Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@lumino/polling
Advanced tools
This package provides a class for generic polling functionality (Poll
). It
also provides rate limiters (Debouncer
and Throttler
).
The Poll
class provides three different ways to "subscribe" to poll ticks:
@lumino/signaling
: Poll#ticked
is a Lumino signal that
emits each time there is a poll tick.Promise
-based: Poll#tick
is a promise that resolves after every tick and
only rejects when the poll is disposed.AsyncIterable
: Poll#[
Symbol.asyncIterator]
implements the async iterable
protocol that allows iteration using for-await...of
loops.These are examples from the unit tests for this package. They demonstrate the three different ways polling is supported.
Poll#tick
promiseHere, we set up the testing state variables and create a new Poll
instance.
const expected = 'started resolved resolved';
const ticker: IPoll.Phase<any>[] = [];
const tock = (poll: Poll) => {
ticker.push(poll.state.phase);
poll.tick.then(tock).catch(() => undefined);
};
const poll = new Poll({
auto: false,
factory: () => Promise.resolve(),
frequency: { interval: 100, backoff: false }
});
Next we assign the tock
function to run after the poll ticks and
we start the poll.
void poll.tick.then(tock);
void poll.start();
And we verify that the ticker
did indeed get populated when tock
was called and the next promise was captured as well.
await sleep(1000); // Sleep for longer than the interval.
expect(ticker.join(' ').startsWith(expected)).to.equal(true);
poll.dispose();
Poll#ticked
signalHere, we set up the testing state variables and create a new Poll
instance.
const poll = new Poll<void, void>({
factory: () => Promise.resolve(),
frequency: { interval: 100, backoff: false }
});
Here we connect to the ticked
signal and simply check that each
tick matches the poll state
accessor's contents.
poll.ticked.connect((_, tick) => {
expect(tick).to.equal(poll.state);
});
await sleep(1000); // Sleep for longer than the interval.
poll.dispose();
Poll
as an AsyncIterable
Here, we set up the testing state variables and create a new Poll
instance.
let poll: Poll;
let total = 2;
let i = 0;
poll = new Poll({
auto: false,
factory: () => Promise.resolve(++i > total ? poll.dispose() : void 0),
frequency: { interval: Poll.IMMEDIATE }
});
const expected = `started${' resolved'.repeat(total)}`;
const ticker: IPoll.Phase<any>[] = [];
Then the poll is started:
void poll.start();
Instead of connecting to the ticked
signal or awaiting the tick
promise, we can now use a for-await...of
loop:
for await (const state of poll) {
ticker.push(state.phase);
if (poll.isDisposed) {
break;
}
}
And we check to make sure the results are as expected:
// ticker and expected both equal:
// 'started resolved resolved disposed'
expect(ticker.join(' ')).to.equal(expected);
In order to use for-await...of
loops in TypeScript, you will need to use ES2018
or above in your lib
array in tsconfig.json
.
FAQs
Lumino Polling
The npm package @lumino/polling receives a total of 26,179 weekly downloads. As such, @lumino/polling popularity was classified as popular.
We found that @lumino/polling demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.