Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Minor package with async helper functions.
I'm releasing this package for my own convenience since sometimes I have to work with code without promises/streams/events... and this is much smaller than any other library.
Feel free to use, but...
allo.series([
// First call this function
function (next) {
// the function receives a `next` function as argument
// call the `next` function to iterate to the next function
next('a')
},
// Then call this function
function (letter, next) {
next(2)
},
function (letter, number, next) {
// all previous functions called the `next` function meanining
// they have completed their tasks.
next()
}
]);
// call all the given functions at the same time
allo.parallel([
function (done) {
done('a');
},
function (done) {
done(2);
},
{
fn: function (done) {
done(['hello', 'world']);
},
// Call this function when the `fn:` function says it's done
// the `cancel` argument is a function that will cancel the call to
// all future callbacks
cb: function (cancel, arr) {
// do something with `arr
}
},
function (done) {
done({foo:'bar'})
}
], function (letter, number, array, object) {
})
Don't forget to check the License
FAQs
Async functions to deal with race conditions
We found that allo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.