Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
obvious-core
Advanced tools
obvious是一个渐进式微前端库,在微前端架构中,obvious专注于解决前端微应用的依赖编排和应用间的通信问题,旨在通过简洁易懂,符合编程直觉的API以及灵活的中间件机制,帮助用户快速搭建好基础微前端体系,并支持进行更深层次地定制,从而实现完整可靠的微前端架构
npm:
npm install obvious-core
umd:
<script src="https://unpkg.com/obvious-core@{version}/dist/index.umd.js"></script>
在宿主环境中创建bus,并声明微应用资源
import {createBus} from 'obvious-core';
createBus('host').config({
assets: {
'react-app': {
js: [
'http://localhost:3000/static/js/bundle.js',
'http://localhost:3000/static/js/0.chunk.js',
'http://localhost:3000/static/js/main.chunk.js'
]
},
'vue-app': {
js: [
'http://localhost:8081/js/app.js',
'http://localhost:8081/js/chunk-vendors.js'
]
}
}
});
在微应用中可以获取到bus,并通过bus创建app和socket,通过app指定生命周期,通过socket与其他微应用通信
react-app
import React from 'react';
import ReactDOM from 'react-dom';
import {getBus} from 'obvious-core';
const bus = getBus('host');
const socket = bus.createSocket();
bus.createApp('react-app')
.bootstrap(async (config) => {
socket.unicast('unicast-event');
socket.broadcast('broadcast-event');
socket.initState('someState', true);
ReactDOM.render(<App />, document.querySelector(config.mountPoint));
});
vue-app
import Vue from 'vue';
import App from './App.vue';
import {getBus} from 'obvious-core';
Vue.config.productionTip = false;
const bus = getBus('host');
const socket = bus.createSocket();
bus.createApp('vue-app')
.bootstrap(async (config) => {
socket.onUnicast('unicast-event', () => {
// do something
});
socket.onBroadcast('broadcast-event', () => {
// do something
});
socket.setState('someState.sub.prop.array', [])
socket.watchState('someState.sub.prop.array[0]', (val) => {
// do something
});
new Vue({
render: h => h(App),
}).$mount(config.mountPoint);
});
在宿主环境中,通过bus激活微应用
bus.activateApp('react-app', {mountPoint: document.getElementById('#react-app')});
bus.activateApp('vue-app', {mountPoint: document.getElementById('#vue-app')});
npm run demo:install
npm run demo:react
npm run demo:vue
npm run demo:host
obvious is MIT Licensed
[0.3.0] - 2021-08-18
maxDependencyDepth
and loadScriptByFetch
, use the new API bus.config
insteadbus.config
insteadbus.use
insteadFAQs
a progressive micro front framework
The npm package obvious-core receives a total of 2 weekly downloads. As such, obvious-core popularity was classified as not popular.
We found that obvious-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.