Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
hadron-app-registry
Advanced tools
[!IMPORTANT] Use a plugin instead of a regular component for self-contained parts of the application which may need to keep state beyond the raw React component's lifetime.
Compass uses a special form of React components referred to as Plugins, distinguished from regular components in that they:
These dependencies are generally referred to as Services. For example, logging or telemetry in Compass are generally consumed by plugins as a service.
Compass uses a concept of scopes called App Registries. Currently, there are two levels of nesting:
The lifetime of a plugin's state is not tied to the lifetime of their React component, but rather to the lifetime of the local app registry (or the global one, if there is none).
[!TIP] Most plugins in Compass use a Redux store to keep track of their state. Some legacy plugins may still use Reflux or a similar mechanism where the state is provided to the top-level component of the plugin as a plain object.
Other than tracking plugin lifetimes, app registries provide a communication
channel between plugins by being event emitters.
If possible, new code should avoid this communication channel, as it is untyped
and the specific method of passing messages should be an implementation detail.
Alternative methods of passing messages between plugins include using React
contexts to provide an API that can be used by nested plugins, or if that is
not possible, your plugin can expose methods that other plugins can then access.
(WorkspacesServiceProvider
is currently an example of this pattern.)
For details on the usage of individual components or functions, refer to doc comments in the package itself.
import {
globalAppRegistry,
AppRegistry,
AppRegistryProvider,
registerHadronPlugin,
} from 'hadron-app-registry';
import CompassLogging from '@mongodb-js/compass-logging';
import {
LoggingProvider,
loggingLocator,
} from '@mongodb-js/compass-logging/provider';
const PluginWithLogger = registerHadronPlugin(
{
name: 'LoggingPlugin',
component: function () {
return <>...</>;
},
activate(opts, { logging }) {
logging.log('Plugin activated!');
},
},
{ logging: loggingLocator }
);
ReactDOM.render(
<AppRegistryProvider>
<LoggingProvider>
<PluginWithLogger />
</LoggingProvider>
</AppRegistryProvider>
);
Services are consumed by plugins through service locators, which are functions that return the instance of the service that the plugin is intended to use.
Typically, these functions are implemented using React contexts.
import { createServiceLocator } from 'hadron-app-registry';
const ConnectionStorageContext = createContext<ConnectionStorage | null>(null);
function useConnectionStorageContext(): ConnectionStorage {
const connectionStorage = useContext(ConnectionStorageContext);
if (!connectionStorage) {
throw new Error('...');
}
return connectionStorage;
}
export const ConnectionStorageProvider = ConnectionStorageContext.Provider;
export const connectionStorageLocator = createServiceLocator(
useConnectionStorageContext,
'connectionStorageLocator'
);
[!TIP] If you need to use a service locator from inside a provider component, for example because your service depends on another service, you can use the
createServiceProvider()
method to achieve this. Otherwise, service locators can only be called by plugins during their initial activation.
Plugins consist of:
activate
function that is called before the plugin is first rendered
and which creates a (Redux) store for maintaining plugin state.The activate
function is expected to also return a cleanup function that
is called when the lifetime of the plugin ends (i.e. the local app registry
associated with it is destroyed). In order to make this easier, helpers are
provided that automatically register cleanup functions:
const Plugin = registerHadronPlugin({
name: 'TestPlugin',
component: TestPluginComponent,
activate(props, services, { on, addCleanup, cleanup }) {
const store = configureStore();
// Automatically removes event listeners when plugin is deactivated
on(someEventEmitter, 'some-event', () => ...);
addCleanup(() => { ... });
return { store, deactivate: cleanup };
}
}, { /* services */});
[!NOTE] The
props
andservices
parameters reflect the React properties passed to the plugin (Plugin
in the example above) at the time of the first instantiation and the services returned by the service locators at that time; changes to the values returned from these will not have an effect on the already-instantiated plugin.
For easier testing, plugins can be rendered with fixed services that are not looked up through the usual service locators. Additionally, the rendering of child plugins can be disabled, which can be used to speed up tests or avoid having to specify service dependencies for those child plugins.
import {
render,
cleanup,
screen,
waitFor,
} from '@mongodb-js/testing-library-compass';
const PluginWithMockServices = WorkspacesPlugin.withMockServices(
{
dataService: sinon.stub(),
},
{ disableChildPluginRendering: true }
);
return render(<PluginWithMockServices />);
FAQs
Hadron App Registry
The npm package hadron-app-registry receives a total of 454 weekly downloads. As such, hadron-app-registry popularity was classified as not popular.
We found that hadron-app-registry demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.