Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@codspeed/benchmark.js-plugin
Advanced tools
@codspeed/benchmark.js-plugin
Benchmark.js compatibility layer for CodSpeed
Documentation
Check out the documentation for complete integration instructions.
Installation
First, install the plugin @codspeed/benchmark.js-plugin and benchmark.js (if not already installed):
npm install --save-dev @codspeed/benchmark.js-plugin benchmark.js
or with yarn:
yarn add --dev @codspeed/benchmark.js-plugin benchmark.js
or with pnpm:
pnpm add --save-dev @codspeed/benchmark.js-plugin benchmark.js
Usage
Let's create a fibonacci function and benchmark it with benchmark.js and the CodSpeed plugin:
import Benchmark from "benchmark";
import { withCodSpeed } from "@codspeed/benchmark.js-plugin";
function fibonacci(n) {
if (n < 2) {
return n;
}
return fibonacci(n - 1) + fibonacci(n - 2);
}
const suite = withCodSpeed(new Benchmark.Suite());
suite
.add("fibonacci10", () => {
fibonacci(10);
})
.add("fibonacci15", () => {
fibonacci(15);
})
.on("cycle", function (event: Benchmark.Event) {
console.log(String(event.target));
})
.run();
Here, a few things are happening:
- We create a simple recursive fibonacci function.
- We create a new
Benchmark.Suiteinstance with CodSpeed support by using thewithCodSpeedhelper. This step is critical to enable CodSpeed on your benchmarks. - We add two benchmarks to the suite and launch it, benching our
fibonaccifunction with 10 and 15.
Now, we can run our benchmarks locally to make sure everything is working as expected:
$ node benches/bench.mjs
[CodSpeed] 2 benches detected but no instrumentation found
[CodSpeed] falling back to benchmark.js
fibonacci10 x 2,155,187 ops/sec ±0.50% (96 runs sampled)
fibonacci15 x 194,742 ops/sec ±0.48% (95 runs sampled)
And... Congrats🎉, CodSpeed is installed in your benchmarking suite! Locally, CodSpeed will fallback to tinybench since the instrumentation is only available in the CI environment for now.
You can now run those benchmarks in your CI to continuously get consistent performance measurements.
FAQs
Benchmark.js compatibility layer for CodSpeed
The npm package @codspeed/benchmark.js-plugin receives a total of 13,248 weekly downloads. As such, @codspeed/benchmark.js-plugin popularity was classified as popular.
We found that @codspeed/benchmark.js-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 24 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025