Security News
npm Introduces minimumReleaseAge and Bulk OIDC Configuration
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.
By Sarah Gooding - Feb 26, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
@record/zone
Advanced tools
zone
Installation
Install this package using NPM:
npm install @record/zone
Examples
For a primer on zones, review the Dart overview. For more on promises, check out this Google Developers introduction.
General concept
const exec = require('@record/zone').exec;
const fs = require('fs');
var fileContent = null;
// An application that does multiple unknown asynchronous operations
function application() {
function readFile () {
// Read file asynchronously
fs.readFile('data.txt', function callback (data) {
fileContent = data;
});
}
// Wait for 1 second and then start a request
setTimeout(readFile, 1000);
}
exec(application).then(
function () {
console.log('This file content has been read: ' + fileContent);
}
).catch(
function (error) {
console.log('Either setTimeout or fs.readFile threw an uncatched error');
}
);
Run untrusted code asynchronously
const vm = require('vm');
var sandbox = {
setTimeout,
setInterval,
setImmediate,
print: console.log
};
// Use exec with vm to run a program in an isolated environment
exec(
function () {
vm.runInNewContext(applicationCode, sandbox);
}
).then(
function () { console.log('Terminated successfully'); }
).catch(
function (error) { console.log('An error occurred'); }
);
Terminate a zone from outside
var zone = exec(application);
// Cancel all pending events after 1 minute
setTimeout(function () {
zone.cancel();
}, 60000);
// If node is stalling due to pending tasks in the operating zone,
// zone.cancel() will unstall it.
Execute zones parallely
Promise.all(
exec(app1),
exec(app2),
exec(app3)
).then(
function() { console.log('All tasks have concluded successfully'); }
).catch(
function() { console.log('An error occurred'); }
);
Non-blocking mode
// Run a huge number of untrusted applications in non-blocking mode
for (var i = 0; i < applications.length; i++) {
exec(applications[i], { blocking: false });
}
function application () {
try {
var xhr = new XMLHttpRequest();
xhr.open("GET", "data.txt", false);
} catch (error) {
console.log(error); // Error: No permission to execute the synchronous system operation XMLHttpRequest.prototype.open()
}
try {
var xhr = fs.readfileSync('data.txt');
} catch (error) {
console.log(error); // Error: No permission to execute the synchronous system operation fs.readFileSync()
}
}
exec(application, { blocking: false });
License
MIT © 2016 (see full text)
FAQs
Simplistic, promise-based zones
The npm package @record/zone receives a total of 3 weekly downloads. As such, @record/zone popularity was classified as not popular.
We found that @record/zone demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 May 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Risky Biz Podcast: Open Source Risk Is Compounding as AI Agents Write 90% of New Code
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.
By Sarah Gooding - Feb 24, 2026
Research
/Security News
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
Socket uncovered four malicious NuGet packages targeting ASP.NET apps, using a typosquatted dropper and localhost proxy to steal Identity data and backdoor apps.
By Kush Pandya - Feb 23, 2026