Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
ycb
YCB is a multi-dimensional configuration library that builds bundles from resource files describing a variety of values.
Yahoo! Configuration Bundle
YCB is a multi-dimensional configuration library that builds bundles from resource files describing a variety of values. The library allows applications to configure themselves based on multiple dimensions describing locations, languages, environments, etc.
Install
npm install ycb --save
Usage
import YCB from 'ycb';
const configArray = [
{
dimensions: [
{
environment: {
dev: null,
staging: null,
test: null,
prod: null,
},
},
{
device: {
desktop: null,
mobile: {
tablet: null,
smartphone: null,
},
},
},
],
},
{
settings: ['main'],
host: 'example.com',
prefix: null,
},
{
settings: ['environment:dev'],
host: 'dev.example.com',
},
{
settings: ['environment:staging,test'],
host: 'stage.example.com',
},
{
settings: ['device:smartphone'],
prefix: 'm.',
},
];
const ycbObj = new YCB.Ycb(configArray);
const computedConfig = ycbObj.read({ environment: 'dev' });
console.log(computedConfig.host); // dev.example.com
Scheduling Changes
We can schedule configuration changes ahead of time by defining an interval along with a config and using the time aware read method. For example the following program.
import YCB from 'ycb';
const configArray = [
{
dimensions: [
{
environment: {
dev: null,
staging: null,
test: null,
prod: null,
},
},
{
region: {
us: null,
ca: null,
},
},
],
},
{
settings: ['main'],
host: 'example.com',
},
{
settings: {
dimensions: ['region:us'],
},
logo: 'logo.png',
},
{
settings: {
dimensions: ['region:us'],
schedule: {
start: '2019-11-28T00:04:00Z',
end: '2019-11-29T00:04:00Z',
},
},
logo: 'thanksgiving-logo.png',
},
];
const ycbObj = new YCB.Ycb(configArray, { cacheInfo: true });
const config1 = ycbObj.readTimeAware({ region: 'us' }, 0);
const config2 = ycbObj.readTimeAware({ region: 'us' }, 1574899440000);
const config3 = ycbObj.readTimeAware({ region: 'us' }, 1574985840001);
console.log(config1);
console.log(config2);
console.log(config3);
will print
{ host: 'example.com',
logo: 'logo.png',
__ycb_expires_at__: 1574899440000 }
{ host: 'example.com',
logo: 'thanksgiving-logo.png',
__ycb_expires_at__: 1574985840001 }
{ host: 'example.com', logo: 'logo.png' }
These intervals are closed and either start or end may be omitted to define a one sided interval.
To support proper cache expiration one may set the cacheInfo option, in which case the next time the config will change is added to the returned object.
Examples
Examples are provided in the tests directory.
License
BSD see LICENSE.txt
FAQs
YCB is a multi-dimensional configuration library that builds bundles from resource files describing a variety of values.
The npm package ycb receives a total of 1,504 weekly downloads. As such, ycb popularity was classified as popular.
We found that ycb demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 12 Sep 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025