feedback welcome.
It's much easier to work with Flux actions if we can make certain assumptions about their shape. For example, essentially all Flux actions have an identifier field, such as type
, actionType
, or actionId
. Many Flux implementations also include a way for actions to indicate success or failure, especially as the result of a data-fetching operation. Defining a minimal, common standard for these patterns enables the creation of useful tools and abstractions.
Flux actions can be thought of as an asynchronous sequence of values. It is important for asynchronous sequences to deal with errors. Currently, many Flux implementations don't do this, and instead define separate action types like LOAD_SUCCESS
and LOAD_FAILURE
. This is less than ideal, because it overloads two separate concerns: disambiguating actions of a certain type from the "global" action sequence, and indicating whether or not an action represents an error. FSA treats errors as a first class concept.
A basic Flux Standard Action:
{
type: 'ADD_TODO',
payload: {
text: 'Do something.'
}
}
An FSA that represents an error, analogous to a rejected Promise:
{
type: 'ADD_TODO',
payload: new Error(),
error: true
}
An action MUST
type
property.An action MAY
error
property.payload
property.meta
property.An action MUST NOT include properties other than type
, payload
, error
, and meta
.
type
The type
of an action identifies to the consumer the nature of the action that has occurred. type
is a string constant. If two types are the same, they MUST be strictly equivalent (using ===
).
payload
The optional payload
property MAY be any type of value. It represents the payload of the action. Any information about the action that is not the type
or status of the action should be part of the payload
field.
By convention, if error
is true
, the payload
SHOULD be an error object. This is akin to rejecting a promise with an error object.
error
The optional error
property MAY be set to true
if the action represents an error.
An action whose error
is true is analogous to a rejected Promise. By convention, the payload
SHOULD be an error object.
If error
has any other value besides true
, including undefined
and null
, the action MUST NOT be interpreted as an error.
meta
The optional meta
property MAY be any type of value. It is intended for any extra information that is not part of the payload.
The module flux-standard-action
is available on npm. It exports a few utility functions.
isFSA(action)
import { isFSA } from 'flux-standard-action';
Returns true if action
is FSA compliant.
isError(action)
import { isError } from 'flux-standard-action';
Returns true if action
represents an error.
FAQs
A human-friendly standard for Flux action objects
The npm package flux-standard-action receives a total of 80,765 weekly downloads. As such, flux-standard-action popularity was classified as popular.
We found that flux-standard-action demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.