
Security News
Python Adopts Standard Lock File Format for Reproducible Installs
Python has adopted a standardized lock file format to improve reproducibility, security, and tool interoperability across the packaging ecosystem.
Like async/await, but asink/yield. A placeholder until async/await are standardized and included in node.js and web browsers. "asink" is exactly the same thing as "spawn", but with a slightly better name.
Without asink, you might write an asynchronous function like this:
function myfunc () {
return thingThatReturnsAPromise().then(() => {
// do something else
return aPromise1
}).then(() => {
// do yet another thing
return aPromise2
})
}
But with asink, you can write this code like this:
function myfunc () {
return asink(function * () {
yield thingThatReturnsAPromise()
// do something else
yield aPromise1
// do yet another thing
return aPromise2
})
}
Code written with asink looks nicer and is easier to write and understand than without it. It is especially nice when there is a lot of logic with promises, or when there are errors that go inside try/catch blocks. It is almost the same as the async/await pattern of the upcoming version of javascript, ES7, but works today in node.js and (most modern) web browsers.
The same code written in the as-yet-unworking-and-unstandardized-es7 is:
async function myfunc () {
await thingThatReturnsAPromise()
// do something else
await aPromise1
// do yet another thing
return aPromise2
}
asink lets you have most of the readability and writability gains in a form that works today without waiting for ES7. It is also maximally forwards-compatible in the sense that when async/await is actually available, a straightforward conversion of each asink function to the async/await pattern is possible by making each function async, removing the "return asink" line and corresponding closing brace and parenthesis, and making each yield an await.
FAQs
Like async/await, but asink/yield.
We found that asink demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Python has adopted a standardized lock file format to improve reproducibility, security, and tool interoperability across the packaging ecosystem.
Security News
OpenGrep has restored fingerprint and metavariable support in JSON and SARIF outputs, making static analysis more effective for CI/CD security automation.
Security News
Security experts warn that recent classification changes obscure the true scope of the NVD backlog as CVE volume hits all-time highs.