
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@laziest/web
Advanced tools
@laziest/webBrowser-only runtime utilities for web applications.
This package currently provides a ResourceManager for preloading runtime assets such as images, fonts, audio, video, lottie JSON, JSON, text, and binary files.
import {
ResourceManager,
ResourcePreloadError,
consoleResourceLogger,
shouldLog,
} from '@laziest/web'
ResourceManager is designed to be created per scene or per page-level preload workflow. Components in the same scene should share the same manager instance.
import { ResourceManager } from '@laziest/web'
const manager = new ResourceManager({
concurrency: 4,
logLevel: 'info',
})
await manager.preload({
images: ['/images/hero.webp', '/images/logo.png'],
fonts: [
{
family: 'Brand Sans',
url: '/fonts/brand-sans.woff2',
},
],
audio: ['/audio/click.mp3'],
lottie: ['/animations/intro.json'],
json: ['/data/bootstrap.json'],
})
When all required resources finish successfully, preload() resolves with a completed result.
If any required resource reaches a final failure, preload() rejects with ResourcePreloadError.
Resources are passed by bucket. The bucket itself defines the resource type, so each item does not need its own type field.
await manager.preload({
images: [
'/images/hero.webp',
{ url: '/images/banner.webp', optional: true },
],
fonts: [
{
family: 'Brand Sans',
url: '/fonts/brand-sans.woff2',
descriptors: { weight: '400', style: 'normal' },
},
],
audio: [
'/audio/click.mp3',
{
url: '/audio/bgm.mp3',
preload: 'auto',
crossOrigin: 'anonymous',
},
],
video: [
{
url: '/video/intro.mp4',
preload: 'metadata',
},
],
lottie: ['/animations/intro.json'],
json: [
{
url: '/api/bootstrap.json',
requestInit: {
headers: {
Accept: 'application/json',
},
},
},
],
text: ['/copy/legal.txt'],
binary: ['/models/mesh.bin'],
})
Supported buckets:
imagesfontsaudiovideolottiejsontextbinaryThe manager itself is the shared state container. A common pattern is:
manager.preload() in one placemanager.getSnapshot() in another placemanager.subscribe() for live updatesconst manager = new ResourceManager({ concurrency: 3 })
const unsubscribe = manager.subscribe(({ snapshot, event }) => {
if (event.type === 'item-progress') {
console.log('loading', event.item.url, event.item.transfer)
}
console.log('progress', snapshot.completed, '/', snapshot.total)
console.log('currently loading', snapshot.activeItems.map((item) => item.url))
})
const current = manager.getSnapshot()
console.log(current.status)
try {
await manager.preload({
images: ['/images/hero.webp'],
json: ['/data/bootstrap.json'],
})
} finally {
unsubscribe()
}
Snapshot fields include:
status: idle | running | completed | failed | abortedtotalqueuedloadingsucceededfailedskippedcompletedprogress: 0 to 1activeItems: items currently in progressrecentlyCompleted: items that already finishederrorswarningsCommon event types include:
session-starteditem-starteditem-progressitem-succeededitem-retryingitem-failedwarningsession-completedsession-failedsession-abortedsession-resetRequired resources fail the preload session. Optional resources are converted into warnings and skipped.
import { ResourceManager, ResourcePreloadError } from '@laziest/web'
const manager = new ResourceManager()
try {
await manager.preload({
images: ['/images/hero.webp'],
json: ['/data/bootstrap.json'],
})
} catch (error) {
if (error instanceof ResourcePreloadError) {
console.error(error.result.status)
console.error(error.result.errors)
console.error(error.result.warnings)
} else {
throw error
}
}
Failure categories include:
httpnetworktimeoutabortdecodeparseunsupportedunknownImportant behavior:
404 on a required resource is a final failure and rejects preload()optional: true and become skipped warnings after final failureabort() ends the active session and causes the pending preload promise to rejectYou can control output with logLevel or inject your own logger.
const manager = new ResourceManager({
logLevel: 'info',
})
Available levels:
silenterrorwarninfodebugYou can also provide a custom logger:
const manager = new ResourceManager({
logLevel: 'debug',
logger: {
error(message, context) {
console.error(message, context)
},
warn(message, context) {
console.warn(message, context)
},
info(message, context) {
console.info(message, context)
},
debug(message, context) {
console.debug(message, context)
},
},
})
The package also exports:
consoleResourceLoggershouldLog(currentLevel, targetLevel)Use concurrency to limit how many resources are actively loading at once.
const manager = new ResourceManager({
concurrency: 6,
})
Use retry to tune transient failure handling.
const manager = new ResourceManager({
retry: {
maxRetries: 2,
delayMs: 300,
backoff: 'exponential',
shouldRetry(failure, attempt) {
if (failure.category === 'http' && failure.status === 429) {
return attempt <= 3
}
return failure.retriable
},
},
})
Default retry intent:
404unknown failures once by default unless shouldRetry overrides itDeduplication is per ResourceManager instance.
preload() calls with the same resources while a session is still running reuse the same active promiseThis is intentional. If different pages or scenes need independent preload workflows, they should create independent manager instances.
const manager = new ResourceManager({
resetClearsCache: true,
})
const promise = manager.preload({
images: ['/images/hero.webp'],
})
manager.abort()
try {
await promise
} catch (error) {
// aborted sessions reject
}
manager.reset()
Behavior:
abort() stops the active sessionreset() clears the observable state back to idleresetClearsCache is true, reset() also clears successful-resource cacheBuilt-in loaders cover the standard browser resource types. If needed, you can override specific loader behavior through loaders.
const manager = new ResourceManager({
loaders: {
json: async (item, context) => {
const response = await fetch(item.url, {
...item.requestInit,
signal: context.signal,
})
if (!response.ok) {
throw response
}
return await response.json()
},
},
})
Custom loaders should:
context.signalResponse object for HTTP failures if you want built-in HTTP classificationclass ResourceManager {
constructor(options?: ResourceManagerOptions)
preload(resources?: ResourceBuckets): Promise<CompletedPreloadResult>
subscribe(listener: ResourceManagerSubscriber): () => void
getSnapshot(): ResourceManagerSnapshot
abort(): void
reset(): void
}
Main exports:
ResourceManagerResourcePreloadErrorconsoleResourceLoggershouldLoglottie preloading only guarantees the JSON payload is ready. It does not create a lottie renderer instance.Content-Length.FAQs
面向浏览器运行时的 Web 工具集。
We found that @laziest/web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.