Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
NoFlo is an implementation of flow-based programming for JavaScript running on both Node.js and the browser. From WikiPedia:
In computer science, flow-based programming (FBP) is a programming paradigm that defines applications as networks of "black box" processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.
Developers used to the Unix philosophy should be immediately familiar with FBP:
This is the Unix philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.
It also fits well in Alan Kay's original idea of object-oriented programming:
I thought of objects being like biological cells and/or individual computers on a network, only able to communicate with messages (so messaging came at the very beginning -- it took a while to see how to do messaging in a programming language efficiently enough to be useful).
NoFlo has been written in CoffeeScript for simplicity. The system is heavily inspired by J. Paul Morrison's book Flow-Based Programming.
Read more at http://noflojs.org/.
NoFlo is not a web framework or a UI toolkit. It is a way to coordinate and reorganize data flow in any JavaScript application. As such, it can be used for whatever purpose JavaScript can be used for. We know of NoFlo being used for anything from building web servers and build tools, to coordinating events inside GUI applications, driving robots, or building Internet-connected art installations.
NoFlo itself is just a library for implementing flow-based programs in JavaScript. There is an ecosystem of tools around NoFlo and the fbp protocol that make it more powerful. Here are some of them:
See also the list of reusable NoFlo modules on NPM.
NoFlo is available for Node.js via NPM, so you can install it with:
$ npm install noflo --save
You can make a browser build of NoFlo using webpack. The grunt-noflo-browser plugin makes this easy.
NoFlo requires a reasonably recent version of Node.js, and some npm packages. Ensure you have the grunt-cli
package installed (grunt
command should be available on command line) and NoFlo checked out from Git. Build NoFlo with:
$ grunt build
You can also build NoFlo only for the desired target platform with either grunt build:nodejs or grunt build:browser.
Then you can install everything needed by a simple:
$ npm link
NoFlo is available from GitHub under the MIT license.
Please refer to the Release Notes and the CHANGES.md document.
Please refer to http://noflojs.org/documentation/. For visual programming with NoFlo, see http://flowhub.io/documentation/.
NoFlo development happens on GitHub. Just fork the main repository, make modifications and send a pull request.
We have an extensive suite of tests available for NoFlo. Run them with:
$ grunt test
or:
$ npm test
By default, the tests are run for both Node.js and the browser. You can also run only the tests for a particular target platform:
$ grunt test:nodejs
or:
$ grunt test:browser
The build system used for NoFlo is also able to watch for changes in the filesystem and run the tests automatically when something changes. To start the watcher, run:
$ grunt watch
To quit thew watcher, just end the process with Ctrl-C.
There is an IRC channel #fbp
on FreeNode, and questions can be posted with the noflo
tag on Stack Overflow. See http://noflojs.org/support/ for other ways to get in touch.
0.8.0-beta1 (January 18th 2017)
Network.stop
connect
and disconnect
events. Instead, connect
and disconnect
are injected as needed, but only for subscribers of the legacy eventsNOFLO_FATAL_DEPRECATED
environment variable. These include:
noflo.AsyncComponent
: should be ported to Process APInoflo.helpers.MapComponent
: should be ported to Process APInoflo.ArrayPort
: should be ported to noflo.In/OutPort with addressable: true
noflo.Port
: should be ported to noflo.In/OutPortNetwork.start
or Network.stop
without a callbacknoflo.InPort
process
option: should be ported to Process API or use the handle
optionnoflo.InPort
receive
method: replaced by the get
methodnoflo.InPort
contains
method: replaced by the has
methodnoflo.Graph
exports: use specific inport or outport insteadscope
support to WirePattern
to make WirePattern
components more concurrency-friendlyreceiveStreams
option from WirePattern
hasStream
checks if an input buffer contains a complete stream (matching brackets and data, or only data), getStream
returns a complete stream of packets. These require forwardBrackets
to be disabled for the port.input.getData()
in Process API has been changed to fetch only packets of data
type skipping and dropping brackets inbetweennoflo.IP
typegetActiveProcesses()
methodFAQs
Flow-Based Programming environment for JavaScript
The npm package noflo receives a total of 449 weekly downloads. As such, noflo popularity was classified as not popular.
We found that noflo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.