Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
graph-cache
Advanced tools
This library provides easy way to build and maintain persistent dependency graph for any type of files/languges. It provides a high-level set of operations on graph to fulfill common use cases, when working with dependency graphs.
This library provides easy way to build and maintain persistent dependency graph for any type of files/languges. It provides a high-level set of operations on graph to fulfill common use cases, when working with dependency graphs.
graph-cache
is language agnostic, you can provide a parser for any type of files (JS, LESS, SASS, etc).
This library is built on top of the graphlib npm package.
The simplest use case is if you want to build persistent cache for some language that supports importing files from other files.
The reason I created it was that I needed to build persitent cache for LESS
language.
Project I was working on consisted of hundreds of files, and I wanted to recompile only those that changed while deploying code.
npm install --save graph-cache
const createGraphCache = require('graph-cache');
const gcache = createGraphCache(parser, sign, {
persistence: false
});
gcache.then((cache) => cache.checkFile(file, name));
API
const createGraphCache = require('graph-cache');
const gcache = createGraphCache(parser, sign, opts);
sign function
, file Buffer
and file name.parser(sign, file, filename)
Parser
function should return Promise
that resolves into full dependecy graph of given file as an instance of graphlib
graph. Example of parser function is graph-cache-less.
Buffer
and returns string (hash), that identifies this file, i.e. md5.{
persistence: 'test.txt', // string, file name where graph will be stored
g: new Graph({ directed: true }), // initial graph, ignored if persistence is set
targetFs: fs, // if you want to store graph in memory for some reasons
cacheVersion: false, // this is the version, that should match the version stored in cache file,
//if differs, cache will be discarded
}
Returns Promise
, that will resolve into Cache
object.
It container cache API.
This method allows tou to check whether this file or its deps has changed.
Buffer
with file contentsReturns Promise
that will reolve into false if file or its dependecies has changed, otherwise it will be resolved into true.
This method allows you to update your cache with file and its dependecy subgraph and merge it to existing graph.
Changes won't take effect until you call swapGraphs
.
Buffer
with file contentsThis method allows you to obtain all leaf-files, that depend on the given file.
Buffer
with file contentsReturns Promise
that will be resolved int list with leaf-file names.
This method allows you to save graph to disk or target fs.
Returns Promise
when saving is done.
When you call rebuildFromFile
resulting graph is not yet used, until you call this method.
This is a way of commiting
changes to your dependency graph.
Returns null
This library is tested using Mocha
and Chai
. You can run test suit with npm test
.
You can run npm run test-watch
to rerun tests on file updates.
This library is written using ES6 code.
Before pushing run npm run build
to generate ES5 compatible js code.
Issues and PR's are welcomed here.
FAQs
This library provides easy way to build and maintain persistent dependency graph for any type of files/languges. It provides a high-level set of operations on graph to fulfill common use cases, when working with dependency graphs.
We found that graph-cache demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.