Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@wjsc/hold-on
Advanced tools
This package can be used in this scenario
It stores in memory the result of your function for immediate access, and clears that memory after a specified time. It returns a function that can be used instead your original one.
const hold = require('@wjsc/hold-on');
const myOptimizedFunction = hold(<Your Function>, <Time in miliseconds>);
myOptimizedFunction();
const hold = require('@wjsc/hold-on');
// Define your costly function: Let's supose it's so heavy!
const myFunction = () => new Date();
// Make a new version of your function with 500 ms cache
const myOptimizedFunction = hold(myFunction, 500);
// This code will execute new Date() only once
for(let i = 0; i<50; i++){
// And it prints always the same date
console.log(myOptimizedFunction());
}
const hold = require('@wjsc/hold-on');
const fetch = require('node-fetch); // Or any HTTP client
const myFunction = () => fetch('https://httpstat.us/200');
const myOptimizedFunction = hold(myFunction, 5000);
// This code will execute the HTTP GET only once
for(let i = 0; i<50; i++){
console.log(myOptimizedFunction());
}
// After 500 ms the request will be executed again
const hold = require('@wjsc/hold-on');
const aws = require('aws-sdk');
const s3 = new aws.S3();
const myFunction = s3.getObject({ Bucket: 'abc', Key: 'abc.txt' });
const myOptimizedFunction = hold(myFunction, 20000);
Every line of code is tested https://github.com/wjsc/hold-on/blob/master/test/index.test.js
Less than 20 lines of code and no dependencies
This function uses setTimeout to clear the internal cache. In some cases, you may need to clear this timer. This can be usefull if you are running a script that doesn't end at desired time, or if you want to terminate a background timer.
const myFunction = () => {};
const myOptimizedFunction = hold(myFunction, 100000000);
clearInterval(myOptimizedFunction.interval);
Just use the original function, or create a new function version.
Package name reference: https://www.youtube.com/watch?v=WPnOEiehONQ
FAQs
Returns a function execution result or a cached version of it
The npm package @wjsc/hold-on receives a total of 7 weekly downloads. As such, @wjsc/hold-on popularity was classified as not popular.
We found that @wjsc/hold-on demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.