Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
NoFlo is an implementation of flow-based programming for JavaScript running on both Node.js and the browser. From WikiPedia:
In computer science, flow-based programming (FBP) is a programming paradigm that defines applications as networks of "black box" processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.
Developers used to the Unix philosophy should be immediately familiar with FBP:
This is the Unix philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.
It also fits well in Alan Kay's original idea of object-oriented programming:
I thought of objects being like biological cells and/or individual computers on a network, only able to communicate with messages (so messaging came at the very beginning -- it took a while to see how to do messaging in a programming language efficiently enough to be useful).
NoFlo has been written in CoffeeScript for simplicity. The system is heavily inspired by J. Paul Morrison's book Flow-Based Programming.
Read more at http://noflojs.org/.
NoFlo is available for Node.js via NPM, so you can install it with:
$ npm install -g noflo
You can customize and download the browser version of NoFlo at http://noflojs.org/download/.
NoFlo requires a reasonably recent version of Node.js, and some npm packages. Ensure you have the grunt-cli
package installed (grunt
command should be available on command line) and NoFlo checked out from Git. Build NoFlo with:
$ grunt build
You can also build NoFlo only for the desired target platform with either grunt build:nodejs or grunt build:browser.
Then you can install everything needed by a simple:
$ npm link
NoFlo is available from GitHub under the MIT license.
Please refer to the Release Notes and the CHANGES.md document.
Please refer to http://noflojs.org/documentation/. For visual programming with NoFlo, see http://flowhub.io/documentation/.
NoFlo development happens on GitHub. Just fork the main repository, make modifications and send a pull request.
We have an extensive suite of tests available for NoFlo. Run them with:
$ grunt test
or:
$ npm test
By default, the tests are run for both Node.js and the browser. You can also run only the tests for a particular target platform:
$ grunt test:nodejs
or:
$ grunt test:browser
The build system used for NoFlo is also able to watch for changes in the filesystem and run the tests automatically when something changes. To start the watcher, run:
$ grunt watch
To quit thew watcher, just end the process with Ctrl-C.
Flow-based programming in general, including NoFlo can be discussed on the Flow Based Programming Google group.
There is also an IRC channel #fbp
on FreeNode, and questions can be posted with the noflo
tag on Stack Overflow.
0.5.5 (June 20th 2014)
StreamSender
affecting WirePattern components dealing with multiple levels of groupingCustomizeError
helper for passing information with Error objects in NoFlo. For example:err = new Error 'Something went wrong'
# Add metadata to it. Usually this should include groups and other machine-readable information
noflo.helpers.CustomizeError err,
groups: groups
foo: 'bar'
# Send it to error port
c.error err
FAQs
Flow-Based Programming environment for JavaScript
The npm package noflo receives a total of 449 weekly downloads. As such, noflo popularity was classified as not popular.
We found that noflo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.