Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
The thrift npm package is a JavaScript implementation of the Apache Thrift framework, which is used for scalable cross-language services development. Thrift allows you to define data types and service interfaces in a simple definition file, and it generates code to be used across multiple languages. This makes it easier to build and maintain services that communicate across different programming languages.
Defining a Thrift Service
This code demonstrates how to define a Thrift service in Node.js. The service is defined in a Thrift IDL file, which is then compiled to generate the necessary JavaScript files. The server listens on port 9090 and implements a method called `myMethod`.
const thrift = require('thrift');
const MyService = require('./gen-nodejs/MyService');
const ttypes = require('./gen-nodejs/my_types');
const server = thrift.createServer(MyService, {
myMethod: function(arg, result) {
console.log('myMethod called with:', arg);
result(null, 'response');
}
});
server.listen(9090);
Creating a Thrift Client
This code demonstrates how to create a Thrift client in Node.js. The client connects to the Thrift server running on localhost at port 9090 and calls the `myMethod` function, passing an argument and handling the response.
const thrift = require('thrift');
const MyService = require('./gen-nodejs/MyService');
const connection = thrift.createConnection('localhost', 9090);
const client = thrift.createClient(MyService, connection);
client.myMethod('argument', (err, response) => {
if (err) {
console.error(err);
} else {
console.log('Response:', response);
}
connection.end();
});
Defining Thrift Data Types
This Thrift IDL file defines a data structure `MyStruct` and a service `MyService` with a method `myMethod` that takes `MyStruct` as an argument. This file is used to generate the necessary code for both the client and server.
namespace js MyService
struct MyStruct {
1: i32 id,
2: string name
}
service MyService {
string myMethod(1: MyStruct myStruct)
}
gRPC is a high-performance, open-source universal RPC framework originally developed by Google. It uses HTTP/2 for transport, Protocol Buffers as the interface description language, and provides features such as authentication, load balancing, and more. Compared to Thrift, gRPC is more modern and has better support for streaming and bi-directional communication.
protobufjs is a pure JavaScript implementation of Protocol Buffers, Google's data interchange format. While it does not provide RPC capabilities out of the box like Thrift, it is often used in conjunction with gRPC to define and serialize structured data. It is more lightweight and focused solely on data serialization.
avro-js is a JavaScript library for working with Apache Avro, a data serialization system. Avro is similar to Thrift in that it provides a compact, fast, binary data format. However, Avro is more focused on data serialization and schema evolution, and does not provide RPC capabilities.
NOTE: you must use the framed thrift transport, TFramedTransport in most implementations, on the server side. Using a popular example, this is enabled by default in Cassandra 0.7 (but configuration must be changed in Cassandra 0.6.x and earlier).
npm install thrift
You can compile nodejs sources by running the following:
thrift --gen js:node thrift_file
Here is a Cassandra example:
var thrift = require('thrift'),
Cassandra = require('./gen-nodejs/Cassandra')
ttypes = require('./gen-nodejs/cassandra_types');
var connection = thrift.createConnection("localhost", 9160),
client = thrift.createClient(Cassandra, connection);
connection.on('error', function(err) {
console.error(err);
});
client.get_slice("Keyspace", "key", new ttypes.ColumnParent({column_family: "ExampleCF"}), new ttypes.SlicePredicate({slice_range: new ttypes.SliceRange({start: '', finish: ''})}), ttypes.ConsistencyLevel.ONE, function(err, data) {
if (err) {
// handle err
} else {
// data == [ttypes.ColumnOrSuperColumn, ...]
}
connection.end();
});
An example based on the one shown on the Thrift front page is included in the examples/ folder.
FAQs
node.js bindings for the Apache Thrift RPC system
The npm package thrift receives a total of 227,305 weekly downloads. As such, thrift popularity was classified as popular.
We found that thrift demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.