
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@wordpress/priority-queue
Advanced tools
This module allows you to run a queue of callback while on the browser's idle time making sure the higher-priority work is performed first.
Install the module
npm install @wordpress/priority-queue --save
This package assumes that your code will run in an ES2015+ environment. If you're using an environment that has limited or no support for such language features and APIs, you should include the polyfill shipped in @wordpress/babel-preset-default in your code.
Creates a context-aware queue that only executes the last task of a given context.
Usage
import { createQueue } from '@wordpress/priority-queue';
const queue = createQueue();
// Context objects.
const ctx1 = {};
const ctx2 = {};
// For a given context in the queue, only the last callback is executed.
queue.add( ctx1, () => console.log( 'This will be printed first' ) );
queue.add( ctx2, () => console.log( "This won't be printed" ) );
queue.add( ctx2, () => console.log( 'This will be printed second' ) );
Returns
WPPriorityQueue: Queue object with add, flush and reset methods.This is an individual package that's part of the Gutenberg project. The project is organized as a monorepo. It's made up of multiple self-contained software packages, each with a specific purpose. The packages in this monorepo are published to npm and used by WordPress as well as other software projects.
To find out more about contributing to this package or Gutenberg as a whole, please read the project's main contributor guide.

FAQs
Generic browser priority queue.
The npm package @wordpress/priority-queue receives a total of 205,054 weekly downloads. As such, @wordpress/priority-queue popularity was classified as popular.
We found that @wordpress/priority-queue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 23 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.