I found these two bindings of ZMQ for Node.js. It seems, that both offer an equivalent API. Does anyone know pros and/or cons?
https://www.npmjs.com/package/zmq
https://www.npmjs.com/package/zeromq
https://www.npmjs.com/package/zeromq points to this github repo https://github.com/zeromq/zeromq.js which is maintained by the official zeromq project.
If the api is equivalent then choose the project that has the most incentive to keep up to date and support customers (such as yourself).
In this case, use the more official client.
Related
I need to develop one project on hyperledger-fabric using a GO SDK. But as per the latest release GO SDKs that have not yet been officially released.
I had gone through with this post. But still, is it better to use a Go-SDK for any development of the product? So anyone knows it's products or web projects which are in used?
From the chat of the go-sdk-fabric:
fabric-sdk-go is stable. The reason that still in beta just for missing some documentation
The package works but it is kind of a mess, the only documentation are the chainhero example, the test files and the go-doc. There are a lot of package and some of them seems to do the same but they're not always compatible with each other.
Anyone can publish their Node.js package to open Node Package Manager (npm) pool.
Is there any security checks for published packages so that I can be sure that a new package won't contain any harmful code?
Also it's interesting to know if there is any voting system for node packages so that I can pick out the most voted package from a bunch of similar node packages?
The Node Security Platform is a tool designed to help developers do just that! You can test your project dependencies for known vulnerabilities in a variety of ways - from the command line, integrated with your CI system, or integrated with github.
The vulnerabilities are discovered via two sources:
A team of seasoned node.js security professionals actively auditing modules on npm.
Submissions from community members, which are verified by the aforementioned team.
It's also free to use the command line tool, as well as integration with open source github repositories.
If you are using npm enterprise, nsp is also partnered with npm to provide sidebar integration. This allows you to see vulnerability information right from the npme web ui, which sounds like what you are looking for.
As far as module popularity goes, there is a website that does this to some degree at nodejsmodules.org. I use it from time to time, but beware - they've got a very expired HTTPS cert.
Disclosure: I am an employee of ^Lift Security, the company behind the Node Security Platform.
You can also use https://nodesecurity.io/ to add security checks into your GitHub pull request flow.
If you perform a search on npmjs.com before pulling a module into your system the index of all packages on npmjs.com takes into account maintenance, quality, etc."
npm search is also a good option for npm package voting.
The npms analyzer continuously analyzes the npm ecosystem, gathering as much information as possible from a variety of sources, including GitHub, David and nsp. Using the collected information, a final score for each package is calculated based on four different aspects: Quality, Maintenance, Popularity, and Personalities
I am interested in playing around with the Q & A service, the demo app uses the REST API and I am wondering if the service can be used with the newer watson-developer-cloud module and if so where can I find an example or documentation for those functions.
The demo is online at Q&A Node.js demo but this uses the older REST API.
Thanks,
Andy
Yes, you should be able to use the service with the newer watson-developer-cloud module, but there's no updated demo. Note, that the module was not changed drastically enough that it should really matter.
The README.md file for the Github repository containing the project has a full set of usage instructions.
I'm creating a npm package that only contains Sass, a small framework. I only want this package to contain the Sass (and a few grunt plugins) so that someone can install and build it without installing the documentation.
But in the case where someone wants to contribute to the project having only the Sass files isn't all that helpful. They would need the documentation (or an example) to view the changes.
So I would like 2 packages; 1 for the framework and 1 for the documentation.
The documentation package would require the framework, the framework package may or may not require the documentation. (You would never update the framework from documentation, only the documentation, but the framework is needed.)
Documentation required = wanting to contribute to framework
Documentation not required = just wanting to use the framework in a project
Basically, I want to give the person installing the framework the option of getting the docs or not.
Is this possible using dependencies vs devDependencies vs peerDependencies?
Thanks!
From above:
To someone who wants to contribute, wouldn't Github be a better option? They could just clone the repo instead of installing it from npm. You could use npmignore to ignore all the documentation from npm package, which will still remain on Github
Thanks #laggingreflex
Is there an official or "blessed" Node.js NPM module for interacting with SoundCloud.
There are a few wrapper API's around. I'm wondering whether there is a favoured one by the community.
Thanks.
There is one.
https://github.com/podviaznikov/soundcloud-node
npm install soundcloud
there is NOT a blessed module for node.js. There is a decent pacakge here: https://github.com/khilnani/soundclouder.js/blob/master/lib/soundclouder.js
It's currently maintained but still pretty basic
I just updated my own Soundcloud NodeJS Api-Wrapper Package: https://www.npmjs.com/package/soundcloud-nodejs-api-wrapper
You can do server side only API communication, which includes data manipulation on the account for the given credentials. No user permission popup window is needed.
So far I did not found any other package for nodejs supporting this.