Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
topo
Advanced tools
Package description
The 'topo' npm package is a module that provides a way to manage topological sorting of nodes with dependencies. It is useful for scenarios where you need to order items based on their dependencies, ensuring that each item appears after its dependencies have been processed.
Adding Nodes
This feature allows you to add nodes to the topo instance. Each node can be assigned to a group and can specify dependencies using the 'after' and 'before' options.
const Topo = require('topo');
const topo = new Topo();
topo.add('a', { group: 'group1' });
topo.add('b', { group: 'group2', after: ['group1'] });
console.log(topo.nodes);
Sorting Nodes
This feature sorts the nodes based on their dependencies. The 'sort' method returns an array of nodes in the correct order, ensuring that each node appears after its dependencies.
const Topo = require('topo');
const topo = new Topo();
topo.add('a', { group: 'group1' });
topo.add('b', { group: 'group2', after: ['group1'] });
topo.add('c', { group: 'group3', before: ['group2'] });
const sorted = topo.sort();
console.log(sorted);
Handling Cyclic Dependencies
This feature demonstrates how the topo package handles cyclic dependencies. If a cyclic dependency is detected, an error is thrown, preventing the sort operation from completing.
const Topo = require('topo');
const topo = new Topo();
topo.add('a', { group: 'group1' });
topo.add('b', { group: 'group2', after: ['group1'] });
topo.add('c', { group: 'group3', after: ['group2', 'group1'] });
topo.add('d', { group: 'group4', after: ['group3', 'group1'] });
try {
topo.add('e', { group: 'group5', after: ['group4', 'group1', 'group3'] });
topo.add('f', { group: 'group6', after: ['group5', 'group2'] });
const sorted = topo.sort();
console.log(sorted);
} catch (err) {
console.error('Cyclic dependency detected:', err.message);
}
The 'dependency-graph' package provides a similar functionality for managing and sorting dependencies. It allows you to create a directed graph of dependencies and sort them topologically. Compared to 'topo', 'dependency-graph' offers more flexibility in terms of graph manipulation and querying.
The 'graphlib' package is a general-purpose graph library that supports directed and undirected graphs. It includes algorithms for topological sorting, shortest paths, and more. While 'graphlib' is more comprehensive and versatile, 'topo' is more focused on topological sorting with a simpler API.
The 'toposort' package is a lightweight library specifically designed for topological sorting. It provides a straightforward API for adding nodes and dependencies and then sorting them. 'toposort' is simpler and more focused compared to 'topo', which offers additional features like grouping and handling cyclic dependencies.
Readme
Topological sorting with grouping support.
Lead Maintainer: Devin Ivy
See the API Reference
Example
var Topo = require('topo');
var morning = new Topo();
morning.add('Nap', { after: ['breakfast', 'prep'] });
morning.add([
'Make toast',
'Pour juice'
], { before: 'breakfast', group: 'prep' });
morning.add('Eat breakfast', { group: 'breakfast' });
morning.nodes; // ['Make toast', 'Pour juice', 'Eat breakfast', 'Nap']
FAQs
Unknown package
We found that topo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.