Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@timberio/tools
Advanced tools
This library provides helper tools used by the Javascript logger.
Queue<T>
Generic FIFO queue. Used by makeThrottle
to store pipeline functions to be executed as concurrent 'slots' become available. Provides fast retrieval for any primitive or object that needs ordered, first-in, first-out retrieval.
Usage example
import { Queue } from "@timberio/tools";
// Interface representing a person
interface IPerson {
name: string;
age: number;
}
// Create a queue to store `IPerson` objects
const q = new Queue<IPerson>();
// Add a couple of records...
q.push({ name: "Jeff", age: 50 });
q.push({ name: "Sally", age: 39 });
// Pull values from the queue...
while (q.length) {
console.log(q.shift().name); // <-- first Jeff, then Sally...
}
makeThrottle<T>(max: number)
Returns a throttle
higher-order function, which wraps an async
function, and limits the number of active Promises to max: number
The throttle
function has this signature:
throttle(fn: T): (...args: InferArgs<T>[]) => Promise<InferArgs<T>>
Usage example
import Timber from "@timberio/logger";
import { makeThrottle } from "@timberio/tools";
// Create a new Timber instance
const timber = new Timber("apiKey");
// Guarantee a pipeline will run a max of 2x at once
const throttle = makeThrottle(2);
// Create a basic pipeline function which resolves after 2 seconds
const pipeline = async log =>
new Promise(resolve => {
setTimeout(() => resolve(log), 2000);
});
// Add a pipeline which has been throttled
timber.addPipeline(throttle(pipeline));
// Add 10 logs, and store the Promises
const promises = [];
for (let i = 0; i < 10; i++) {
promises.push(timber.log({ message: `Hello ${i}` }));
}
void (async () => {
void (await promises); // <-- will take 10 seconds total!
})();
Node.js only
Converts ASCII text to a Base64 encoded string. Equivalent to window.atob() in the browser.
Used by the logger to convert an API key to Timber's user:password
basic auth.
Usage example:
import { atob } from "@timberio/tools";
console.log(atob("hello world")); // <-- returns "aGVsbG8gd29ybGQ="
Node.js only
Converts Base64 encoded string to an ASCII string. Equivalent to window.btoa()
Usage example:
import { btoa } from "@timberio/tools";
console.log(btoa("aGVsbG8gd29ybGQ=")); // <-- returns "hello world"
FAQs
Javascript logging tools
The npm package @timberio/tools receives a total of 537 weekly downloads. As such, @timberio/tools popularity was classified as not popular.
We found that @timberio/tools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.