Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
This module allows you to create an asynchronous execution context for JavaScript or TypeScript
NOTE: This module is based on async_hooks an experimental built-in node.js module introduced in v8.0.0
NOTE: Your contribution is highly welcome!
To give you an idea of how asyncctx is supposed to be used:
import { ContinuationLocalStorage } from 'asyncctx';
class MyLocalStorage {
value: number;
}
let cls = new ContinuationLocalStorage<MyLocalStorage>();
cls.setRootContext({ value: 1});
process.nextTick(() => {
let curr1 = cls.getContext(); // value is 1
cls.setContext({ value: 2}); // value should be 2 in the current execution context and below
process.nextTick(() => {
let curr2 = cls.getContext(); // value is 2
cls.setContext({ value: 3}); // value should be 3 in the current execution context and below
process.nextTick(() => {
let curr3 = cls.getContext(); // value is 3
});
});
process.nextTick(() => {
let curr4 = cls.getContext(); // value is 2
});
});
node-async-context (asyncctx) is licensed under the MIT License: LICENSE
Release | Notes |
---|---|
2.0.3 | maintenance release |
2.0.2 | fixed loosing context; thanks to Pasi Tuominen |
2.0.1 | maintenance release |
2.0.0 | targeting es2015; dropped support for nodejs < v8 |
please use asyncctx@<2.0 for nodejs v4 - v11 support | |
1.1.0 | fixed support for nodes < v8 |
1.0.5-10 | maintenance release |
1.0.4 | node 10 |
1.0.3 | node 9 |
1.0.2 | maintenance release |
1.0.1 | added support for older nodejs versions (4,6,7) using internal copy of async-hook@1.7.1 |
1.0.0 | is now based on 'async_hooks' (a built-in nodejs v8.0 module) |
0.0.6 | maintenance releases |
0.0.5 | async-hook 1.7.1 |
0.0.1-4 | initial version |
FAQs
an asynchronous execution context for TypeScript/JavaScript
The npm package asyncctx receives a total of 737 weekly downloads. As such, asyncctx popularity was classified as not popular.
We found that asyncctx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.