Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The fp-ts npm package is a library for functional programming in TypeScript. It provides developers with tools to write code in a functional style, leveraging concepts like type-safe functional combinators, monads, and other abstractions that enable expressive and concise code.
Option Type
The Option type represents encapsulation of an optional value. A value of type Option<T> can either be some<T> if it exists or none if it does not. This is useful for handling cases where a value might be missing without resorting to null or undefined.
import { Option, some, none } from 'fp-ts/Option';
function find<T>(predicate: (a: T) => boolean, arr: T[]): Option<T> {
for (const item of arr) {
if (predicate(item)) {
return some(item);
}
}
return none;
}
const result = find(x => x > 10, [1, 2, 3]);
console.log(result); // output: none
Either Type
The Either type represents a value of one of two possible types (a disjoint union). An instance of Either is either an instance of left or right. It is useful for error handling where left can be used to hold an error value and right can hold a success value.
import { Either, left, right } from 'fp-ts/Either';
function divide(a: number, b: number): Either<string, number> {
return b === 0 ? left('Cannot divide by zero') : right(a / b);
}
const result = divide(10, 0);
console.log(result); // output: left('Cannot divide by zero')
IO Type
The IO type represents a computation that can perform side effects when executed. It is a way to manage side effects in a functional way by deferring their execution.
import { IO } from 'fp-ts/IO';
const log: IO<void> = () => console.log('Hello, fp-ts!');
log(); // output: 'Hello, fp-ts!'
Function Composition
Function composition is a core concept in functional programming, allowing you to combine multiple functions into a single function. The flow function from fp-ts helps you to compose functions easily.
import { flow } from 'fp-ts/function';
const toUpperCase = (s: string) => s.toUpperCase();
const exclaim = (s: string) => `${s}!`;
const shout = flow(toUpperCase, exclaim);
console.log(shout('hello')); // output: 'HELLO!'
Ramda is a popular functional programming library for JavaScript. It emphasizes a functional style and provides many utilities for working with functions and data. Compared to fp-ts, Ramda is less focused on type safety and does not provide as many abstractions related to category theory.
Sanctuary is a functional programming library that provides type-safe functional data types and utility functions. It is similar to fp-ts in its emphasis on type safety and functional programming concepts, but it has its own set of abstractions and API design choices.
Functional programming in TypeScript
📢 Important Announcement: fp-ts is Joining the Effect-TS Ecosystem!
We are excited to announce that the fp-ts
project is officially merging with the Effect-TS ecosystem. This is a significant step forward in the functional programming landscape, bringing together two powerful libraries under one roof. Giulio Canti, the author of fp-ts
, is being welcomed into the Effect organization, promising an exciting future with enhanced capabilities and support.
What This Means for New Users:
Effect-TS can be regarded as the successor to fp-ts v2
and embodies what would be considered fp-ts v3
. This merger marks a significant evolution in the library's capabilities, integrating more features and functionalities tailored towards robust, type-safe, and scalable functional programming.
For more details on this merger and what it entails, please refer to the official announcement here. Additionally, you can explore more about Effect-TS and its offerings on our website and documentation.
fp-ts
is a library for typed functional programming in TypeScript.
fp-ts
aims to allow developers to use popular patterns and abstractions that are available in most functional languages. For this, it includes the most popular data types, type classes and abstractions such as Option, Either, IO, Task, Functor, Applicative, Monad to empower users to write pure FP apps and libraries built atop higher order abstractions.
A distinctive feature of fp-ts
with respect to other functional libraries is its implementation of Higher Kinded Types, which TypeScript doesn't support natively.
Inspired by
Unsplash https://unsplash.com/
The internet’s source for visuals. |
To install the stable version:
npm install fp-ts
Make sure to always have a single version of fp-ts
installed in your project. Multiple versions are known to cause tsc
to hang during compilation. You can check the versions currently installed using npm ls fp-ts
(make sure there's a single version and all the others are marked as deduped
).
Strictness – This library is conceived, tested and is supposed to be consumed by TypeScript with the strict
flag turned on.
fp-ts version | required typescript version |
---|---|
2.0.x+ | 3.5+ |
1.15.x+ | 3.1+ |
<= 1.14.4 | 2.8+ (*) |
(*) If you are running < typescript@3.0.1
you have to polyfill the unknown
type. You can use unknown-ts as a polyfill.
Disclaimer. Teaching functional programming is out of scope of this project, so the documentation assumes you already know what FP is.
If you need help with fp-ts
check out:
#fp-ts
channel on FP slack.The MIT License (MIT)
2.16.9
Polish
Support strictBuiltinIteratorReturn
, #1949
FAQs
Functional programming in TypeScript
The npm package fp-ts receives a total of 1,813,261 weekly downloads. As such, fp-ts popularity was classified as popular.
We found that fp-ts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.