Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
async-module
Advanced tools
Readme
This module allows to use await
statements without being into an async function.
However, the execution of the await statements in the modules will be asynchronous.
// main.js
'use strict';
const Assert = require('assert');
require('async-module');
const mod = require('./module');
Assert(Object.keys(mod).length === 0);
console.log('Object.keys(mod).length === 0');
setTimeout(() => {
Assert(Object.keys(mod).length === 1);
console.log('Assert(Object.keys(mod).length === 1)');
Assert(mod.message === 'hello world');
console.log('Assert(mod.message === \'hello world\')');
});
// module.js
'use strict';
// this module contains an `await` statement outside of an async function.
const res = await Promise.resolve('hello world');
module.exports.message = res;
This module is a prank PoC. It is not to be used in production, nor by anyone really.
It aims at showing that it is not because a hack is possible in the node core that it should be used.
FYI, the source code of the module has only 12 LOC:
'use strict';
const Module = require('module');
const wrapper = [
'(async function (exports, require, module, __filename, __dirname) { ',
'\n});'
];
Module.wrap = function (script) {
return wrapper[0] + script + wrapper[1];
};
Please, never mess with the internals of Node.js like that unless you have a very good reason.
FAQs
Allow use of await directly in node modules
The npm package async-module receives a total of 2 weekly downloads. As such, async-module popularity was classified as not popular.
We found that async-module demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.