Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Javascript Performant Functional Programming Experiment in Typescript
I'm glad you asked. This started when I was interviewing potential candidates for our development team.
As any interview, I would ask questions about their experience, their passions, education, etc, and then move on to do a simple and fairly well-known in-person coding test: FizzBuzz. I like using this test as it's simple enough that any developer should be able to do it on the spot in any language the developer is most comfortable with. It's a great way to gauge the interviewees creative process, if they can read/understand the problem fully, then ask questions about why they chose to do it one way vs another and bring up any potential issues and how they would solve those.
The test gives a simple problem which follows:
That's it. Like any problem, there's a lot of different interpretations, perspectives and possible solutions which gives a keen insight on what type of developer they are. This experiment started once I met one particular developer that was so keen on functional programming that he solved the issue like so:
console.log(
Array.from(new Array(100))
.map((v, index) => index)
.reverse()
.map(v => v%5 + v%3 === 0 ? 'fizzbuzz': v)
.map(v => v%3 === 0 ? 'fizz': v)
.map(v => v%5 === 0 ? 'buzz': v)
.join('\n')
)
It worked and in my opinion is an easily understandable and succinct solution, however, it's horribly inefficient since there are essentially 7 different loops:
console.log(
Array.from(new Array(100)) // Loop 1 - Create array
.map((v, index) => index) // Loop 2 - Set index as value
.reverse() // Loop 3 - Reverse index order from 100 to 1
.map(v => v%5 + v%3 === 0 ? 'fizzbuzz': v) // Loop 4 - Check divisibility for both 3 and 5
.map(v => v%3 === 0 ? 'fizz': v) // Loop 5 - Check divisibility for 3
.map(v => v%5 === 0 ? 'buzz': v) // Loop 6 - Check divisibility for 5
.join('\n') // Loop 7 - Combine all items with newline separator for print
)
It got me thinking, functional programming is super readable but often times not practical since a single for loop will be much more performant or you can use a single map which makes it less readable.
OR
I can just create a small library that takes all of these beautiful functional methods and makes them performant by not looping through every item every time, but going item by item for every functional method essentially making it a single loop.
Clearly, I've gone mad.
There are 2 ways to use this library, either by importing it:
import funk from "funkotron";
const array = [1, 2, 3, 4];
const result = funk(Array.from(new Array(100)))
.map((_, index) => 100 - index)
.map(v => v % 5 + v % 3 === 0 ? "fizzbuzz" : v)
.map(v => v % 3 === 0 ? "fizz" : v)
.map(v => v % 5 === 0 ? "buzz" : v)
.done()
Or by setting the Array.prototype
globally:
import "funkotron/prototype";
const result = Array.from(new Array(100))
.funk()
.map((_, index) => 100 - index)
.map(v => v % 5 + v % 3 === 0 ? "fizzbuzz" : v)
.map(v => v % 3 === 0 ? "fizz" : v)
.map(v => v % 5 === 0 ? "buzz" : v)
.done()
This is not production ready code and would need a much better way to do things. This was simply an experiment on how to potentially make functional programming much faster. It is not a complete library and only supports 3 functions (map, forEach and filter) and there needs lots of typing improvements to make it easier to work with in Typescript.
Use at your own peril.
FAQs
Javacript Functional Programming Experiment
We found that funkotron demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.