Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
mqtt-pattern
Advanced tools
Fast library for matching MQTT patterns with named wildcards to extract data from topics
Successor to mqtt-regex
var MQTTPattern = require("mqtt-pattern");
// Wildcards in patterns don't need names
var pattern = "device/+id/+/#data";
var topic = "device/fitbit/heartrate/rate/bpm";
var params = MQTTPattern.exec(pattern, topic);
// params will be
{
id: "fitbit",
data: ["rate", "bmp"]
}
var filled = MQTTPattern.fill(pattern, params);
// filled will be
"device/fitbit/undefined/rate/bmp"
MQTTPattern.clean("hello/+param1/world/#param2");
// hello/+/world/#
With NPM:
npm install --save mqtt-pattern
exec(pattern : String, topic : String) : Object | null
Validates that topic
fits the pattern
and parses out any parameters.
If the topic doesn't match, it returns null
matches(pattern : String, topic : String) : Boolean
Validates whether topic
fits the pattern
. Ignores parameters.
extract(pattern : String, topic : String) : Object
Traverses the pattern
and attempts to fetch parameters from the topic
.
Useful if you know in advance that your topic
will be valid and want to extract data.
If the topic
doesn't match, or the pattern
doesn't contain named wildcards, returns an empty object.
Do not use this for validation.
fill(pattern : String, params: Object) : String
Reverse of extract
, traverse the pattern
and fill in params with keys in an object. Missing keys for +
params are set to undefined
. Missing keys for #
params yeid empty strings.
clean(pattern : String) : String
Removes the parameter names from a pattern.
MQTT defines two types of "wildcards", one for matching a single section of the path (+
), and one for zero or more sections of the path (#
).
Note that the #
wildcard must only be used if it's at the end of the topic.
This library was inspired by the syntax in the routers for web frameworks.
This would match paths that start with user/
, and then extract the next section as the user id
.
Then it would get the following paths and turn them into an array for the path
param.
Here is some input/output that you can expect:
user/bob/status/mood: {id: "bob", path:["status","mood"]
user/bob: {id:"bob", path: []}
user/bob/ishungry: {id: "bob", path: ["ishungry"]
Not all wildcards need to be associated with a parameter, and it could be useful to use plain MQTT topics. In this example you might only care about the status of some part of a device, and are willing to ignore a part of the path. Here are some examples of what this might be used with:
device/deviceversion/deviceidhere/component/infrared/status/active: {type:"infrared",path: ["status","active"]}
FAQs
Fast library for matching MQTT patterns with named wildcards
The npm package mqtt-pattern receives a total of 3,160 weekly downloads. As such, mqtt-pattern popularity was classified as popular.
We found that mqtt-pattern demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.