Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Agent pool that rotates keepalive agents for traffic switching via DNS
Agent pool that rotates keepalive agents and pre-connect the sockets for working with DNS based traffic switching.
It is similar to W3C Resource Hints Preconnect but for Node.js Agents.
When you are running high traffic application servers, You would normally end up using Agents with keepAlive
in Node.js to reuse the connections. The kept alive connections does not incur DNS + TCP + TLS overhead. An Agent also takes care of all low-level socket pooling(adding/removing sockets) capabilities that your application doesn't need to worry about.
If your application is using keepAlive Agents and doing traffic switching between two stacks via weighted DNS records
, you won't see any redirection of the traffic to the new stack because the connection is reused as long as there are requests to be processed. To force clients to switch, we have to disable the load balancer of the old stack or delete it completely.
An Agent pool that maintains the list of agents via Queue and assigns an agent to serve all requests for a specified interval. After the interval, the next agent will be created and assigned to the requests. Once the queue reaches its max agents limit (configurable), The old agents are recycled/destroyed and the new agent will be assigned to serve the traffic.
But once we assign the new agent after the specified interval, the sockets in the old agent will be closed and timed out. All the traffic would end up going via new Agent that needs to create lots of Sockets and perform DNS + TCP + TLS negotiation again. This would result in increased latency, connection and read timeouts.
In order to address the above problem of large number of socket connections being created on every new agent in the pool, we can reuse the meta information from existing sockets from the Agent, before they get destroyed, to preconnect the new Agent to the backend servers (similar to W3C Resource Hints Preconnect in browsers).
The following steps are done before switching the traffic to next available agent
yarn add agent-pool
const AgentPool = require("agent-pool");
const { HttpsAgent } = require("agentkeepalive");
const httpsPool = new AgentPool({
maxAgents: 5,
agentType: HttpsAgent,
destroyTime: 1000 * 60 // 1 min
});
const agent = httpsPool.getAgent(); // returns the active agent
// Use it in your request lib
const https = require("https");
const { URL } = require("url");
https.request(
Object.assign(new URL("https://example.com");, {
agent
})
);
Instantiate the Agentpool
instance with options and agentOptions that are passed to the underlying HTTP/HTTPS Agent.
options
{Object} - Configurable options on the agent pool
agentType
- An Agent class that is responsible for managing connection pooling. (default: agentkeepalive HttpAgent
)maxAgents
- The maximum number of agents that are kept in the pool at a given point of time (default: 3
)destroyTime
- The minimum time required for the new agents to become active and start serving requests (default: 1 minute
)logger
- Custom logger that is compatible with console API to log the agent activity. You can use pino (default: console
)agentOptions
{Object} - Configurable options that are passed to the underlying Agent - Check agentkeepalive
returns the active agent that can be used to serve request
MIT
FAQs
Agent pool that rotates keepalive agents for traffic switching via DNS
The npm package agent-pool receives a total of 2,521 weekly downloads. As such, agent-pool popularity was classified as popular.
We found that agent-pool demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.