Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
node-addon-api
Advanced tools
The node-addon-api package is a helper library for building Node.js Addons in C++. It provides a C++ API that abstracts away the complexities of working with the low-level V8 and N-API provided by Node.js, making it easier to develop native addons.
Object Wrapping
Object wrapping allows C++ classes to be represented as JavaScript objects. It provides an easy way to create and manage objects that have a one-to-one relationship with C++ objects.
Napi::ObjectReference MyClass::constructor;
MyClass::MyClass(const Napi::CallbackInfo& info) : Napi::ObjectWrap<MyClass>(info) {
// constructor implementation
}
Napi::Object MyClass::Init(Napi::Env env, Napi::Object exports) {
Napi::HandleScope scope(env);
Napi::Function func = DefineClass(env, "MyClass", {
InstanceMethod("myMethod", &MyClass::MyMethod)
});
constructor = Napi::Persistent(func);
constructor.SuppressDestruct();
exports.Set("MyClass", func);
return exports;
}
Function Arguments
The package provides a way to handle function arguments passed from JavaScript to C++ with type checking and conversion utilities.
Napi::Value MyFunction(const Napi::CallbackInfo& info) {
Napi::Env env = info.Env();
if (info.Length() < 2) {
Napi::TypeError::New(env, "Expected at least two arguments").ThrowAsJavaScriptException();
}
Napi::String arg0 = info[0].As<Napi::String>();
double arg1 = info[1].As<Napi::Number>().DoubleValue();
// function implementation
return Napi::String::New(env, "result");
}
Asynchronous Operations
node-addon-api provides utilities for performing asynchronous operations, allowing long-running tasks to be executed without blocking the Node.js event loop.
class MyAsyncWorker : public Napi::AsyncWorker {
public:
MyAsyncWorker(Napi::Function& callback) : AsyncWorker(callback) {}
void Execute() override {
// Do work in another thread
}
void OnOK() override {
Napi::HandleScope scope(Env());
Callback().Call({Env().Null(), Napi::String::New(Env(), "Success")});
}
};
Napi::Value RunAsyncWork(const Napi::CallbackInfo& info) {
Napi::Function callback = info[0].As<Napi::Function>();
MyAsyncWorker* worker = new MyAsyncWorker(callback);
worker->Queue();
return info.Env().Undefined();
}
The 'nan' package is a header file filled with macros and utilities for making addon development for different versions of V8 easier. It predates N-API and node-addon-api, and while it's still used, node-addon-api is recommended for most cases due to its simpler API and direct support for N-API.
The 'ffi-napi' package allows for calling foreign functions of dynamic libraries from Node.js. It is similar to node-addon-api in that it allows for native functionality in Node.js, but it focuses on interfacing with existing libraries rather than writing new native modules.
The 'neon' package is a Rust framework for writing safe and fast native Node.js modules. Like node-addon-api, it simplifies the process of writing native addons but does so using Rust instead of C++.
This module contains header-only C++ wrapper classes which simplify the use of the C based N-API provided by Node.js when using C++. It provides a C++ object model and exception handling semantics with low overhead.
N-API is an ABI stable C interface provided by Node.js for building native addons. It is independent from the underlying JavaScript runtime (e.g. V8 or ChakraCore) and is maintained as part of Node.js itself. It is intended to insulate native addons from changes in the underlying JavaScript engine and allow modules compiled for one version to run on later versions of Node.js without recompilation.
The node-addon-api
module, which is not part of Node.js, preserves the benefits
of the N-API as it consists only of inline code that depends only on the stable API
provided by N-API. As such, modules built against one version of Node.js
using node-addon-api should run without having to be rebuilt with newer versions
of Node.js.
It is important to remember that other Node.js interfaces such as
libuv
(included in a project via #include <uv.h>
) are not ABI-stable across
Node.js major versions. Thus, an addon must use N-API and/or node-addon-api
exclusively and build against a version of Node.js that includes an
implementation of N-API (meaning a version of Node.js newer than 6.14.2) in
order to benefit from ABI stability across Node.js major versions. Node.js
provides an ABI stability guide containing a detailed explanation of ABI
stability in general, and the N-API ABI stability guarantee in particular.
As new APIs are added to N-API, node-addon-api must be updated to provide wrappers for those new APIs. For this reason node-addon-api provides methods that allow callers to obtain the underlying N-API handles so direct calls to N-API and the use of the objects/methods provided by node-addon-api can be used together. For example, in order to be able to use an API for which the node-addon-api does not yet provide a wrapper.
APIs exposed by node-addon-api are generally used to create and manipulate JavaScript values. Concepts and operations generally map to ideas specified in the ECMA262 Language Specification.
(See CHANGELOG.md for complete Changelog)
The following is the documentation for node-addon-api.
Are you new to node-addon-api? Take a look at our examples
To run the node-addon-api tests do:
npm install
npm test
To avoid testing the deprecated portions of the API run
npm install
npm test --disable-deprecated
To run the node-addon-api tests with --debug
option:
npm run-script dev
If you want faster build, you might use the following option:
npm run-script dev:incremental
Take a look and get inspired by our test suite
We love contributions from the community to node-addon-api. See CONTRIBUTING.md for more details on our philosophy around extending this module.
Name | GitHub Link |
---|---|
Anna Henningsen | addaleax |
Arunesh Chandra | aruneshchandra |
Gabriel Schulhof | gabrielschulhof |
Hitesh Kanwathirtha | digitalinfinity |
Jim Schlight | jschlight |
Michael Dawson | mhdawson |
Nicola Del Gobbo | NickNaso |
Taylor Woll | boingoing |
Name | GitHub Link |
---|---|
Benjamin Byholm | kkoopa |
Jason Ginchereau | jasongin |
Sampson Gao | sampsongao |
Licensed under MIT
FAQs
Node.js API (Node-API)
The npm package node-addon-api receives a total of 10,981,952 weekly downloads. As such, node-addon-api popularity was classified as popular.
We found that node-addon-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.