Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
pivotal-observational
Advanced tools
= Observational
How many times have you seen this in a rails app?
class User after_create :deliver_welcome_message
protected
def deliver_welcome_message
Notifier.deliver_welcome_message(self)
end
end
Why is the user concerned with the delivery of his own welcome message? It seems like the Notifier should be responsible for that.
Observational makes it possible to make it the Notifier's responsibility, using the observer pattern.
The equivalent of the above example is:
class Notifier < ActionMailer::Base observes :user, :invokes => :deliver_welcome_message, :after => :create
def welcome_message(user)
# do mailer stuff here
end
end
After a user is created, Notifier.deliver_welcome_message(that_user) will be invoked.
It's also possible to specify that the observer method gets called with a specific attribute from the observed object.
class Creditor observes :message, :invokes => :use_credit, :with => :creator, :after => :create
def use_credit(user)
# do something
end
end
After a message is created, Creditor.use_credit(message.creator) will be called.
Observational supports all of ActiveRecord's callbacks.
== YARDOC
Observational uses YARD, because it's a million times better than RDoc. You can find the docs at {docs.github.com/giraffesoft/observational}[http://docs.github.com/giraffesoft/observational]
== General Purpose Observers
Observational can also be used to add observers to ruby classes that aren't related to active_record. But, that's not documented yet :-).
== Copyright
Copyright (c) 2009 James Golick. See LICENSE for details.
FAQs
Unknown package
We found that pivotal-observational demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.