Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Pond.js is a library built on top of immutable.js to provide time-based data structures, serialization and processing within our tools.
For data structures it unifies the use of time ranges, events and collections and time series. For processing it provides a chained pipeline interface to aggregate, collect and process batches or streams of events.
We are still developing Pond.js as it integrates further into our code, so it may change or be incomplete in parts. That said, it has a growing collection of tests and we will strive not to break those without careful consideration.
See the CHANGES.md.
ESnet runs a large research network for the US Department of Energy. Our tools consume events and time series data throughout our network visualization applications and data processing chains. As our tool set grew, so did our need to build a Javascript library to work with this type of data that was consistent and dependable. The alternative for us has been to pass ad-hoc data structures between the server and the client, making all elements of the system much more complicated. Not only do we need to deal with different formats at all layers of the system, we also repeat our processing code over and over. Pond.js was built to address these pain points.
The result might be as simple as comparing two time ranges:
const timerange = timerange1.intersection(timerange2);
timerange.asRelativeString(); // "a few seconds ago to a month ago"
Or simply getting the average value in a timeseries:
timeseries.avg("sensor");
Or quickly performing aggregations on a timeseries:
const timeseries = new TimeSeries(weatherData);
const dailyAvg = timeseries.fixedWindowRollup("1d", {value: avg});
Or much higher level batch or stream processing using the Pipeline API:
const p = Pipeline()
.from(timeseries)
.take(10)
.groupBy(e => e.value() > 65 ? "high" : "low")
.emitOn("flush")
.to(CollectionOut, (collection, windowKey, groupByKey) => {
result[groupByKey] = collection;
}, true);
Pond has three main goals:
Here is a summary of what is provided:
And forming together collections of events:
And then high level processing via pipelines:
Read the contribution guidelines.
The library has a large and growing Jest test suite. To run the tests interactively, use:
npm test
This code is distributed under a BSD style license, see the LICENSE file for complete information.
ESnet Timeseries Library ("Pond.js"), Copyright (c) 2015-2017, The Regents of the University of California, through Lawrence Berkeley National Laboratory (subject to receipt of any required approvals from the U.S. Dept. of Energy). All rights reserved.
If you have questions about your rights to use or distribute this software, please contact Berkeley Lab's Innovation & Partnerships Office at IPO@lbl.gov.
NOTICE. This software is owned by the U.S. Department of Energy. As such, the U.S. Government has been granted for itself and others acting on its behalf a paid-up, nonexclusive, irrevocable, worldwide license in the Software to reproduce, prepare derivative works, and perform publicly and display publicly. Beginning five (5) years after the date permission to assert copyright is obtained from the U.S. Department of Energy, and subject to any subsequent five (5) year renewals, the U.S. Government is granted for itself and others acting on its behalf a paid-up, nonexclusive, irrevocable, worldwide license in the Software to reproduce, prepare derivative works, distribute copies to the public, perform publicly and display publicly, and to permit others to do so.
FAQs
A timeseries library build on top of immutable.js
The npm package pondjs receives a total of 1,046 weekly downloads. As such, pondjs popularity was classified as popular.
We found that pondjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.