Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
NoFlo is an implementation of flow-based programming for JavaScript running on both Node.js and the browser. From WikiPedia:
In computer science, flow-based programming (FBP) is a programming paradigm that defines applications as networks of "black box" processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.
Developers used to the Unix philosophy should be immediately familiar with FBP:
This is the Unix philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.
It also fits well in Alan Kay's original idea of object-oriented programming:
I thought of objects being like biological cells and/or individual computers on a network, only able to communicate with messages (so messaging came at the very beginning -- it took a while to see how to do messaging in a programming language efficiently enough to be useful).
NoFlo components can be written in any language that transpiles down to JavaScript, including ES6. The system is heavily inspired by J. Paul Morrison's book Flow-Based Programming.
Read more at https://noflojs.org/.
NoFlo is not a web framework or a UI toolkit. It is a way to coordinate and reorganize data flow in any JavaScript application. As such, it can be used for whatever purpose JavaScript can be used for. We know of NoFlo being used for anything from building web servers and build tools, to coordinating events inside GUI applications, driving robots, or building Internet-connected art installations.
NoFlo itself is just a library for implementing flow-based programs in JavaScript. There is an ecosystem of tools around NoFlo and the fbp protocol that make it more powerful. Here are some of them:
See also the list of reusable NoFlo modules on NPM.
NoFlo is available for Node.js via NPM, so you can install it with:
$ npm install noflo --save
You can make a browser build of NoFlo using webpack. For webpack builds, you need configure the component loader statically with noflo-component-loader. For projects using Grunt, grunt-noflo-browser plugin makes this easy.
NoFlo requires a reasonably recent version of Node.js, and some npm packages. Ensure that you have NoFlo checked out from Git, and all NPM dependencies installed. Build NoFlo with:
$ npm run build
Then you can install everything needed by a simple:
$ npm link
NoFlo is available from GitHub under the MIT license.
Please refer to the Release Notes and the CHANGES.md document.
Please refer to http://noflojs.org/documentation/. For visual programming with NoFlo, see https://docs.flowhub.io/.
NoFlo development happens on GitHub. Just fork the main repository, make modifications and send a pull request.
We have an extensive suite of tests available for NoFlo. Run them with:
$ npm run build
$ npm test
By default, the tests are run for both Node.js and the browser. You can also run only the tests for a particular target platform:
$ npm run test:node
or:
$ npm run test:browser
There is a #noflo
channel on the Flow-Based Programming Slack, and questions can be posted with the noflo
tag on Stack Overflow. See http://noflojs.org/support/ for other ways to get in touch.
1.4.0 (December 10th 2020)
createNetwork
and network.start
) now return Promises. Callbacks are still supported as a compatibility layer.setUp
and tearDown
can now return a Promise instead of calling the supplied callbacksendDone
or done
(if the Promise resolves to a value, it will be sent out)src/lib
folder contains NoFlo as JavaScript Modules. lib
is the CommonJS versionFAQs
Flow-Based Programming environment for JavaScript
The npm package noflo receives a total of 449 weekly downloads. As such, noflo popularity was classified as not popular.
We found that noflo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.