Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
light-core
Advanced tools
LightCore
平台主页
平台特点
快速开发
- 轻量级开发语言,只需Javascript实现前后端快速开发。 系统自带用户,组织,分类,文件等八大共通模块,快速实现业务需求。 Web,iOS,Android三方SDK,降低学习成本,减少繁琐调试,快速上手。
智能维护
- 一键化快速部署,可视化的应用运行控制,让服务器“看得见 摸得着”。 一键启动自动化监视,便可实时搜集数据,实时统计后图形化展示。 设置定时任务,添加预警条件,发生任何问题时及时智能预警。
灵活扩展
- 全方位支持非关系型数据库,具备大数据存储和处理能力。 自由扩展数据结构,画面点击实现数据和接口设计,让数据库“没有束缚”。 强大的连接器(ETL)实现企业内部系统对接,实现统一化信息管理。
LIGHT平台致力于为开发者提供五大价值:
- 基于Nodejs语言,前后端统一语言,实现快速开发
- 对应用生命周期全过程的管理,从数据设计到部署上线运维全程支持
- 手机端iOS, Android移动应用开发支持 (Native or Highbridge)
- DevOps理念设计,实现运维的自动化和可视化
- 通用企业应用模块提供,同时支持流行元素 (微信应用,移动支付等)
依赖
async
bull - MQ
casbin - 权限控制
cron - 定时处理
csv
ejs - Template engine
helmet - 安全校验
ignore - 处理 .gitignore 文件
js-yaml - 解析yaml
jwt-simple - jwt编码解码
koa - KOA web框架
koa-body - body解析
koa-csrf - csrf校验
koa-helmet - 安全检查
koa-send - 静态文件处理
koa-session - session实现
lodash
mime-types - MimeType解析
dayjs - 日期处理
mongodb
morgan - 记录操作日志
mysql
numeral - 数据格式化
pluralize - 复数化
qr-image - 二维码支持
qs - query string
range-parser - 解析request的header中的range值
raw-body - 解析request的raw值
validator - 校验
ws - websocket
xlsx - excel处理
xml2js - xml解析
zip-stream - 处理zip文件
Keywords
FAQs
LightCore
The npm package light-core receives a total of 118 weekly downloads. As such, light-core popularity was classified as not popular.
We found that light-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 23 Jul 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026