Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
NoFlo is an implementation of flow-based programming for JavaScript running on both Node.js and the browser. From WikiPedia:
In computer science, flow-based programming (FBP) is a programming paradigm that defines applications as networks of "black box" processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.
Developers used to the Unix philosophy should be immediately familiar with FBP:
This is the Unix philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.
It also fits well in Alan Kay's original idea of object-oriented programming:
I thought of objects being like biological cells and/or individual computers on a network, only able to communicate with messages (so messaging came at the very beginning -- it took a while to see how to do messaging in a programming language efficiently enough to be useful).
NoFlo has been written in CoffeeScript for simplicity. The system is heavily inspired by J. Paul Morrison's book Flow-Based Programming.
Read more at http://noflojs.org/.
NoFlo is available for Node.js via NPM, so you can install it with:
$ npm install -g noflo
You can customize and download the browser version of NoFlo at http://noflojs.org/download/.
NoFlo requires a reasonably recent version of Node.js, and some npm packages. Ensure you have the grunt-cli
package installed (grunt
command should be available on command line) and NoFlo checked out from Git. Build NoFlo with:
$ grunt build
You can also build NoFlo only for the desired target platform with either grunt build:nodejs or grunt build:browser.
Then you can install everything needed by a simple:
$ npm link
NoFlo is available from GitHub under the MIT license.
Please refer to the Release Notes and the CHANGES.md document.
Please refer to http://noflojs.org/documentation/. For visual programming with NoFlo, see http://flowhub.io/documentation/.
NoFlo development happens on GitHub. Just fork the main repository, make modifications and send a pull request.
We have an extensive suite of tests available for NoFlo. Run them with:
$ grunt test
or:
$ npm test
By default, the tests are run for both Node.js and the browser. You can also run only the tests for a particular target platform:
$ grunt test:nodejs
or:
$ grunt test:browser
The build system used for NoFlo is also able to watch for changes in the filesystem and run the tests automatically when something changes. To start the watcher, run:
$ grunt watch
To quit thew watcher, just end the process with Ctrl-C.
Flow-based programming in general, including NoFlo can be discussed on the Flow Based Programming Google group.
There is also an IRC channel #fbp
on FreeNode, and questions can be posted with the noflo
tag on Stack Overflow.
0.5.6 (June 23rd 2014)
icon
key in graph propertiesWirePattern
components, allowing them to have configuration parameters that need to be set only once. Example:component = new noflo.Component
component.inPorts.add 'path',
datatype: 'string'
required: true
component.inPorts.add 'delay',
datatype: 'int'
required: false
component.inPorts.add 'line',
datatype: 'string'
component.inPorts.add 'repeat',
datatype: 'int'
component.outPorts.add 'out',
datatype: 'object'
component.outPorts.add 'error',
datatype: 'object'
noflo.helpers.WirePattern component,
in: ['line', 'repeat']
out: 'out'
params: ['path', 'delay']
async: true
, (data, groups, out, callback) ->
path = component.params.path
delay = if component.params.delay then component.params.delay else 0
doSomeThing path, delay, data.line, data.repeat, (err, res) ->
return callback err if err
out.send res
callback()
FAQs
Flow-Based Programming environment for JavaScript
The npm package noflo receives a total of 357 weekly downloads. As such, noflo popularity was classified as not popular.
We found that noflo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.