Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
io.extendreality.malimbe
Advanced tools
A collection of tools to simplify writing public API components in Unity.
Malimbe
A collection of tools to simplify writing public API components in Unity.
Malimbe is a collection of tools to simplify writing public API components in Unity.
By taking the assemblies that are created by build tools and changing the assembly itself, repetetive boilerplate can be reduced, new functionality can be introduced and logic written as part of the source code can be altered. This process is called Intermediate Language (IL) weaving and Malimbe uses Fody to do it.
Malimbe helps running Fody and Fody addins without MSBuild or Visual Studio and additionally offers running them inside Unity by integrating with Unity's compilation and build pipeline. Multiple weavers come with Malimbe to help with boilerplate one has to write when creating Unity components that are intended for public consumption. This includes a form of "serialized properties", getting rid of duplicated documentation through XML documentation and the [Tooltip]
attribute as well as weavers that help with ensuring the API is able to be called from UnityEvent
s.
Branch | Version | Explanation |
---|---|---|
latest | Stable, production-ready | |
next | Experimental, not production-ready |
Releases follow the Semantic Versioning (SemVer) system.
Please follow these steps to install the package using a local location until Unity's Package Manager (UPM) allows third parties to publish packages to the UPM feed:
>= 2018.3
) project and follow Unity's instructions on how to add the package to your project using UPM.FodyWeavers.xml
file.<?xml version="1.0" encoding="utf-8"?>
<Weavers>
<Malimbe.FodyRunner>
<LogLevel>Error</LogLevel>
</Malimbe.FodyRunner>
<Malimbe.SerializedProperty/>
<Malimbe.ClearPropertyMethod>
<NamespaceFilter>^My.Namespace.Example</NamespaceFilter>
</Malimbe.ClearPropertyMethod>
<Malimbe.ValidatePropertiesMethod>
<NamespaceFilter>^My.Namespace.Example</NamespaceFilter>
</Malimbe.ValidatePropertiesMethod>
<Malimbe.XmlDocumentationToFieldTooltip>
<NamespaceFilter>^My.Namespace.Example</NamespaceFilter>
</Malimbe.XmlDocumentationToFieldTooltip>
</Weavers>
As with any Fody weaver configuration the order of weavers is important in case a weaver should be applying to the previous weaver's changes.Additional weavers are supported. To allow Malimbe's Unity integration to find the weavers' assemblies they have to be included anywhere in the Unity project or in one of the UPM packages the project uses.
Malimbe is a collection of tools. Each project represents a solution to a specific issue:
FodyRunner
: A standalone library that allows running Fody without MSBuild or Visual Studio.
Use the XML element LogLevel
to specify which log messages should be sent to the logger instance. Valid values are
None
(or don't specify LogLevel
)Debug
Info
Warning
Error
All
Separate multiple levels by using multiple XML elements or separate inside an XML element by using any form of whitespace including newlines or commas.
FodyRunner.UnityIntegration
: Weaves assemblies in the Unity Editor after Unity compiled them as well as builds. The weaving is done by utilizing FodyRunner
.
Tools/Malimbe/Weave All Assemblies
allows to manually trigger the weaving process for all assemblies in the current project. This is useful when a FodyWeavers.xml
file was changed.SerializedProperty.Fody
: A Unity-specific weaver. Ensures the backing field for a property annotated with [SerializedProperty]
is serialized. If a T SetPropertyName(T, T)
method exists it will be used in the property's setter before existing instructions.
[SerializedProperty]
to use this. Note that the attribute's constructor allows specifying whether the backing field should be hidden in the Unity inspector (false by default). Hiding the property from the inspector (e.g. in the UnityEvent listener picker) is not supported by Unity.T SetPropertyName(T, T)
methods that act as a setter addition on the same type that declares the property (of type T
). A call to this method will be added to the start of the existing setter. The accessibility level of the method doesn't matter and the name lookup is case insensitive.[SerializeField]
it will be added.int Counter { get; set; }
will use a backing field called counter
.bool isValid { get; private set; }
will use a backing field called IsValid
.ClearPropertyMethod.Fody
: A generic weaver. Creates ClearProperty()
methods for any property that is of reference type and has a setter. Sets the property via its setter to null
in this new method.
NamespaceFilter
. The elements' values are used as (.NET Standard's) regular expressions.ValidatePropertiesMethod.Fody
: A generic weaver (though made for Unity). Ensures there's an public OnValidate()
method for any type that has properties with setters. For each property it does Property = Property;
in this new method.
NamespaceFilter
. The elements' values are used as (.NET Standard's) regular expressions.OnValidate
the method name can be customized with the XML attribute MethodName
, e.g.:
<Malimbe.ValidatePropertiesMethod MethodName="Validate">
<NamespaceFilter>^My.Namespace.Example</NamespaceFilter>
</Malimbe.ValidatePropertiesMethod>
XmlDocumentationToFieldTooltip.Fody
: A generic weaver (though made for Unity). Looks up the XML <summary>
documentation for any field that is public or uses [SerializeField]
and ensures [Tooltip]
is used on that field with that summary.
NamespaceFilter
. The elements' values are used as (.NET Standard's) regular expressions.TooltipAttribute
the attribute can be customized with the XML attribute FullAttributeName
, e.g.:
<Malimbe.XmlDocumentationToFieldTooltip FullAttributeName="Some.Other.Namespace.DocumentationAttribute">
<NamespaceFilter>^My.Namespace.Example</NamespaceFilter>
</Malimbe.XmlDocumentationToFieldTooltip>
The attribute needs to have a constructor that takes a string
parameter and nothing else. Note that the attribute name has to be the full type name, i.e. prefixed by the namespace.UnityPackaging
: Outputs a ready-to-use folder with the appropriate hierarchy to copy into a Unity project's Asset folder. The output includes both the Unity integration libraries as well as all weavers listed above.If you want to raise a bug report or feature request please follow SUPPORT.md.
While we intend to add more features to Malimbe when we identify a need or use case, we're always open to take contributions! Please follow the contribution guidelines found in CONTRIBUTING.md.
Inspired by Fody's naming the name "Malimbe" comes from the small birds that belong to the weaver family Ploceidae.
Malimbe is released under the MIT License.
Third-party notices can be found in THIRD_PARTY_NOTICES.md
2.0.0 (2019-01-07)
FieldToPropertyAttribute
use a property and annotate it with
SerializedPropertyAttribute
. Auto-implemented properties as well
as regular ones are supported and the only requirement is to have a
getter and setter (of any accessibility level).FAQs
A collection of tools to simplify writing public API components in Unity.
The npm package io.extendreality.malimbe receives a total of 38 weekly downloads. As such, io.extendreality.malimbe popularity was classified as not popular.
We found that io.extendreality.malimbe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.