Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A Node.js toolkit for Microservice architectures
Seneca is a toolkit for writing microservices and organizing the business logic of your app. You can break down your app into "stuff that happens", rather than focusing on data models or managing dependencies.
Seneca provides,
pattern matching: a wonderfully flexible way to handle business requirements
transport independence: how messages get to the right server is not something you should have to worry about
maturity: 7 years in production (before we called it microservices), but was once taken out by lightning
plus: a deep and wide ecosystem of plugins
Use this module to define commands that work by taking in some JSON, and, optionally, returning some JSON. The command to run is selected by pattern-matching on the the input JSON. There are built-in and optional sets of commands that help you build Minimum Viable Products: data storage, user management, distributed logic, caching, logging, etc. And you can define your own product by breaking it into a set of commands - "stuff that happens". That's pretty much it.
If you're using this module, and need help, you can:
If you are new to Seneca in general, please take a look at senecajs.org. We have everything from tutorials to sample apps to help get you up and running quickly.
Seneca's source can be read in an annotated fashion by running npm run annotate
. An
annotated version of each file will be generated in ./docs/
.
To install via npm,
npm install seneca
'use strict'
var Seneca = require('seneca')
// Functionality in seneca is composed into simple
// plugins that can be loaded into seneca instances.
function rejector () {
this.add('cmd:run', (msg, done) => {
return done(null, {tag: 'rejector'})
})
}
function approver () {
this.add('cmd:run', (msg, done) => {
return done(null, {tag: 'approver'})
})
}
function local () {
this.add('cmd:run', function (msg, done) {
this.prior(msg, (err, reply) => {
return done(null, {tag: reply ? reply.tag : 'local'})
})
})
}
// Services can listen for messages using a variety of
// transports. In process and http are included by default.
Seneca()
.use(approver)
.listen({type: 'http', port: '8260', pin: 'cmd:*'})
Seneca()
.use(rejector)
.listen(8270)
// Load order is important, messages can be routed
// to other services or handled locally. Pins are
// basically filters over messages
function handler (err, reply) {
console.log(err, reply)
}
Seneca()
.use(local)
.act('cmd:run', handler)
Seneca()
.client({port: 8270, pin: 'cmd:run'})
.client({port: 8260, pin: 'cmd:run'})
.use(local)
.act('cmd:run', handler)
Seneca()
.client({port: 8260, pin: 'cmd:run'})
.client({port: 8270, pin: 'cmd:run'})
.use(local)
.act('cmd:run', handler)
// Output
// null { tag: 'local' }
// null { tag: 'approver' }
// null { tag: 'rejector' }
To run normally, say in a container, use
$ node microservice.js
(where microservice.js
is a script file that uses Seneca).
Logs are output in JSON format so you can send them to a logging service.
To run in test mode, with human-readable, full debug logs, use:
$ node microservice.js --seneca.test
So that it doesn't matter,
So long as some command can handle a given JSON document, you're good.
Here's an example:
var seneca = require('seneca')()
seneca.add({cmd: 'salestax'}, function (msg, done) {
var rate = 0.23
var total = msg.net * (1 + rate)
done(null, {total: total})
})
seneca.act({cmd: 'salestax', net: 100}, function (err, result) {
console.log(result.total)
})
In this code, whenever seneca sees the pattern {cmd:'salestax'}
, it executes the
function associated with this pattern, which calculates sales tax. There is nothing
special about the property cmd
. It is simply the property we want to pattern match.
You could look for foo
for all seneca cares! Yah!
The seneca.add
method adds a new pattern, and the function to execute whenever that
pattern occurs.
The seneca.act
method accepts an object, and runs the command, if any, that matches.
Where does the sales tax rate come from? Let's try it again:
seneca.add({cmd: 'config'}, function (msg, done) {
var config = {rate: 0.23}
var value = config[msg.prop]
done(null, {value: value})
})
seneca.add({cmd: 'salestax'}, function (msg, done) {
seneca.act({cmd: 'config', prop: 'rate'}, function (err, result) {
var rate = parseFloat(result.value)
var total = msg.net * (1 + rate)
done(null, {total: total})
})
})
seneca.act({cmd: 'salestax', net: 100}, function (err, result) {
console.log(result.total)
})
The config
command provides you with your configuration. This is cool because it
doesn't matter where it gets the configuration from - hard-coded, file system,
database, network service, whatever. Did you have to define an abstraction API to make
this work? Nope.
There's a little but too much verbosity here, don't you think? Let's fix that:
seneca.act('cmd:salestax,net:100', function (err, result) {
console.log(result.total)
})
Instead of providing an object, you can provide a string using an abbreviated form of JSON. In fact, you can provide both:
seneca.act('cmd:salestax', {net: 100}, function (err, result) {
console.log(result.total)
})
This is a very convenient way of combining a pattern and parameter data.
The way to build Node.js systems, is to build lots of little processes. Here's a great talk explaining why you should do this: Programmer Anarchy.
Seneca makes this really easy. Let's put configuration out on the network into its own process:
seneca.add({cmd: 'config'}, function (msg, done) {
var config = {rate: 0.23}
var value = config[msg.prop]
done(null, { value: value })
})
seneca.listen()
The listen
method starts a web server that listens for JSON
messages. When these arrive, they are submitted to the local Seneca
instance, and executed as actions in the normal way. The result is
then returned to the client as the response to the HTTP
request. Seneca can also listen for actions via a message bus.
Your implementation of the configuration code stays the same.
The client code looks like this:
seneca.add({cmd: 'salestax'}, function (msg, done) {
seneca.act({cmd: 'config', prop: 'rate' }, function (err, result) {
var rate = parseFloat(result.value)
var total = msg.net * (1 + rate)
done(null, { total: total })
})
})
seneca.client()
seneca.act('cmd:salestax,net:100', function (err, result) {
console.log(result.total)
})
On the client-side, calling seneca.client()
means that Seneca will
send any actions it cannot match locally out over the network. In this
case, the configuration server will match the cmd:config
pattern and
return the configuration data.
Again, notice that your sales tax code does not change. It does not need to know where the configuration comes from, who provides it, or how.
You can do this with every command.
The thing about business requirements is that they have no respect for common sense, logic or orderly structure. The real world is messy.
In our example, let's say some countries have single sales tax rate, and others have a variable rate, which depends either on locality, or product category.
Here's the code. We'll rip out the configuration code for this example.
// fixed rate
seneca.add({cmd: 'salestax'}, function (msg, done) {
var rate = 0.23
var total = msg.net * (1 + rate)
done(null, { total: total })
})
// local rates
seneca.add({cmd: 'salestax', country: 'US'}, function (msg, done) {
var state = {
'NY': 0.04,
'CA': 0.0625
// ...
}
var rate = state[msg.state]
var total = msg.net * (1 + rate)
done(null, {total: total})
})
// categories
seneca.add({ cmd: 'salestax', country: 'IE' }, function (msg, done) {
var category = {
'top': 0.23,
'reduced': 0.135
// ...
}
var rate = category[msg.category]
var total = msg.net * (1 + rate)
done(null, { total: total })
})
seneca.act('cmd:salestax,net:100,country:DE', function (err, result) {
console.log('DE: ' + result.total)
})
seneca.act('cmd:salestax,net:100,country:US,state:NY', function (err, result) {
console.log('US,NY: ' + result.total)
})
seneca.act('cmd:salestax,net:100,country:IE,category:reduced', function (err, result) {
console.log('IE: ' + result.total)
})
In this case, you provide different implementations for different patterns. This lets you isolate complexity into well-defined places. It also means you can deal with special cases very easily.
The Senecajs org encourages participation. If you feel you can help in any way, be it with bug reporting, documentation, examples, extra testing, or new features feel free to create an issue, or better yet, [submit a Pull Request. For more information on contribution please see our Contributing guide.
To run tests locally,
npm run test
To obtain a coverage report,
npm run coverage; open docs/coverage.html
Copyright (c) 2015-2016 Richard Rodger and other contributors; Licensed under MIT.
3.5.0 2018-05-14
npm audit
.sub
call.FAQs
A Microservices Framework for Node.js
The npm package seneca receives a total of 6,337 weekly downloads. As such, seneca popularity was classified as popular.
We found that seneca demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.