Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Made is a library for MAterials DEsign. It allows for creating and manipulating material structures from atoms up. The library is aimed to be used for the development of web applications, both on the client (web browser) and server (eg. Node.js) side. It has implementations in Python (including Pyodide) and JavaScript/TypeScript.
The package provides software concepts for interacting with Materials-related data structures. The concepts follow the ESSE Data Convention [1].
From NPM for use within a software project:
npm install @mat3ra/made
From PyPI for use within a software project:
pip install mat3ra-made
When willing to use the optional tools
module, install the package with the following command:
pip install "mat3ra-made[tools]"
As below
This repository is an open-source work-in-progress and we welcome contributions.
We regularly deploy the latest code containing all accepted contributions online as part of the Mat3ra.com platform, so contributors will see their code in action there.
We suggest forking this repository and introducing the adjustments there to be considered for merging into this repository as explained in more details here, for example.
Object-oriented design patterns encapsulate key concepts following the conventions below.
Classes follow the Exabyte Data Convention and data structures defined in ESSE [1]
Only materials-related code is considered. Properties related to simulation model parameters (eg. type of approximation, numerical parameters) shall go elsewhere.
tools
directory contains helper functions that act on one or more classes and include an external parameter. Functions that use class data without any external parameters should be implemented inside the class. For example, basis.clone()
is implemented in Basis
, but basis repetition is implemented as a tool in the correspondingly named function (tools/basis.js#repeat) because the repetion requires a parameter external to basis - number of repetitions in 3 spatial dimensions.
[Deprecated, use mat3ra-parsers or @mat3ra/parsers] parsers
directory contains the parsers to- and from- ESSE format mentioned in 1. All functionality related to external data conversion is contained in this directory.
[Outdated] Desirable features for implementation:
Made tests are written based on Mocha 6 testing framework and can be executed as follows.
git pull
git lfs pull
to get the latest test fixtures from LFS, and then:
npm install
npm test
Keep the tests directory structure similar to the main codebase directory structure. Every JS module in the main codebase should have a corresponding module in tests directory which implements the tests for provided functionality.
Add tests fixtures into fixtures directory. The fixtures are automatically stored on Git LFS 7.
If the fixtures are going to be used inside multiple cases, read and export them inside enums to avoid code duplicates.
Tests setup module can be used to implement the hooks that are used to prepare the tests environment.
Linter setup will prevent committing files that don't adhere to the code standard. It will
attempt to fix what it can automatically prior to the commit in order to reduce diff noise. This can lead to "unexpected" behavior where a
file that is staged for commit is not identical to the file that actually gets committed. This happens
in the lint-staged
directive of the package.json
file (by using a husky
pre-commit hook). For example,
if you add extra whitespace to a file, stage it, and try to commit it, you will see the following:
➜ made git:(feature/SOF-4398-TB) ✗ git add src/basis/constrained_basis.js
➜ made git:(feature/SOF-4398-TB) ✗ git commit -m "Test commit non-linted code"
✔ Preparing...
✔ Running tasks...
✖ Prevented an empty git commit!
✔ Reverting to original state because of errors...
✔ Cleaning up...
⚠ lint-staged prevented an empty git commit.
Use the --allow-empty option to continue, or check your task configuration
husky - pre-commit hook exited with code 1 (error)
The staged change may remain but will not have been committed. Then it will look like you still have a staged change to commit, but the pre-commit hook will not actually commit it for you, quite frustrating! Styling can be applied manually and fixed by running:
npm run lint:fix
In which case, you may need to then add the linter edits to your staging, which in the example above, puts the file back to identical with the base branch, resulting in no staged changes whatsoever.
In order for the WebStorm IDE to take full advantage of the linting configuration, it can be configured in the project:
Preferences -> Languages & Frameworks -> JavaScript -> Code Quality Tools -> ESLint
Automatic ESLint configuration
which should infer all the configurations from the project directoryPython 3.8+ is required to run the tests. We recommend using PyEnv to manage Python versions. Tests are written based on PyTest and can be executed as follows.
virtualenv .venv
source .venv/bin/activate
pip install ".[tests]"
pytest tests/py
Conventions:
To build and serve locally, use the following command:
wheel_server
More details can be found in the script documentation.
To be added.
As below:
FAQs
MAterials DEfinitions and/or MAterials DEsign library.
We found that mat3ra-made demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.