Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@timberio/tools
Advanced tools
New to Timber? Here's a low-down on logging in Javascript.
@timberio/tools
This library provides helper tools used by the Javascript logger.
Queue<T>
Generic FIFO queue. Used by makeThrottle
to store pipeline functions to be executed as concurrent 'slots' become available. Provides fast retrieval for any primitive or object that needs ordered, first-in, first-out retrieval.
Used to store .log()
Promises that are being batched/throttled.
Usage example
import { Queue } from "@timberio/tools";
// Interface representing a person
interface IPerson {
name: string;
age: number;
}
// Create a queue to store `IPerson` objects
const q = new Queue<IPerson>();
// Add a couple of records...
q.push({ name: "Jeff", age: 50 });
q.push({ name: "Sally", age: 39 });
// Pull values from the queue...
while (q.length) {
console.log(q.shift().name); // <-- first Jeff, then Sally...
}
makeThrottle<T>(max: number)
Returns a throttle
higher-order function, which wraps an async
function, and limits the number of active Promises to max: number
The throttle
function has this signature:
throttle(fn: T): (...args: InferArgs<T>[]) => Promise<InferArgs<T>>
Usage example
import Timber from "@timberio/logger";
import { makeThrottle } from "@timberio/tools";
// Create a new Timber instance
const timber = new Timber("apiKey");
// Guarantee a pipeline will run a max of 2x at once
const throttle = makeThrottle(2);
// Create a basic pipeline function which resolves after 2 seconds
const pipeline = async log =>
new Promise(resolve => {
setTimeout(() => resolve(log), 2000);
});
// Add a pipeline which has been throttled
timber.addPipeline(throttle(pipeline));
// Add 10 logs, and store the Promises
const promises = [];
for (let i = 0; i < 10; i++) {
promises.push(timber.log({ message: `Hello ${i}` }));
}
void (async () => {
void (await promises); // <-- will take 10 seconds total!
})();
makeBatch(size: number, flushTimeout: number)
Creates a higher-order batch function aggregates Timber logs and resolves when either size
# of logs have been collected, or when flushTimeout
(in ms) has elapsed -- whichever occurs first.
This is used alongside the throttler to provide an array of ITimberLog
to the function set in the .setSync()
method, to be synced with Timber.io
Used internally by the @timberio/core Base class
to implicitly batch logs:
// Create a throttler, for sync operations
const throttle = makeThrottle(this._options.syncMax);
// Sync after throttling
const throttler = throttle((logs: any) => {
return this._sync!(logs);
});
// Create a batcher, for aggregating logs by buffer size/interval
const batcher = makeBatch(this._options.batchSize, this._options.batchInterval);
this._batch = batcher((logs: any) => {
return throttler(logs);
});
base64Encode(str: string): string
Node.js only
Converts a plain-text string to a Base64 encoded string. Similar to window.btoa() in the browser.
Used by the logger to convert an API key to Timber's user:password
basic auth.
Usage example:
import { atob } from "@timberio/tools";
console.log(atob("hello world")); // <-- returns "aGVsbG8gd29ybGQ="
FAQs
Javascript logging tools
The npm package @timberio/tools receives a total of 780 weekly downloads. As such, @timberio/tools popularity was classified as not popular.
We found that @timberio/tools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.