Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A TypeScript rewrite of tapable
tapable
is a great plugin system from webpack that enables users to expose hooks from modules within your app that plugins can tap into and customize the behavior. I use it in almost all of my projects, but there are a few quirks with the original that made it hard to use in other applications.
After using it in a bunch of projects, I wanted a bit more control over what's possible; like custom tap execution order, the ability to untap
a hook, higher level abstractions, PluginManager
s, etc -- and the performance tradeoffs made in the original library also didn't always align with how I end up using the library.
Hooks are constructed by importing and instantiating a class:
import { SyncHook } from "tapable-ts";
const hook = new SyncHook();
if using TypeScript, pass a tuple that represents the arguments as the first type param (and a return type if applicable for the second)
const hook = new SyncHook<[string, number]>();
you can also use named tuples for better editor support:
const hook = new SyncHook<[name: string, age: number]>();
The tapable docs do a good job going over the different types of hooks. There are 9 in total:
SyncHook
SyncBailHook
SyncWaterfallHook
SyncLoopHook
AsyncParallelHook
AsyncParallelBailHook
AsyncSeriesHook
AsyncSeriesBailHook
AsyncSeriesWaterfallHook
The intercept
API closely resembles the original tapable
implementation. There are 6 events an interceptor can register for.
3 are applicable to all hooks:
tap
- Called when a new tap
is registeredcall
- Called when the hook is first callederror
- Called when a hook is going to throw1 only applies for looping hooks:
loop
- Called during each new iteration of a looping hookand either of the following will be called:
result
- Called when a hook is going to return a valuedone
- Called when a hook is finished executing, but no value is returned. This includes Bail hooks that don't return a value.FAQs
A TS implementation of tapable
We found that tapable-ts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.