Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
arrivals
models arrival events in a system, e.g.:
This library was originally developed for use in Artillery, a modern load testing toolkit.
npm install arrivals
Two models of arrival processes are available: Poisson and Uniform (arrivals at a specified constant rate).
//
// Poisson process example
//
var arrivals = require('arrivals');
// Create a Poisson process with the mean inter-arrival time of 500 ms that
// will run for 20 seconds:
var p = arrivals.poisson.process(500, 20 * 1000);
p.on('arrival', function onArrival() {
console.log('New arrival, %s', new Date());
});
p.once('finished', function() {
console.log('We are done.');
});
p.start();
If the last argument (total duration of the process) is omitted, the process
will run until stopped with p.stop()
.
//
// Uniform arrivals example:
//
var arrivals = require('arrivals');
// Create an arrivals process that will trigger the callback every 500ms for
// 20 seconds (for a total of 20000 / 200 = 40 arrivals)
var p = arrivals.uniform.process(500, 20 * 1000);
p.on('arrival', function onArrival() {
console.log('New arrival, %s', new Date());
}
p.once('finished', function() {
console.log('We are done.');
});
p.start();
The last argument (total duration) is optional as in the previous example.
This software is distributed under the terms of the ISC license.
Copyright (c) 2015-2017, Hassy Veldstra <h@artillery.io>
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
FAQs
Modeling arrival processes of events in a system.
We found that arrivals demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.