Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
For when there's nothing better to do than panic.
function abend (error) {
if (error) {
throw error
setImmediate(function () { throw error })
}
}
Abend's promise: I will unwind your stack and crash your program if it's the last thing I do. It defeats any and all naive attempts to catch exceptions.
Abend is part of the Cadence Universe.
I use Abend to terminate the asynchronous stacks I create with Cadence. Cadence has robust asynchronous try/catch error handling.
Every program that is built around error-first callbacks has that one final callback that can't do anything with the error. If that error is thrown it should not be caught.
If you are using Cadence, it won't be caught, because Cadence uses a trampoline to invoke its user-specified program logic. It bounces user functions on the trampoline, then it calls it's callback directly. There is no try/catch block enveloping the callback.
If you use Callback, and you through an exception, it will do the right thing.
However, we're all trying to figure out this single threaded callback oriented environment, so when using other libraries you're often using an ad-hoc asynchronous error handling strategy for each. There are times when your panicked exception is caught by these libraries and re-routed to someone's notion of an error handler. Basically, as you add NPM modules to your project, the likelihood of your adding a poorly implemented and undocumented implementation of 'uncaughtException` approaches zero.
When using Cadence and its libraries, the handling of exceptions follow strict rules. They are caught within Cadence steps, but never caught after a Cadence function calls the callback it was given. Cadence is robust in handling exceptins, but never handles exceptions that where not meant for it.
That's why this library exists. I use it in every significant project. It is the end of the line for all my Node.js programs.
Ed: Added copy that is not as good as the copy that is already here.
FAQs
Throw an error if there is an error.
We found that abend demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.