Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
An exploration of the Haskell IO patterns, in pure Javascript.
Install: npm install --save iox
Try it out live: https://runkit.com/pokle/iox-example
Instead of passing dependencies to your functions, instead arrange for them return:
For example:
function lowerCaseInput() {
return { io: 'read-file', file: '/etc/hosts', then: (str) => str.toLowerCase() }
}
So how do you run this? Check out the full example at examples/lowercase-file.js
Functions that perform input & output operations are usually quite hard to test. (As opposed to pure functions)
Dependency injection can be problematic because you have to pass your dependencies all the way through your function call hierarchy. With iox, your functions compose easier because you're never passing down dependencies.
npm test
npm run build
npm version major | minor | patch...
git push
npm publish
FAQs
An exploration of the Haskell IO patterns, in pure Javascript.
The npm package iox receives a total of 0 weekly downloads. As such, iox popularity was classified as not popular.
We found that iox demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.