Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
微信/支付宝/百度小程序的nats客户端
安装
$ npm install mpnats -S
使用
- 微信小程序
const Nats = require('mpnats/wx')
const nats = new Nats()
nats.connect({url: 'wss://younatsserver.io'})
.then(() => {
return nats.subscribe('topic1', function (data) {
console.log('topic1 data received: ', data)
})
})
- 支付宝小程序
const Nats = require('mpnats/alipay')
const nats = new Nats()
nats.connect({url: 'wss://younatsserver.io'})
.then(() => {
return nats.subscribe('topic1', function (data) {
console.log('topic1 data received: ', data)
})
})
- 百度小程序
const Nats = require('mpnats/baidu')
const nats = new Nats()
nats.connect({url: 'wss://younatsserver.io'})
.then(() => {
return nats.subscribe('topic1', function (data) {
console.log('topic1 data received: ', data)
})
})
Api
订阅
nats.subscribe(topic: string, callback: Function): Promise<sid: number>
返回Promise, promise resolve 表示订阅消息发送成功, promise reject 表示订阅消息发送失败
promise resolve会返回sid,可以用这个sid来取消订阅
例子
const Nats = require('mpnats/wx')
const nats = new Nats()
(async function () {
await nats.connect({url: 'wss://yournatserver.io'})
const sid = await nats.subscribe('topic', function (data) {
console.log('topic1 data received: ', data)
})
})()
取消订阅
nats.unsubscribe(sid: number): Promise<void>
返回Promise, promise resolve 表示取消订阅消息发送成功, promise reject 表示取消订阅消息发送失败
例子
const Nats = require('mpnats/wx')
const nats = new Nats()
(async function () {
await nats.connect({url: 'wss://yournatserver.io'})
const sid = await nats.subscribe('topic', function (data) {
console.log('topic1 data received: ', data)
})
await nats.unsubscribe(sid)
})()
发送消息
nats.publish(topic: string, message: string)
返回Promise, promise resolve 表示发送消息成功, promise reject 表示发送消息失败
例子
const Nats = require('mpnats/wx')
const nats = new Nats()
(async function () {
await nats.connect({url: 'wss://yournatserver.io'})
const sid = await nats.subscribe('topic', function (data) {
console.log('topic1 data received: ', data)
})
await nats.publish('topic', 'hello topic')
})()
关闭连接
nats.close()
返回Promise, promise resolve表示关闭成功, promise reject 表示关闭失败
例子
const Nats = require('mpnats/wx')
const nats = new Nats()
(async function () {
await nats.connect({url: 'wss://yournatserver.io'})
await nats.close()
})()
监听连接关闭
nats.on('close', callback: Function) // 监听关闭
nats.off('close', callback: Function) // 取消监听
例子
const Nats = require('mpnats/wx')
const nats = new Nats()
nats.on('close', function () {
console.log('nats连接由于某种原因关闭了')
})
nats.connect({url: 'wss://yournatserver.io'})
监听连接出错
nats.on('error', callback: Function) // 监听出错
nats.off('error', callback: Function) // 取消监听
const Nats = require('mpnats/wx')
const nats = new Nats()
nats.on('error', function () {
console.log('nats连接由于某种原因出错了')
})
nats.connect({url: 'wss://yournatserver.io'})
FAQs
nats client for baidu/weixin/alipay mini program
We found that mpnats demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Dec 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025