Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
lanes-framework
Advanced tools
Lanes is a web framework that aims to make writing single page apps as simple as traditional Rails apps.
Read more at lanesframework.org
It's extracted from the Stockor ERP application and is still very much a work in progress.
Some of it's features are:
Integrated web server: Sinatra is used internally with RESTful routes auto-created for each model. This frees the developer from the hassel of integrating disparate systems and allows Lanes to provide tools that are guaranteed to work together.
Rich JSON requests: Clients can perform ad-hoc querys against server-side data and the the reply format can be extensively customized. Operators are provided for specifying which fields and associations are included in the result set, as well as ordering and pagination support. It's also easy to write custom query operators. ActiveRecord is used internally to eager-load associations in order to prevent N+1 queries.
Real-Time data updates: Whenever a CRUD operation is performed on a model, the web-server will relay the event to client observers that have registered for updates. By default a model is registered for updates whenever it's bound to a view, which works to prevent unwanted updates and allows records to be garbage collected. Updates are performed by long-pulling via the message-bus gem. A client-side identity map is also used so that only one copy of the model for a given id exists and is updated.
Next-Gen web-framework: Client is built in React using mobex-decorated-models.
Integrated continual testing environment: When ran in development mode, Lanes watches for file changes and runs the appropriate spec for both your client and server code automatically. Minispec is utilized for the Ruby models, and client code tested via Jest.
Role-driven security: Models can be marked as readable, writeable, or deletable for roles. Additionally, fields can be marked as read-only or invisible to prevent unauthorized access.
Extendible: Extensions can be registered with the framework and will be automatically compiled and included in builds. Components are loaded on-demand and are not included unless an extension requires them. Lanes also dynamically loads the Javascript and CSS for screens on-demand immediatly before they are displayed.
Embeddable and Responsive: Designed from the ground up to be embeddable in hostile environments. All code is non-conflicting and wrapped in closures. Sass is auto-namespaced. Detect changes in it's container's size and relay them to clasess for responsive layouts. A modified Bootstrap based css layout can optionally be loaded which will provide a responsive grid that's bound to the container's size, not the documents.
The standard instructions are always good:
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Lanes
The npm package lanes-framework receives a total of 0 weekly downloads. As such, lanes-framework popularity was classified as not popular.
We found that lanes-framework demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.