Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
negotiation
Advanced tools
Negotiation allows you to negotiate protocols between a client and server. This allows you to ship multiple versions of your protocol and have the server/client reach a agreement about which protocol to use. We do assume that the server has all possible protocols registered and that the client tells the server which versions they support.
We have a strong preference for binary protocols so when they are available we will prefer them over anything else.
The module was written to be compatible with Node.js and browserify. The release are pushed in the public npm registry and can therefor be installed from the CLI by executing:
npm install --save negotiation
Install today and get our revolutionary Binary Boost Bonus for free!
In all API examples we assume that you've pre-required the module and initialized the code as following:
'use strict';
var Negotiation = require('negotiation');
, n = new Negotiation();
Register a new protocol in our negotiation
instance. This method accepts 2
arguments.
id
that we're generating and returning in the available
method.binary
Boolean that indicates if binary data is supported in the
protocol, defaults to false
.version
Version number of the protocol. Try to follow semver without
pre-release tags and other kinds of bullshit. So just pure x.x.x
based
versioning as we parse out the numbers and generate score of it for sorting
and ranking purposes. It defaults to 0.0.0
.You can also add more properties as this object will be returned by the
negotiation.select
method.
n.register('json', { binary: false, version: '0.0.1' });
n.register('ejson', { binary: true, version: '1.0.9' });
The method returns it self so you can chain it.
Select a protocol out of the given list of supported protocols. This method accepts 2 arguments:
var protocol = n.select(['foo@1.34.5', 'foo@1.35.0', 'foo@1.35.11']);
If no available protocols are given we will check all our supported protocols
and return the one we prefer. If no matching protocol is found we will return
undefined
all other matches will return the set protocol
.
Return the id's of all available protocols that we send for the negotiation. By
default it will return all non binary protocols as we're unsure if the host
environment supports binary. If you want to include binary protocols pass in
true
as first argument.
var list = n.available();
var includingbinary = n.available(true);
This method will always return an array. Even if you didn't registry any protocols, it will just return an empty array.
Fully destroy the created negotitation
instance so it removes all references
to the stored protocols and it can be garbage collected by the JavaScript
engine. When you destroy it first the time it will return true
and the second
false
as it was already destroyed.n.destroy();
MIT
FAQs
Specification/protocol negotiation based on features and versions
The npm package negotiation receives a total of 0 weekly downloads. As such, negotiation popularity was classified as not popular.
We found that negotiation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.