Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Observable data structures, over the network
There is firebase right?
npm i hub.js
const Hub = require('hub.js')
// creates a hub as a server and as a client
const hub = Hub()
.listen(80)
.connect('ws://someurl.com')
hub.js uses a data structure modelled to closely resemble plain js objects
Elements can be values and objects at the same time, all element are observable
const hub = Hub({
something: 'hello'
})
// .set does a deep merge by default
hub.set({
something: {
field: 'some field'
}
})
hub.get('something').on(() => {
console.log('fires on change!')
})
// object notation for listeners
hub.set({
something: {
on: {
data: () => {} // data emitter type
}
}
})
console.log(hub.serialize()) // serialize casts hub objects to plain objects
// logs { something: { val: 'hello', field: 'some field' }}
const hub = Hub({
something: 'hello'
})
// creates an observable reference
hub.set({
thing: hub.get('something')
})
hub.thing.on(() => {
console.log('hello')
})
hub.something.set('bye')
// fires the listener on hub.thing
hub.set({
bla: [ '@', 'root', 'other']
})
// set something to a reference before it exists
hub.set({
other: 'thing'
})
// will resolve updates for
A simple subscription
client.subscribe(true, (target, type) => {
// fires updates for any update in the hub
console.log('update!', target, type)
})
Setting on the server
server.set('hello!')
// will fire an update on client
A shallow subscription
client.subscribe('shallow', (target, type) => {
// fires updates for any update on the value of the hub, but not nested fields
console.log('update!', target, type)
})
A simple subscription
client.subscribe({
$any: { title: true }
}, (target, type) => {
// fires updates when any field updates a title
console.log('update!', target, type)
})
A complex subscription
client.subscribe({
$any: {
$keys: keys => keys.slice(0, 5),
title: true
}
}, (target, type) => {
// fires updates when any field updates a title but only the first 5
console.log('update!', target, type)
})
A complex subscription with sort
client.subscribe({
$any: {
$keys: (keys, state) => keys.sort((a, b) =>
// get allows you to get a field that does not exist yet
state.get([ a, 'count' ], 0).compute() >
state.get([ b, 'count' ], 0).compute()
).slice(0, 5),
title: true
}
}, (target, type) => {
// fires updates when any field updates a title but only the first 5 sorted by count
console.log('update!', target, type)
})
Switches are probably the most powerful concept in supported in the subscription model, allowing you to branch subscriptions based on certain conditions
client.subscribe({
$any: {
kind: {
$switch: state => {
if (state.compute() === 'dog') {
return {
diet: true
}
} else {
title: true
}
}
}
}
}, (target, type) => {
// fires updates on diet when it finds a dog else fires updates for title
console.log('update!', target, type)
})
FAQs
Seamless realtime communcation
The npm package hub.js receives a total of 38 weekly downloads. As such, hub.js popularity was classified as not popular.
We found that hub.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.