Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@risingstack/async-listener
Advanced tools
Polyfill exporting trevnorris's 0.11+ asyncListener API.
This is an implementation of Trevor Norris's process.{addAsyncListener,removeAsyncListener} API for adding behavior to async calls. You can see his implementation (currently a work in progress) on Node.js core pull request #6011. This polyfill / shim is intended for use in versions of Node prior to whatever version of Node in which Trevor's changes finally land (anticipated at the time of this writing as 0.11.7).
Here's his documentation of the intended API, which will probably get cleaned up here later:
callbacks
{Object}initialStorage
{Value}Returns a constructed AsyncListener
object. Which can then be passed to
process.addAsyncListener()
and process.removeAsyncListener()
. Each
function parameter is as follows:
callbacks
: An Object
which may contain four optional fields:
create
: A function (storage)
that is called when an asynchronous event
is queued. Recives the storage
attached to the listner. storage
can be
created by passing an initialStorage
argument during costruction, or by
returning a Value
from create
which will be attached to the listner
and overwrite the initialStorage
.before
: A function (context, storage)
that is called immediately
before the asynchronous callback is about to run. It will be passed both
the context
(i.e. this
) of the calling function and the storage
.after
: A function (context, storage)
called immediately after the
asynchronous event's callback is run. Note that if the event's callback
throws during execution this will not be called.error
: A function (storage, error)
called if the event's callback
threw. If error
returns true
then Node will assume the error has been
properly handled and resume execution normally.initialStorage
: A Value
(i.e. anything) that will be, by default,
attached to all new event instances. This will be overwritten if a Value
is returned by create()
.Returns a constructed AsyncListener
object and immediately adds it to the
listening queue.
Removes the asyncListener
from the listening queue.
FAQs
Polyfill exporting trevnorris's 0.11+ asyncListener API.
The npm package @risingstack/async-listener receives a total of 1 weekly downloads. As such, @risingstack/async-listener popularity was classified as not popular.
We found that @risingstack/async-listener demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.