
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
Minimalistic, zero dependency, async utilities for ES6, ES2015, node v6. This library assume node v6 or above with ES2015 Promise and generators. It has no dependency.
Promisify a function which follow the standard callback(err, result) pattern.
const promisify = require("async6").promisify;
const glob = require('glob');
const pglob = promisify(glob);
// the call back way
glob("**/*.js", options, function (er, files) {
// files is an array of filenames.
})
// the promise way
pglob("**/*.js").then(files => console.log(files));
bind()
as there are some performance issues.Run a generator function or generator function "instance" (after first call) that supports direct value, promise in yields, and return a ES2015 Promise which result with the return of the generator function.
const run = require("async6").run;
function* mygen(val){
val = val || 0;
var a = yield 12;
var b = yield getB();
var c = yield getPromiseForC(); // can be any promise that have a then function.
return a + b + c;
}
// assuming getB() return 8, and getPromiseForC() will resolve to 10.
run(mygen).then(v => console.log(v)); // 30
run(mygen(10)).then(v => console.log(v)); // 40
const async6 = require("async6").promisify;
const promisify = async6.promisify;
const run = async6.run;
const glob = promisify(require('glob'));
// using generators, promise, and async6.run (see below)
function* listWebFiles(root){
root = root || ""
var jsFiles = yield pglob(root + "**/*.js");
var cssFiles = yield pglob(root + "**/*.css");
return {jsFiles, cssFiles};
}
run(listWebFiles).then(r => console.log(`jsFiles:\n${r.jsFiles} \ncssFiles:\n${r.cssFiles}`));
// or
run(listWebFiles("./dist/")).then(r => console.log(`jsFiles:\n${r.jsFiles} \ncssFiles:\n${r.cssFiles}`));
FAQs
Minimalistic, zero dependency, async utilities for ES6, ES2015, node v6. (deprecated, use node.js native async/await)
The npm package async6 receives a total of 4 weekly downloads. As such, async6 popularity was classified as not popular.
We found that async6 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.