Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@macfja/nestjs-queue
Advanced tools
A Nestjs module to create queues and actions that need to check freshness of a data.
A Nestjs module to create queues and actions that need to check freshness of a data.
npm install @macfja/nestjs-queue
# or
pnpm add --save @macfja/nestjs-queue
# or
yarn add --save @macfja/nestjs-queue
# or
bun add --save @macfja/nestjs-queue
In your main module
import { QueueModule } from "@macfja/nestjs-queue"
import { Module } from "@nestjs/common"
import { Oauth2Needed } from "./oauth2need.service.ts" // See below
@Module({
imports: [
QueueModule.register({
needs: [{ name: 'oauth2', needed: Oauth2Needed }],
queues: ['oldServer']
})
]
})
export class MainModule {}
Create a need checker support class
// ./oauth2need.service.ts
import { type NeedCheckerInterface } from "@macfja/nestjs-queue"
export type TokenType = {
exp: number;
val: string;
}
@Injectable()
export class Oauth2Needed implements NeedCheckerInterface<TokenType> {
isFresh(token) {
return Promise.resolve(token.exp < Date.now())
}
fetcher() {
return fetch('https://myTokenEndpoint/token').then(response => response.text())
}
}
import { InjectNeed, InjectQueue, NeedService, QueueService } from "@macfja/nestjs-queue"
import { type TokenType } from "./oauth2need.service.ts"
@Injectable()
export class MyService {
constructor(
@InjectNeed('oauth2') private readonly oauth2: NeedService<TokenType>,
@InjectQueue('oldServer') private readonly queue: QueueService,
) {}
async myNeedAction() {
/*
* Get a the token from the NeedChecker.
* The value if refresh if needed.
*/
const token = await this.oauth2.with();
// Use the token
const response = await fetch('https://myServer/', { headers: {
authorization: `Bearer ${token.val}`
}})
return response.json()
}
myNeedAction2() {
// Same as before, but in the Promise.then() form instead of the async/await
return this.oauth2.with()
.then(token => fetch('https://myServer/', { headers: { authorization: `Bearer ${token.token}` } }))
.then(response => response.json())
}
async myQueueAction3() {
/*
* All previous task will first be runned.
* Then this task will be executed, then its result will be available in the `response` variable.
*/
const response = await this.queue.add(() => fetch('http://oldAndSlowServer')) //
return response.json()
}
myQueueAction4() {
// Same as before, but in the Promise.then() form instead of the async/await
return this.queue
.add(() => fetch('http://oldAndSlowServer'))
.then(response => response.json())
}
async myQueueAction5() {
/*
* Wait for the queue to be emptied
*/
await this.queue.wait()
const response = await fetch('http://oldAndSlowServer')
return response.json()
}
}
You can configure the behavoir of the queue by providing a configuration object instead of the queue name:
import { QueueModule } from "@macfja/nestjs-queue"
import { Module } from "@nestjs/common"
@Module({
imports: [
QueueModule.register({
// 4 tasks in parallel.
queues: [{ name: 'oldServer', { concurrency: 4 }]
})
]
})
export class MainModule {}
[!NOTE] The full list of supported options is available on
p-queue
Github
The NeedChecker can be set in the QueueModule
configuration:
import { QueueModule, type NeedCheckerInterface } from "@macfja/nestjs-queue"
import { Module } from "@nestjs/common"
import { freemem } from "node:os"
@Module({
imports: [
QueueModule.register({
needs: [{ name: 'memory', needed: {
isFresh(source: number): Promise<boolean> {
return Promise.resolve(freemem() > 4 * Math.pow(10, 6))
},
fetcher(): Promise<number> {
global.gc()
return Promise.resolve(freemem())
}
} satisfies NeedCheckerInterface<number> }],
})
]
})
export class MainModule {}
The Need checker can anything that can be injected:
import { QueueModule, type NeedCheckerInterface } from "@macfja/nestjs-queue"
import { Module } from "@nestjs/common"
@Module({
imports: [
QueueModule.register({
needs: [
{ name: 'byClass', needed: MyNeedCheckerClass },
{ name: 'byToken', needed: 'my-need-checker-provider-token' },
{ name: 'byInstance', needed: new MyNeedCheckerClass2() },
{ name: 'byShape', needed: {
isFresh(source: number): Promise<boolean> { /* ... */ },
fetcher(): Promise<number> { /*... */ }
} satisfies NeedCheckerInterface<number>
],
})
]
})
export class MainModule {}
The queue features are based on p-queue
, but as Nestjs is not compatible with ESM module1, the p-queue
dependency is injected inside the compiled source of this library.
eventemitter3
is also a direct dependency to reduce the size of the library (eventemitter3
is a dependency of p-queue
but it's compatible with CJS).
This will introduce delay between the P-Queue release and when it will be available in this library
Contributions are welcome. Please open up an issue or create PR if you would like to help out.
Read more in the Contributing file
The MIT License (MIT). Please see License File for more information.
There are several issues about the fact that Nestjs is not comaptible with ESM
[1.0.2] - 2024-10-07
FAQs
A Nestjs module to create queues and actions that need to check freshness of a data.
The npm package @macfja/nestjs-queue receives a total of 4 weekly downloads. As such, @macfja/nestjs-queue popularity was classified as not popular.
We found that @macfja/nestjs-queue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.