
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
@optimizely/sdk-plugin-pending-events
Advanced tools
Event Dispatcher plugin that provides a persistent pending event queue
An unsupported, experimental⚠️ EventDispatcher
for Optimizely Full Stack (javascript-sdk
, Web browser environment) that keeps a queue of pending (not completed) events persisted to localStorage
, and retries pending events on initialization.
Tracking click in browsers is difficult because browsers often redirect users before tracking requests complete. This example suggests one of many possible solutions to the above problem. Feel free to try it out, modify according the the LICENSE, and suggest changes here. And if you have another method for tackling this problem, we'd love to hear from you! Drop us a line at developers@optimizely.com.
npm install @optimizely/sdk-plugin-pending-events --save
See example
for an example of how this is used:
$ cd example
$ npm install
$ npm start
Load the URL provided by webpack-serve
in a browser of your choice.
Construct an EventDispatcher compatible with @optimizely/optimizely-sdk
Parameters
localStorageKey
String Key under which to persist/load pending events in window.localStorage
sendJSON
SendJSON Function to call to send payloadlogger
Function?Returns EventDispatcher An object with a dispatchEvent method, suitable for use as an EventDispatcher
Function to call to send JSON
Type: Function
Parameters
url
String URL to send tooptions
Object
callback
SendJSONCallback Function to call, with no arguments, if successful, and with Error object, if errorExamples
// Example sendJSON built using fetch
const sendJSON = (url, options, callback) => {
const {method, body} = options;
return fetch(url, {
method,
body,
headers: {
'content-type': 'application/json',
}
})
.then((resp) => {
if (resp.status < 400) {
callback();
} else {
callback(new Error(`Bad response code: ${resp.status}`));
}
}, callback);
}
Type: Function
Parameters
error
Error? Error, if anyFAQs
Event Dispatcher plugin that provides a persistent pending event queue
The npm package @optimizely/sdk-plugin-pending-events receives a total of 2 weekly downloads. As such, @optimizely/sdk-plugin-pending-events popularity was classified as not popular.
We found that @optimizely/sdk-plugin-pending-events demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.