Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Battle-tested Ruby framework to help structuring your business logic.
Trailblazer introduces new abstraction layers into Ruby applications to help you structure your business logic.
It ships with our canonical "service object" implementation called operation, many conventions, gems for testing, Rails support, optional form objects and much more.
Give us a chance if you say "yes" to this!
Yes? Then we got a well-seasoned framework for you: Trailblazer.
Here are the main concepts.
The operation encapsulates business logic and is the heart of the Trailblazer architecture.
An operation is not just a monolithic replacement for your business code. It's a simple orchestrator between the form objects, models, your business code and all other layers needed to get the job done.
# app/concepts/song/operation/create.rb
module Song::Operation
class Create < Trailblazer::Operation
step :create_model
step :validate
left :handle_errors
step :notify
def create_model(ctx, **)
# do whatever you feel like.
ctx[:model] = Song.new
end
def validate(ctx, params:, **)
# ..
end
# ...
end
end
The step
DSL takes away the pain of flow control and error handling. You focus on what happens: creating models, validating data, sending out notifications.
The operation takes care when things happen: the flow control. Internally, this works as depicted in this beautiful diagram.
The best part: the only way to invoke this operation is Operation.call
. The single entry-point saves programmers from shenanigans with instances and internal state - it's proven to be an almost bullet-proof concept in the past 10 years.
result = Song::Operation::Create.(params: {title: "Hear Us Out", band: "Rancid"})
result.success? #=> true
result[:model] #=> #<Song title="Hear Us Out" ...>
Data, computed values, statuses or models from within the operation run are exposed through the result
object.
Operations can be nested, use composition and inheritance patterns, provide variable mapping around each step, support dependency injection, and save you from reinventing the wheel - over and over, again.
Leveraging those functional mechanics, operations encourage a high degree of encapsulation while giving you all the conventions and tools for free (except for a bit of a learning curve).
In the past years, we learnt from some old mistakes and improved developer experience. As a starter, check out our built-in tracing!
result = Song::Operation::Create.wtf?(params: {title: "", band: "Rancid"})
Within a second you know which step failed - a thing that might seem trivial, but when things grow and a deeply nested step in an iteration fails, you will start loving #wtf?
! It has saved us days of debugging.
We even provide a visual debugger to inspect traces on the webs.
All our abstraction layers such as operations, form objects, view components, test gems and much more are used in hundreds of OSS projects and commercial applications in the Ruby world.
We provide a visual debugger, a BPMN editor for long-running business processes, thorough documentation and a growing list of onboarding videos (TRAILBLAZER TALES).
Trailblazer is both used for refactoring legacy apps (we support Ruby 2.5+) and helps big teams organizing, structuring and debugging modern, growing (Rails) applications.
Make sure to check out the new beginner's guide to learning Trailblazer. The new book discusses all aspects in a step-wise approach you need to understand Trailblazer's mechanics and design ideas.
FAQs
Unknown package
We found that trailblazer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.