Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@sparkdesignsystem/spark-extras
Advanced tools
Spark Extras is a supplementary package that adds additional components that are not part of Spark Core. Many sites will use these components, but they aren't necessary for every Quicken Loans Fintech product.
Generator based control flow goodness for nodejs and the browser, using promises, letting you write non-blocking code in a nice-ish way.
co@4.0.0
has been released, which now relies on promises.
It is a stepping stone towards ES7 async/await.
The primary API change is how co()
is invoked.
Before, co
returned a "thunk", which you then called with a callback and optional arguments.
Now, co()
returns a promise.
co(function* () {
var result = yield Promise.resolve(true);
return result;
}).then(function (value) {
console.log(value);
}, function (err) {
console.error(err.stack);
});
If you want to convert a co
-generator-function into a regular function that returns a promise,
you now use co.wrap(fn*)
.
var fn = co.wrap(function* (val) {
return yield Promise.resolve(val);
});
fn(true).then(function (val) {
});
co@4+
requires a Promise
implementation.
For versions of node < 0.11
and for many older browsers,
you should/must include your own Promise
polyfill.
When using node 0.11.x or greater, you must use the --harmony-generators
flag or just --harmony
to get access to generators.
When using node 0.10.x and lower or browsers without generator support, you must use gnode and/or regenerator.
io.js is supported out of the box, you can use co
without flags or polyfills.
$ npm install co
Any library that returns promises work well with co
.
View the wiki for more libraries.
var co = require('co');
co(function *(){
// yield any promise
var result = yield Promise.resolve(true);
}).catch(onerror);
co(function *(){
// resolve multiple promises in parallel
var a = Promise.resolve(1);
var b = Promise.resolve(2);
var c = Promise.resolve(3);
var res = yield [a, b, c];
console.log(res);
// => [1, 2, 3]
}).catch(onerror);
// errors can be try/catched
co(function *(){
try {
yield Promise.reject(new Error('boom'));
} catch (err) {
console.error(err.message); // "boom"
}
}).catch(onerror);
function onerror(err) {
// log any uncaught errors
// co will not throw any errors you do not handle!!!
// HANDLE ALL YOUR ERRORS!!!
console.error(err.stack);
}
The yieldable
objects currently supported are:
Nested yieldable
objects are supported, meaning you can nest
promises within objects within arrays, and so on!
Thunks are functions that only have a single argument, a callback.
Thunk support only remains for backwards compatibility and may
be removed in future versions of co
.
yield
ing an array will resolve all the yieldables
in parallel.
co(function* () {
var res = yield [
Promise.resolve(1),
Promise.resolve(2),
Promise.resolve(3),
];
console.log(res); // => [1, 2, 3]
}).catch(onerror);
Just like arrays, objects resolve all yieldable
s in parallel.
co(function* () {
var res = yield {
1: Promise.resolve(1),
2: Promise.resolve(2),
};
console.log(res); // => { 1: 1, 2: 2 }
}).catch(onerror);
Any generator or generator function you can pass into co
can be yielded as well. This should generally be avoided
as we should be moving towards spec-compliant Promise
s instead.
Returns a promise that resolves a generator, generator function, or any function that returns a generator.
co(function* () {
return yield Promise.resolve(true);
}).then(function (val) {
console.log(val);
}, function (err) {
console.error(err.stack);
});
Convert a generator into a regular function that returns a Promise
.
var fn = co.wrap(function* (val) {
return yield Promise.resolve(val);
});
fn(true).then(function (val) {
});
MIT
FAQs
Spark Extras is a supplementary package that adds additional components that are not part of Spark Core. Many sites will use these components, but they aren't necessary for every Quicken Loans Fintech product.
The npm package @sparkdesignsystem/spark-extras receives a total of 15 weekly downloads. As such, @sparkdesignsystem/spark-extras popularity was classified as not popular.
We found that @sparkdesignsystem/spark-extras demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.