Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
node-addon-api
Advanced tools
The node-addon-api package is a helper library for building Node.js Addons in C++. It provides a C++ API that abstracts away the complexities of working with the low-level V8 and N-API provided by Node.js, making it easier to develop native addons.
Object Wrapping
Object wrapping allows C++ classes to be represented as JavaScript objects. It provides an easy way to create and manage objects that have a one-to-one relationship with C++ objects.
Napi::ObjectReference MyClass::constructor;
MyClass::MyClass(const Napi::CallbackInfo& info) : Napi::ObjectWrap<MyClass>(info) {
// constructor implementation
}
Napi::Object MyClass::Init(Napi::Env env, Napi::Object exports) {
Napi::HandleScope scope(env);
Napi::Function func = DefineClass(env, "MyClass", {
InstanceMethod("myMethod", &MyClass::MyMethod)
});
constructor = Napi::Persistent(func);
constructor.SuppressDestruct();
exports.Set("MyClass", func);
return exports;
}
Function Arguments
The package provides a way to handle function arguments passed from JavaScript to C++ with type checking and conversion utilities.
Napi::Value MyFunction(const Napi::CallbackInfo& info) {
Napi::Env env = info.Env();
if (info.Length() < 2) {
Napi::TypeError::New(env, "Expected at least two arguments").ThrowAsJavaScriptException();
}
Napi::String arg0 = info[0].As<Napi::String>();
double arg1 = info[1].As<Napi::Number>().DoubleValue();
// function implementation
return Napi::String::New(env, "result");
}
Asynchronous Operations
node-addon-api provides utilities for performing asynchronous operations, allowing long-running tasks to be executed without blocking the Node.js event loop.
class MyAsyncWorker : public Napi::AsyncWorker {
public:
MyAsyncWorker(Napi::Function& callback) : AsyncWorker(callback) {}
void Execute() override {
// Do work in another thread
}
void OnOK() override {
Napi::HandleScope scope(Env());
Callback().Call({Env().Null(), Napi::String::New(Env(), "Success")});
}
};
Napi::Value RunAsyncWork(const Napi::CallbackInfo& info) {
Napi::Function callback = info[0].As<Napi::Function>();
MyAsyncWorker* worker = new MyAsyncWorker(callback);
worker->Queue();
return info.Env().Undefined();
}
The 'nan' package is a header file filled with macros and utilities for making addon development for different versions of V8 easier. It predates N-API and node-addon-api, and while it's still used, node-addon-api is recommended for most cases due to its simpler API and direct support for N-API.
The 'ffi-napi' package allows for calling foreign functions of dynamic libraries from Node.js. It is similar to node-addon-api in that it allows for native functionality in Node.js, but it focuses on interfacing with existing libraries rather than writing new native modules.
The 'neon' package is a Rust framework for writing safe and fast native Node.js modules. Like node-addon-api, it simplifies the process of writing native addons but does so using Rust instead of C++.
This module contains header-only C++ wrapper classes which simplify the use of the C based Node-API provided by Node.js when using C++. It provides a C++ object model and exception handling semantics with low overhead.
API references are available in the doc directory.
(See CHANGELOG.md for complete Changelog)
node-addon-api is based on Node-API and supports using different Node-API versions. This allows addons built with it to run with Node.js versions which support the targeted Node-API version. However the node-addon-api support model is to support only the active LTS Node.js versions. This means that every year there will be a new major which drops support for the Node.js LTS version which has gone out of service.
The oldest Node.js version supported by the current version of node-addon-api is Node.js 18.x.
The use of badges is recommended to indicate the minimum version of Node-API required for the module. This helps to determine which Node.js major versions are supported. Addon maintainers can consult the Node-API support matrix to determine which Node.js versions provide a given Node-API version. The following badges are available:
We love contributions from the community to node-addon-api! See CONTRIBUTING.md for more details on our philosophy around extending this module.
Name | GitHub Link |
---|---|
Anna Henningsen | addaleax |
Chengzhong Wu | legendecas |
Jack Xia | JckXia |
Kevin Eady | KevinEady |
Michael Dawson | mhdawson |
Nicola Del Gobbo | NickNaso |
Vladimir Morozov | vmoroz |
Name | GitHub Link |
---|---|
Arunesh Chandra | aruneshchandra |
Benjamin Byholm | kkoopa |
Gabriel Schulhof | gabrielschulhof |
Hitesh Kanwathirtha | digitalinfinity |
Jason Ginchereau | jasongin |
Jim Schlight | jschlight |
Sampson Gao | sampsongao |
Taylor Woll | boingoing |
Licensed under MIT
FAQs
Node.js API (Node-API)
The npm package node-addon-api receives a total of 19,684,499 weekly downloads. As such, node-addon-api popularity was classified as popular.
We found that node-addon-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.