Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
zeromq-stable
Advanced tools
Users | From Source | Contributors and Development | Maintainers
Version 5.0.0 introduced zero-copy logic, which has proven to be leaky and crash-prone. This is intended as a quick stopgap to provide Node 10 binaries using the existing logic.
Unfortunately I couldn't get appveyor to work, so there are no Windows builds.
For all problems, create an issue in the main project. This version will not be maintained.
zeromq
: Your ready to use, prebuilt ØMQ
bindings for Node.js.
ØMQ provides handy functionality when working with sockets. Yet, installing dependencies on your operating system or building ØMQ from source can lead to developer frustration.
zeromq simplifies creating communications for a Node.js application by providing well-tested, ready to use ØMQ bindings. zeromq supports all major operating systems, including:
Use zeromq and take advantage of the elegant simplicity of binaries.
We rely on prebuild
.
Install zeromq
with the following:
npm install zeromq
windows users:
do not forget to set msvs_version according to your visual studio version 2013,2015,2017
npm config set msvs_version 2015
Now, prepare to be amazed by the wonders of binaries.
To use your system's libzmq (if it has been installed and development headers are available):
npm install zeromq --zmq-external
If you want to use zeromq
inside your Electron application
it needs to be rebuild against Electron headers. We ship prebuilt binaries for Electron so you won't need to build zeromq
from source.
You can rebuild zeromq
manually by running:
npm rebuild zeromq --runtime=electron --target=1.4.5
Where target
is your desired Electron version. This will download the correct binary for usage in Electron.
For packaging your Electron application we recommend using electron-builder
which handles rebuilding automatically. Enable the npmSkipBuildFromSource
option to make use of the prebuilt binaries. For a real world example take a look at nteract.
If you are working on a Linux 32-bit system or want to install a development version, you have to build zeromq
from source.
Linux
python
(v2.7
recommended, v3.x.x
is not supported)make
Use your distribution's package manager to install.
macOS
python
(v2.7
recommended, v3.x.x
is not supported): already installed on Mac OS XXcode Command Line Tools
: Can be installed with xcode-select --install
Windows
Option 1: Install all the required tools and configurations using Microsoft's windows-build-tools by running npm install -g windows-build-tools
from an elevated PowerShell (run as Administrator).
Option 2: Install dependencies and configuration manually
Option 1: Install Visual C++ Build Tools using the Default Install option.
Option 2: Install Visual Studio 2015 (or modify an existing installation) and select Common Tools for Visual C++ during setup.
:bulb: [Windows Vista / 7 only] requires .NET Framework 4.5.1
v3.x.x
is not supported), and run npm config set python python2.7
npm config set msvs_version 2015
Now you can install zeromq
with the following:
npm install zeromq
To set up zeromq
for development, fork this repository and
clone your fork to your system.
Make sure you have the required dependencies for building zeromq
from source installed.
Install a development version of zeromq
with the following:
npm install
Run the test suite using:
npm test
Several example applications are found in the examples
directory. Use
node
to run an example. To run the 'subber' application, enter the
following:
node examples/subber.js
This example demonstrates how a producer pushes information onto a socket and how a worker pulls information from the socket.
producer.js
// producer.js
var zmq = require('zeromq')
, sock = zmq.socket('push');
sock.bindSync('tcp://127.0.0.1:3000');
console.log('Producer bound to port 3000');
setInterval(function(){
console.log('sending work');
sock.send('some work');
}, 500);
worker.js
// worker.js
var zmq = require('zeromq')
, sock = zmq.socket('pull');
sock.connect('tcp://127.0.0.1:3000');
console.log('Worker connected to port 3000');
sock.on('message', function(msg){
console.log('work: %s', msg.toString());
});
This example demonstrates using zeromq
in a classic Pub/Sub,
Publisher/Subscriber, application.
Publisher: pubber.js
// pubber.js
var zmq = require('zeromq')
, sock = zmq.socket('pub');
sock.bindSync('tcp://127.0.0.1:3000');
console.log('Publisher bound to port 3000');
setInterval(function(){
console.log('sending a multipart message envelope');
sock.send(['kitty cats', 'meow!']);
}, 500);
Subscriber: subber.js
// subber.js
var zmq = require('zeromq')
, sock = zmq.socket('sub');
sock.connect('tcp://127.0.0.1:3000');
sock.subscribe('kitty cats');
console.log('Subscriber connected to port 3000');
sock.on('message', function(topic, message) {
console.log('received a message related to:', topic, 'containing message:', message);
});
When making a release, do the following:
npm version minor && git push && git push --tags
Then, wait for the prebuilds to get uploaded for each OS. After the prebuilds are uploaded, run the following to publish the release:
npm publish
This codebase largely came from the npm module zmq
and was, at one point, named nteract/zmq-prebuilt
. It started as a community run fork of zmq
that fixed up the build process and automated prebuilt binaries. In the process of setting up a way to do statically compiled binaries of zeromq for node, zmq-static
was created. Eventually zmq-prebuilt
was able to do the job of zmq-static
and it was deprecated. Once zmq-prebuilt
was shipping for a while, allowed building from source, and suggesting people use it for electron + node.js, the repository moved to the zeromq org and it became official.
FAQs
ZeroMQ for node.js
The npm package zeromq-stable receives a total of 9 weekly downloads. As such, zeromq-stable popularity was classified as not popular.
We found that zeromq-stable demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.