Supply Chain Security
Vulnerability
Quality
Maintenance
License
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Racket Registry was originally intended for use in my home-made web framework, racket, but since there are no hard dependencies on anything else I realized that it might be better for it to live in its own gem.
The intention of the this library is to provide a very simple dependency injection container. Although not as useful in ruby as in less dynamic languages, I still think using a service container has its uses.
Racket Registry allows you to register two kinds of callbacks, non-singletons and singletons. Registering also means that the container gets a new public method corresponding to the key used when registering the callback.
require 'racket/registry'
registry = Racket::Registry.new
# Registering a non-singleton proc
registry.register(:foo, lambda { Object.new })
# obj1 and obj2 will be two different objects
obj1 = registry.foo
obj2 = registry.foo
# Registering a singleton proc
registry.singleton(:bar, lambda { Object.new })
# obj1 and obj2 will be the same object
obj1 = registry.bar
obj2 = registry.bar
class Simple
def initialize(text)
@text = text
end
end
class NotSoSimple
def initialize(text, simple_first, simple_second)
@text = text
@simple_first = simple_first
@simple_second = simple_second
end
end
require 'racket/registry'
registry = Racket::Registry.new
# When giving your block a parameter, the container will be inserted into it
# making it easy to get other entries in the container. The order of the registrations
# does not matter, the dependencies will not be resolved until
# explicly requested.
registry.singleton(
:baz,
lambda { |r| NotSoSimple.new('baz', r.foo, r.bar) }
)
registry.singleton(:bar, lambda { |r| Simple.new('bar') })
registry.singleton(:foo, lambda { |r| Simple.new('foo') })
# registry.foo and registry.bar will be resolved on the first
# call to registry.baz
registry.baz
If you don't want to use a proc, you can also use a block when registering a callback.
require 'racket/registry'
registry = Racket::Registry.new
# Proc syntax
registry.register(:foo, lambda { Object.new })
# Block syntax
registry.register(:foo) { Object.new }
If you want to "unregister" a specific callback, you can use registry.forget(key). If you want to unregister all callbacks,
you can use registry.forget_all.
When registering a callback, you must use a string/symbol as key. Since the registry is also defining a new public method, the key must represent a valid method name and also not collide with any public method in the registry.
FAQs
Unknown package
We found that racket-registry demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
Security News
TypeScript Native Previews offers a 10x faster Go-based compiler, now available on npm for public testing with early editor and language support.
Research
Security News
Malicious npm packages targeting React, Vue, Vite, Node.js, and Quill remained undetected for two years while deploying destructive payloads.