Gathering detailed insights and metrics for inversify-components
Gathering detailed insights and metrics for inversify-components
Small framework on top of InversifyJS to enable component based dependency injection
Installations
npm install inversify-componentsDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
10.19.0
NPM Version
6.13.4
Score
71.6
Supply Chain
97.5
Quality
75.7
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Languages
3
TypeScript
JavaScript
Dockerfile
TypeScript (91.51%)
JavaScript (7.74%)
Dockerfile (0.75%)
Developer
webcomputing
Download Statistics
Total Downloads
52,783
Last Day
2
Last Week
7
Last Month
85
Last Year
1,181
GitHub Statistics
MIT License
28 Stars
116 Commits
7 Forks
6 Watchers
11 Branches
49 Contributors
Updated on Jun 08, 2025
Bundle Size
13.30 kB
Minified
4.46 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.5.0
Package Id
inversify-components@0.5.0
Unpacked Size
34.75 kB
Size
10.00 kB
File Count
30
NPM Version
6.13.4
Node Version
10.19.0
Total Downloads
Cumulative downloads
Total Downloads
52,783
Dependencies
1
Peer Dependencies
2
inversify-components
Small framework on top of InversifyJS to enable component based dependency injection. Each component describes its interfaces and bindings with the help of descriptors, and never accesses the dependency injection container directly. This enables you to:
- Develop loosely coupled and independent components, without exploiting your whole dependency injection container
- Enable / disable / mock whole components in your application
- Use scoped child containers, for example bind dependencies only to a http request
- Implement the extension point pattern to "plug-in" extensions of components from other components
Installation
Install inversify-components and set it as an dependency in your local package.json:
npm i --save inversify-components
Usage
Basic setup instructions
- Create the inversify-components container:
1import { ContainerImpl } from "inversify-components"; 2let container = new ContainerImpl(); 3// Also supports options: 4// let container = new ContainerImpl({ defaultScope: "Singleton" });
- Create your main application, which acts as the composition root:
1import { MainApplication } from "inversify-components"; 2 3class App implements MainApplication { 4 execute(container: Container) { 5 // Start your application using the container! 6 } 7}
- Register all components (see below) you would like to use:
1import { descriptor } from "my-component-descriptor"; 2container.componentRegistry.addFromDescriptor(descriptor);
- Register all bindings of all registered component descriptors
1container.componentRegistry.autobind(container.inversifyInstance);
- Optional: Configure some of your components:
1container.componentRegistry.lookup(nameOfComponent).addConfiguration({ 2 configurationKey: "configurationValue" 3});
- Start your application
1container.setMainApplication(new App()); 2container.runMain();
Components and component descriptors
inversify-components allows you to basically split your applications into independent components. To achieve this, each component exports
a component descriptor:
1import { ComponentDescriptor } from "inversify-components"; 2 3export const descriptor: ComponentDescriptor = { 4 name: "name-of-component", // This must be unique for all registered components 5 bindings: { 6 root: (bindService, lookupService) => { 7 // Binding of services is very similar to inversifyJS: 8 bindService.bindGlobalService<TypeOfService>("service-name").to(MyServiceClass); 9 10 // MyServiceClass is now bound to "name-of-component:service-name" and available in all other components. 11 } 12 } 13};
Notice that each binding gets the unique component name as a prefix. This guarantees that there are not duplicate service bindings across all registered components.
Grab inversify container
You are also able to grab the inversify coontainer in a ComponentDescriptor:
1import { ComponentDescriptor } from "inversify-components"; 2 3export const descriptor: ComponentDescriptor = { 4 name: "name-of-component", // This must be unique for all registered components 5 bindings: { 6 root: (bindService, lookupService, inversifyContainer) => { 7 // Unbind something.. 8 inversifyContainer.unbind("service"); 9 10 bindService.bindGlobalService<TypeOfService>("service-name").to(MyServiceClass); 11 } 12 } 13};
So if needed, you are always in full control inside your dependency descriptors.
Changing the scope of a binding
The above component descriptor executes bindings for the root scope. This is the default scope for inversify-components, which
is executed automatically at autobind. But you could also register bindings for a specific scope, and execute this scope
at application runtime to a specific point in time:
1import { ComponentDescriptor } from "inversify-components"; 2 3export const descriptor: ComponentDescriptor = { 4 name: "name-of-component", 5 bindings: { 6 root: (bindService, lookupService) => { 7 bindService.bindGlobalService<TypeOfService>("service-name").to(MyServiceClass); 8 } 9 request: (bindService, lookupService) => { 10 // Is not available at application start, but as soon as you open your "request" scope: 11 bindService.bindGlobalService<TypeOfService>("current-session").toDynamicValue(....); 12 } 13 } 14}; 15 16// In your MainApplication / App, as soon as you would like to open the above "request" scope: 17// 1) Create inversify child container 18let scopedRequestContainer = container.inversifyInstance.createChild(); 19 20// 2) Possibly bind some dependent values to this container, e. g. the current request headers and body: 21scopedRequestContainer.bind("request-body").toConstantValue(currentRequestBody); 22 23// 3) Execute scoped "request" bindings in this container 24container.componentRegistry.autobind(scopedRequestContainer, [], "request"); 25 26// 4) Go on in your compoisiton root with child container 27scopedRequestContainer.get(...) // Maybe your request handler?
Using extension points
To enable plugging into your component, you can define extension points. This is done using symbols.
Component A: The component which owns the extension point and wants to load plugins:
1import { ComponentDescriptor } from "inversify-components"; 2import { injectable, multiInject, optional } from "inversify"; 3 4const myExtensionPoints = { 5 "firstExtensionPoint": Symbol("first-extension-point") 6} 7 8export const descriptor: ComponentDescriptor = { 9 name: "component-a", 10 11 // Register all available extension points 12 interfaces: myExtensionPoints 13}; 14 15@injectable() 16class ClassUsingPlugins { 17 // Now you can just inject all plugins registered at firstExtensionPoint and use them: 18 constructor(@optional() @multiInject(myExtensionPoints.firstExtensionPoint) plugins) { 19 this.plugins = plugins; 20 } 21}
Component B: The component which adds a plugin to extension point firstExtensionPoint:
1export const descriptor: ComponentDescriptor = { 2 name: "component-b", 3 bindings: { 4 root: (bindService, lookupService) => { 5 let extensionPoint = lookupService.lookup("component-a").getInterface("firstExtensionPoint"); 6 bindService.bindExtension<ExtensionType>(extensionPoint).to(MyPluginClass); 7 } 8 } 9};
Configuration
The basic style of configuring components is described in this gist. This style enables you to define default and required configurations without hassle.
Set default configuration
You can set a default configuration for your component by adding it to your descriptor:
1const configuration: Configuration.Default = { 2 "configurationKey": "configurationValue"; 3}; 4 5export const descriptor: ComponentDescriptor<Configuration.Default> = { 6 name: "my-component-name", 7 defaultConfiguration: configuration 8}
Inject configuration values
In all of your classes, you can inject your component meta data, which includes the components configuration:
1import { inject, injectable } from "inversify"; 2import { Component } from "inversify-components"; 3 4@injectable() 5class MyClass { 6 constrcutor(@inject("meta:component//my-component-name") component: Component<Configuration.Runtime>) 7 this.configuration = this.component.configuration; 8 } 9}
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/25 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating node:10 to node:10@sha256:59531d2835edd5161c8f9512f9e095b1836f7a1fcb0ab73e005ec46047384911
- Warn: npmCommand not pinned by hash: .devcontainer/Dockerfile:6
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 6 are checked with a SAST tool
Reason
21 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-897m-rjf5-jp39
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
1.6
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More