Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
ahks 
a[ll]h[oo]ks
All-in-one high-quality and reliable React Hooks:
- use-callback-ref
- use-composed-ref
- use-debounce
- use-deep-compare-effect
- use-is-mounted-ref
- use-isomorphic-layout-effect
- use-latest
- use-memo-one
and own unopinionated at their best implementations:
Lifecycle:
-
useMount — useEffect with constant dependencies list.
-
useLayoutMount — useLayoutEffect with constant dependencies list.
-
useUnmount — useMount but only with destructor.
-
useLayoutUnmount — useLayoutMount but only with destructor.
-
useRenderEffect — almost same to useEffect, but not deferred (like useAction).
Handlers:
-
useHandler — more effective alternative to useCallback with constant dependencies list.
-
useStableHandler — React RFC (like useEventCallback).
-
useScrollHandler — use scroll position.
Events:
-
useChangeCommit — commit native change event to
<input />(usually needed for UI libraries). -
useValueCommit — useChangeCommit but with custom value.
-
useCheckCommit — useChangeCommit but with custom checked state.
-
usePassiveEvent — add passive event listener (feature not provided by react).
Memo:
- useCreation — useMemo with constant dependencies list.
Promise:
- usePromise — handle promise (like usePromise).
Loaders:
-
useLoadImage — usePromise with image loader.
-
useLoadBlob — usePromise with blob loader.
Refs:
-
useFirstRenderRef — ref object which determines first render (like useIsFirstRender).
-
useStableRef — store latest value in ref object.
Renders:
- useRender — cast
ReactNodetoReactElementwithoutFragmenthack.
State:
-
useUpdate — forceUpdate for functional components.
-
useUpdateState — useUpdate with generation.
-
useTrackState — state with dependency-tracking (idea from useSWR).
Installation
We recommend to use yarn for dependency management:
yarn add ahks
Contributing
Development of ahks happens in the open on GitHub, and we are grateful to the community for contributing bugfixes and improvements.
License
ahks is MIT licensed.
FAQs
Utility hooks, functions and constants
We found that ahks demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Nov 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025