Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Observable data structures, over the network
There is firebase right?
npm i hub.js
const Hub = require('hub.js')
// creates a hub as a server and as a client
const hub = Hub()
.listen(80)
.connect('ws://someurl.com')
hub.js uses a data structure modelled to closely resemble plain js objects
Elements can be values and objects at the same time, all element are observable
const hub = Hub({
something: 'hello'
})
// .set does a deep merge by default
hub.set({
something: {
field: 'some field'
}
})
hub.get('something').on(() => {
console.log('fires on change!')
})
// object notation for listeners
hub.set({
something: {
on: {
data: () => {} // data emitter type
}
}
})
console.log(hub.serialize()) // serialize casts hub objects to plain objects
// logs { something: { val: 'hello', field: 'some field' }}
const hub = Hub({
something: 'hello'
})
// creates an observable reference
hub.set({
thing: hub.get('something')
})
hub.thing.on(() => {
console.log('hello')
})
hub.something.set('bye')
// fires the listener on hub.thing
hub.set({
bla: [ '@', 'root', 'other']
})
// set something to a reference before it exists
hub.set({
other: 'thing'
})
// will resolve updates for
A simple subscription
client.subscribe(true, (target, type) => {
// fires updates for any update in the hub
console.log('update!', target, type)
})
Setting on the server
server.set('hello!')
// will fire an update on client
A shallow subscription
client.subscribe('shallow', (target, type) => {
// fires updates for any update on the value of the hub, but not nested fields
console.log('update!', target, type)
})
A simple subscription
client.subscribe({
$any: { title: true }
}, (target, type) => {
// fires updates when any field updates a title
console.log('update!', target, type)
})
A complex subscription
client.subscribe({
$any: {
$keys: keys => keys.slice(0, 5),
title: true
}
}, (target, type) => {
// fires updates when any field updates a title but only the first 5
console.log('update!', target, type)
})
A complex subscription with sort
client.subscribe({
$any: {
$keys: (keys, state) => keys.sort((a, b) =>
// get allows you to get a field that does not exist yet
state.get([ a, 'count' ], 0).compute() >
state.get([ b, 'count' ], 0).compute()
).slice(0, 5),
title: true
}
}, (target, type) => {
// fires updates when any field updates a title but only the first 5 sorted by count
console.log('update!', target, type)
})
Switches are probably the most powerful concept in supported in the subscription model, allowing you to branch subscriptions based on certain conditions
client.subscribe({
$any: {
kind: {
$switch: state => {
if (state.compute() === 'dog') {
return {
diet: true
}
} else {
title: true
}
}
}
}
}, (target, type) => {
// fires updates on diet when it finds a dog else fires updates for title
console.log('update!', target, type)
})
FAQs
Seamless realtime communcation
The npm package hub.js receives a total of 106 weekly downloads. As such, hub.js popularity was classified as not popular.
We found that hub.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.