Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
stencila-js
Advanced tools
stencila/js
: Stencila for JavascriptThis package contains code that is shared amongst other Stencila Javascript-based packages: node
(the package for Node.js) and web
(the package for web browsers):
JsSession
class for executing chunks of Javascript codepack
and unpack
functions for transferring data over the wire and between languagesSee this blog post for more on the approach and how it's used within Stencila Documents.
The JsSession.execute()
method is really just a fancy eval
with some extra functionality including:
global
scope for persistence of session variables across callsrequire
function for requiring NPM modules when in the browsernpm install stencila-js --save
const stencilaJs = require('stencila-js')
// Create a session
let session = new stencilaJs.JsSession()
// Evaluate an expression...
session.execute('6*7') // { errors: {}, output: { type: 'int', format: 'text', value: '42' } }
// Output is the value of the last line
session.execute('let x = 6\nx*7') // { errors: {}, output: { type: 'int', format: 'text', value: '42' } }
// If the last line is blank there is no output
// (this is intended for code chunks that have side effects e.g. set up data)
session.execute('let x = 6\nx*7\n\n') // { errors: {}, output: null }
// You can specify input variables (that are local to that call) as a data pack
session.execute('Math.PI*radius', {radius: pack(21.4)}) // { errors: {}, output: { type: 'flt', format: 'text', value: '67.23008278682157' } }
session.execute('radius') // { errors: { '1': 'ReferenceError: radius is not defined' }, output: null }
// You can also assign global variables which are available in subsequent calls
session.execute('globals.foo = "bar"\n\n') // { errors: {}, output: null }
session.execute('foo') // { errors: {}, output: { type: 'str', format: 'text', value: 'bar' } }
More documentation is available at https://stencila.github.io/js.
We love feedback. Create a new issue, add to existing issues or chat with members of the community.
Want to help out with development? Great, there's a lot to do! To get started, read our contributor code of conduct, then get in touch or checkout the platform-wide, cross-repository kanban board.
Most development tasks can be run directly from npm
or via make
wrapper recipes.
Task | npm | make |
---|---|---|
Install and setup dependencies | npm install | make setup |
Check code for lint | npm run lint | make lint |
Run tests | npm test | make test |
Run tests in the browser | npm run test-browser | make test-browser |
Run tests with coverage | npm run cover | make cover |
Build documentation | npm run docs | make docs |
Serve and watch docs for updates | npm run docs-serve | make docs-serve |
Clean | make clean |
Tests live in the tests
folder and are written using the tape
test harness. And, in further breathtaking displays of naming logic, documentation lives in the docs
folder and uses documentation.js. Docs are published using Github Pages, so to update them after making changes run make docs
, commit the updated docs and do a git push
.
FAQs
Stencila for Javascript
The npm package stencila-js receives a total of 0 weekly downloads. As such, stencila-js popularity was classified as not popular.
We found that stencila-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.