
Security Fundamentals
Turtles, Clams, and Cyber Threat Actors: Shell Usage
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
async-local-storage
Advanced tools
Get the value like thread-local storage in threaded programming
I want something like thread-local
storage in threaded programming and async_hooks
is usable in node.js 8.0
, so there is an easy way to use thread-local
.
const als = require('async-local-storage');
als.enable();
setTimeout(() => {
als.scope();
const id = randomBytes(8);
als.set('id', id);
delay().then(() => {
assert.equal(als.get('id'), id);
return readfilePromise(__filename);
}).then(() => {
assert.equal(als.get('id'), id);
return superagent.get('http://www.baidu.com/');
}).then(() => {
assert.equal(als.get('id'), id);
});
}, 100);
enable the async hooks
const als = require('async-local-storage');
als.enable();
disable the async hooks
const als = require('async-local-storage');
als.enable();
setTimeout(() => {
als.disable();
}, 100);
get the size of storage
const als = require('async-local-storage');
als.enable();
setTimeout(() => {
console.info(als.size());
}, 100);
change the scope of call chain, it will be the call chain top (remove the parent of itself)
const als = require('async-local-storage');
const Koa = require('koa');
const assert = require('assert');
const app = new Koa();
app.use(async (ctx, next) => {
const id = ctx.get('X-Request-Id');
als.scope();
als.set('id', id);
await next();
});
app.use(async (ctx, next) => {
const id = ctx.get('X-Request-Id');
assert.equal(als.get('id'), id);
await next();
});
app.use((ctx) => {
ctx.body = 'OK';
});
set the value by key for the current id
key
the keyvalue
the valuelinkedTop
set the value linked to topals.enable()
setTimeout(() => {
als.scope();
const id = randomBytes();
setTimeout(() => {
als.set('id', id, true);
}, 1);
setTimeout(() => {
assert.equal(als.get('id'), id);
}, 10);
}, 10);
get the value by key, if will find from parent, self --> parent --> parent, until the value is not undefined
key
the keyals.enable();
setTimeout(() => {
als.scope();
const id = randomBytes();
setTimeout(() => {
als.set('id', id, true);
}, 1);
setTimeout(() => {
assert.equal(als.get('id'), id);
}, 10);
}, 10);
enable linked top for default (default is disabled)
als.enable();
als.enableLinkedTop();
setTimeout(() => {
als.scope();
setTimeout(() => {
// the same as als.set('id', 'a', true)
als.set('id', 'a');
}, 10);
}, 10);
disable linked top for default
als.enable();
als.enableLinkedTop();
setTimeout(() => {
als.disableLinkedTop();
als.scope();
setTimeout(() => {
// the same as als.set('id', 'a', false)
als.set('id', 'a');
}, 10);
}, 10);
get the current id
const assert = require('assert');
als.enable();
setTimeout(() => {
console.info(als.currentId());
}, 10);
get the use time of id
id
The tigger id, default is als.currentId()
als.enable()
setTimeout(() => {
const id = als.currentId();
console.info(als.use(id));
}, 10);
enable create time of data, default is enabled.
als.enableCreateTime();
disable create time of data, it can save memory.
als.disableCreateTime();
FAQs
Get the value like thread-local storage in threaded programming
The npm package async-local-storage receives a total of 4,537 weekly downloads. As such, async-local-storage popularity was classified as popular.
We found that async-local-storage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.