Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Foliage is lightweight tree that operates on a tree of JavaScript primitives. It is inspired by many Cursors libraries/frameworks (see prior art), however it is not nearly as ambitious. Specifically, it sacrifices robustness and purity for the benefit of build size.
Foliage can retrieve and set data similarly to an ES6 map
let plant = new Foliage({ berries: true })
// retrieve state
plant.get('berries') // true
// set state
plant.set('berries', false)
// remove state
plant.remove('berries')
graft
will clone an instance of Foliage and place a cursor to a
point within its tree:
let plant = new Foliage({ berries: true })
plant.graft('berries').valueOf() // => true
let oak = new Foliage({
squirrels: {
squeakem: { weight: 2, height: 12 }
chatters: { weight: 5, height: 8 }
}
})
let squirrels = oak.graft('squirrels')
In this example, squirrels
is a subset of oak
focused on the
squirrels
key. Under the hood, they point to the same underlying
data. This means if you set
in squirrel
, oak
will be modified as
well:
squirrels.set(['squeakem', 'weight'], 5)
oak.get(['squirrels', 'squeakem', 'weight']) // => 5
A couple of things are going on here. First, set
is used to modify
data. Second, both get
and set
accept an array of keys. When given
an array, they will traverse the tree for the leaf value instead of
just returning the key from the most immediate level.
There is nothing novel about Foliage, it shamelessly mimics:
FAQs
Styled Components for forest
The npm package foliage receives a total of 5,212 weekly downloads. As such, foliage popularity was classified as popular.
We found that foliage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.