Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The wonka package is a lightweight but powerful stream library for TypeScript and JavaScript. It allows for the creation, manipulation, and consumption of streams of values over time. It's particularly useful for handling asynchronous operations and events in a functional reactive programming style.
Creating streams
This feature allows for the creation of streams from various sources. In this example, a stream is created from an array.
import { fromArray } from 'wonka';
const stream = fromArray([1, 2, 3]);
Transforming streams
This feature demonstrates how to transform streams using operators like `map`. In the example, each value in the stream is doubled.
import { fromArray, map } from 'wonka';
const stream = fromArray([1, 2, 3]);
const doubled = map(x => x * 2)(stream);
Consuming streams
This feature shows how to consume streams. The `forEach` operator is used to log each value from the stream to the console.
import { fromArray, forEach } from 'wonka';
const stream = fromArray([1, 2, 3]);
forEach(x => console.log(x))(stream);
RxJS is a comprehensive library for reactive programming using Observables. It offers a wider range of operators than wonka, making it more powerful but also larger in size. It's well-suited for complex data flow scenarios.
xstream is a library designed for creating and working with streams of values. It's similar to wonka in its focus on streams but differs in API and operator availability. It's known for its simplicity and small bundle size.
Most.js is a high-performance reactive programming library. It focuses on providing a rich set of operators for composing asynchronous and event-based programs. It's known for its speed and efficiency compared to other streaming libraries.
A tiny but capable push & pull stream library for TypeScript and Flow, loosely following the callbag spec
NOTE: The currently released version v6 is only compatible now with TypeScript, Flow, and JavaScript. If you're looking for Reason/OCaml/esy/dune support, please check v5, and if you're looking for the legacy version of this library check v4.
“There’s no earthly way of knowing
Which direction we are going
There’s no knowing where we’re rowing
Or which way the river’s flowing” - Willy Wonka
Wonka is a lightweight iterable and observable library loosely based on the callbag spec. It exposes a set of helpers to create streams, which are sources of multiple values, which allow you to create, transform and consume event streams or iterable sets of data.
See the documentation at wonka.kitten.sh for more information about using wonka
!
The raw markdown files can be found in this repository in the docs
folder.
FAQs
A tiny but capable push & pull stream library for TypeScript and Flow
The npm package wonka receives a total of 1,304,980 weekly downloads. As such, wonka popularity was classified as popular.
We found that wonka demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.