Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
rsocket-core
Advanced tools
The rsocket-core package is a JavaScript implementation of the RSocket protocol, which is designed for reactive communication between client and server. It supports various interaction models such as request/response, request/stream, fire-and-forget, and channel, making it suitable for building efficient, low-latency, and resilient network applications.
Request/Response
This feature allows a client to send a single request and receive a single response. The code sample demonstrates how to set up a client using rsocket-core and send a request/response message to a server.
const { RSocketClient, JsonSerializer, IdentitySerializer } = require('rsocket-core');
const RSocketWebSocketClient = require('rsocket-websocket-client').default;
const client = new RSocketClient({
serializers: {
data: JsonSerializer,
metadata: IdentitySerializer
},
setup: {
keepAlive: 60000,
lifetime: 180000,
dataMimeType: 'application/json',
metadataMimeType: 'application/json'
},
transport: new RSocketWebSocketClient({
url: 'ws://localhost:8080/rsocket'
})
});
client.connect().subscribe({
onComplete: socket => {
socket.requestResponse({
data: { message: 'Hello' },
metadata: null
}).subscribe({
onComplete: response => console.log('Response:', response.data),
onError: error => console.error('Request/Response error:', error)
});
},
onError: error => console.error('Connection error:', error)
});
Request/Stream
This feature allows a client to send a request and receive a stream of responses. The code sample shows how to initiate a request/stream interaction using rsocket-core.
const { RSocketClient, JsonSerializer, IdentitySerializer } = require('rsocket-core');
const RSocketWebSocketClient = require('rsocket-websocket-client').default;
const client = new RSocketClient({
serializers: {
data: JsonSerializer,
metadata: IdentitySerializer
},
setup: {
keepAlive: 60000,
lifetime: 180000,
dataMimeType: 'application/json',
metadataMimeType: 'application/json'
},
transport: new RSocketWebSocketClient({
url: 'ws://localhost:8080/rsocket'
})
});
client.connect().subscribe({
onComplete: socket => {
socket.requestStream({
data: { message: 'Stream request' },
metadata: null
}).subscribe({
onNext: payload => console.log('Stream data:', payload.data),
onError: error => console.error('Request/Stream error:', error),
onComplete: () => console.log('Stream complete')
});
},
onError: error => console.error('Connection error:', error)
});
Fire-and-Forget
This feature allows a client to send a message without expecting any response. The code sample illustrates how to use the fire-and-forget interaction model with rsocket-core.
const { RSocketClient, JsonSerializer, IdentitySerializer } = require('rsocket-core');
const RSocketWebSocketClient = require('rsocket-websocket-client').default;
const client = new RSocketClient({
serializers: {
data: JsonSerializer,
metadata: IdentitySerializer
},
setup: {
keepAlive: 60000,
lifetime: 180000,
dataMimeType: 'application/json',
metadataMimeType: 'application/json'
},
transport: new RSocketWebSocketClient({
url: 'ws://localhost:8080/rsocket'
})
});
client.connect().subscribe({
onComplete: socket => {
socket.fireAndForget({
data: { message: 'Fire-and-forget message' },
metadata: null
});
console.log('Fire-and-forget message sent');
},
onError: error => console.error('Connection error:', error)
});
Channel
This feature allows bidirectional communication where both client and server can send streams of messages. The code sample demonstrates setting up a channel interaction using rsocket-core.
const { RSocketClient, JsonSerializer, IdentitySerializer } = require('rsocket-core');
const RSocketWebSocketClient = require('rsocket-websocket-client').default;
const { Flowable } = require('rsocket-flowable');
const client = new RSocketClient({
serializers: {
data: JsonSerializer,
metadata: IdentitySerializer
},
setup: {
keepAlive: 60000,
lifetime: 180000,
dataMimeType: 'application/json',
metadataMimeType: 'application/json'
},
transport: new RSocketWebSocketClient({
url: 'ws://localhost:8080/rsocket'
})
});
client.connect().subscribe({
onComplete: socket => {
const requestStream = new Flowable(subscriber => {
subscriber.onNext({ data: { message: 'Channel message' }, metadata: null });
subscriber.onComplete();
});
socket.requestChannel(requestStream).subscribe({
onNext: payload => console.log('Channel data:', payload.data),
onError: error => console.error('Channel error:', error),
onComplete: () => console.log('Channel complete')
});
},
onError: error => console.error('Connection error:', error)
});
Socket.IO is a library for real-time web applications. It enables real-time, bidirectional, and event-based communication between web clients and servers. Compared to rsocket-core, Socket.IO is more focused on web applications and provides higher-level abstractions, while rsocket-core is more protocol-oriented and supports multiple interaction models.
The 'websockets' package provides a simple WebSocket client and server implementation. It is more low-level compared to rsocket-core, which offers a higher-level protocol with built-in support for various interaction models like request/response and streams.
graphql-ws is a WebSocket-based protocol for GraphQL subscriptions. It is specifically designed for GraphQL and provides a way to handle real-time data updates. While rsocket-core is a general-purpose protocol supporting multiple interaction models, graphql-ws is specialized for GraphQL use cases.
FAQs
RSocket core
We found that rsocket-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.