Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The avvio npm package is designed to handle the asynchronous bootstrapping of applications, particularly those built with Node.js. It allows developers to define a series of asynchronous (or synchronous) tasks that need to be executed in a specific order during the startup phase of an application. This can include initializing databases, setting up dependencies, or any other setup tasks that need to be completed before the application starts serving requests. Avvio ensures that each task is completed before moving on to the next, and it provides a clean API for managing this process.
Plugin System
Avvio allows you to structure your application initialization in a modular way using plugins. Each plugin can be an asynchronous function that performs some initialization tasks. The `use` method is used to register these plugins, and Avvio ensures they are executed in the order they are registered.
const avvio = require('avvio')(app);
avvio.use(function (instance, opts, done) {
// async initialization task
done();
});
Async/Await Support
Avvio supports modern JavaScript async/await syntax out of the box. This allows for cleaner and more readable asynchronous code within your initialization tasks.
const avvio = require('avvio')(app);
avvio.use(async function (instance, opts) {
// async task using await
});
Encapsulation and Context
Avvio provides a mechanism for encapsulation and context sharing across plugins. Using the `decorate` method, you can add properties or methods to the application instance that can be accessed by subsequent plugins, facilitating a shared context.
const avvio = require('avvio')(app);
avvio.use(function (instance, opts, done) {
instance.decorate('utility', () => {});
done();
});
Fastify is a web framework for Node.js that includes a powerful plugin architecture, somewhat similar to Avvio. While Fastify is more focused on building web applications and APIs, it uses an underlying plugin system inspired by Avvio for managing the application lifecycle.
Pino is a very fast JSON logger for Node.js, and while it doesn't offer plugin-based application bootstrapping like Avvio, it can be integrated into applications using Avvio for structured and efficient logging throughout the application lifecycle.
Seneca is a microservices toolkit for Node.js that allows you to write microservices easily and quickly. It offers a plugin system that can be seen as similar to Avvio's, focusing on the modular construction of applications, though it is more oriented towards microservice architecture.
Asynchronous bootstrapping is hard, different things can go wrong, error handling and load order just to name a few. The aim of this module is to make it simple.
avvio
is fully reentrant and graph-based. You can load
components/plugins within plugins, and be still sure that things will
happen in the right order. At the end of the loading, your application will start.
To install avvio
, simply use npm:
npm i avvio
The example below can be found here and run using node example.js
.
It demonstrates how to use avvio
to load functions / plugins in order.
'use strict'
const app = require('avvio')()
app
.use(first, { hello: 'world' })
.after((err, cb) => {
console.log('after first and second')
cb()
})
app.use(third)
app.ready(function (err) {
// the error must be handled somehow
if (err) {
throw err
}
console.log('application booted!')
})
function first (instance, opts, cb) {
console.log('first loaded', opts)
instance.use(second)
cb()
}
function second (instance, opts, cb) {
console.log('second loaded')
process.nextTick(cb)
}
// async/await or Promise support
async function third (instance, opts) {
console.log('third loaded')
}
avvio()
instance.use()
instance.after()
await instance.after()
instance.ready()
instance.start()
instance.override()
instance.onClose()
instance.close()
avvio.toJSON()
avvio.prettyPrint()
Starts the avvio sequence.
As the name suggests, instance
is the object representing your application.
Avvio will add the functions use
, after
and ready
to the instance.
const server = {}
require('avvio')(server)
server.use(function first (s, opts, cb) {
// s is the same of server
s.use(function second (s, opts, cb) {
cb()
})
cb()
}).after(function (err, cb) {
// after first and second are finished
cb()
})
Options:
expose
: a key/value property to change how use
, after
and ready
are exposed.autostart
: do not start loading plugins automatically, but wait for
a call to .start()
or .ready()
.timeout
: the number of millis to wait for a plugin to load after which
it will error with code ERR_AVVIO_PLUGIN_TIMEOUT
. Default
0
(disabled).Events:
'start'
when the application starts'preReady'
fired before the ready queue is runThe avvio
function can also be used as a
constructor to inherit from.
function Server () {}
const app = require('avvio')(new Server())
app.use(function (s, opts, done) {
// your code
done()
})
app.on('start', () => {
// you app can start
})
Loads one or more functions asynchronously.
The function must have the signature: instance, options, done
Plugin example:
function plugin (server, opts, done) {
done()
}
app.use(plugin)
done
should be called only once, when your plugin is ready to go. Additional calls to done
are ignored.
If your plugin is ready to go immediately after the function is evaluated, you can omit done
from the signature.
If the function returns a Promise
(i.e. async
), the above function signature is not required.
use
returns a thenable wrapped instance on which use
is called, to support a chainable API that can also be awaited.
This way, async/await is also supported and use
can be awaited instead of using after
.
Example using after
:
async function main () {
console.log('begin')
app.use(async function (server, opts) {
await sleep(10)
console.log('this first')
})
app.after(async (err) => {
if (err) throw err
console.log('then this')
})
await app.ready()
console.log('ready')
}
main().catch((err) => console.error(err))
Example using await after
:
async function main () {
console.log('begin')
app.use(async function (server, opts) {
await sleep(10)
console.log('this first')
})
await app.after()
console.log('then this')
await app.ready()
console.log('ready')
}
main().catch((err) => console.error(err))
Example using await use
:
async function main () {
console.log('begin')
await app.use(async function (server, opts) {
await sleep(10)
console.log('this first')
})
console.log('then this')
await app.ready()
console.log('ready')
}
main().catch((err) => console.error(err))
A function that returns the options argument instead of an object is supported as well:
function first (server, opts, done) {
server.foo = 'bar'
done()
}
function second (server, opts, done) {
console.log(opts.foo === 'bar') // Evaluates to true
done()
}
/**
* If the options argument is a function, it has access to the parent
* instance via the first positional variable
*/
const func = parent => {
return {
foo: parent.foo
}
}
app.use(first)
app.use(second, func)
This is useful in cases where an injected variable from a plugin needs to be made available to another.
It is also possible to use esm with import('./file.mjs')
:
import boot from 'avvio'
const app = boot()
app.use(import('./fixtures/esm.mjs'))
In order to handle errors in the loading plugins, you must use the
.ready()
method, like so:
app.use(function (instance, opts, done) {
done(new Error('error'))
}, opts)
app.ready(function (err) {
if (err) throw err
})
When an error happens, the loading of plugins will stop until there is
an after
callback specified. Otherwise, it will be handled
in ready
.
Calls a function after all the previously defined plugins are loaded, including
all their dependencies. The 'start'
event is not emitted yet.
Note: await after
can be used as an awaitable alternative to after(func)
, or await use
can be also as a shorthand for use(plugin); await after()
.
The callback changes based on the parameters you give:
error
object.error
object, the second will be the done
callback.error
object, the second will be the top level context
and the third the done
callback.In the "no parameter" and "one parameter" variants, the callback can return a Promise
.
const server = {}
const app = require('avvio')(server)
...
// after with one parameter
app.after(function (err) {
if (err) throw err
})
// after with two parameter
app.after(function (err, done) {
if (err) throw err
done()
})
// after with three parameters
app.after(function (err, context, done) {
if (err) throw err
assert.equal(context, server)
done()
})
// async after with one parameter
app.after(async function (err) {
await sleep(10)
if (err) {
throw err
}
})
// async after with no parameter
app.after(async function () {
await sleep(10)
})
done
must be called only once.
If called with a function, it returns the instance on which after
is called, to support a chainable API.
Calling after with no function argument loads any plugins previously registered via use
and returns a promise, which resolves when all plugins registered so far have loaded.
async function main () {
app.use(async function (server, opts) {
await sleep(10)
console.log('this first')
})
app.use(async function (server, opts) {
await sleep(10)
console.log('this second')
})
console.log('before after')
await app.after()
console.log('after after')
app.use(async function (server, opts) {
await sleep(10)
console.log('this third')
})
await app.ready()
console.log('ready')
}
main().catch((err) => console.error(err))
Unlike after
and use
, await after
is not chainable.
Calls a function after all the plugins and after
call are completed, but before 'start'
is emitted. ready
callbacks are executed one at a time.
The callback changes based on the parameters you give:
error
object.error
object, the second will be the done
callback.error
object, the second will be the top level context
unless you have specified both server and override, in that case the context
will be what the override returns, and the third the done
callback.If no callback is provided ready
will return a Promise that is resolved or rejected once plugins and after
calls are completed. On success context
is provided to the .then
callback, if an error occurs it is provided to the .catch
callback.
const server = {}
const app = require('avvio')(server)
...
// ready with one parameter
app.ready(function (err) {
if (err) throw err
})
// ready with two parameter
app.ready(function (err, done) {
if (err) throw err
done()
})
// ready with three parameters
app.ready(function (err, context, done) {
if (err) throw err
assert.equal(context, server)
done()
})
// ready with Promise
app.ready()
.then(() => console.log('Ready'))
.catch(err => {
console.error(err)
process.exit(1)
})
// await ready from an async function.
async function main () [
try {
await app.ready()
console.log('Ready')
} catch(err) {
console.error(err)
process.exit(1)
}
}
done
must be called only once.
The callback form of this function has no return value.
If autostart: false
is passed as an option, calling .ready()
will
also start the boot sequence.
Start the boot sequence, if it was not started yet.
Returns the app
instance.
Allows overriding the instance of the server for each loading plugin. It allows the creation of an inheritance chain for the server instances. The first parameter is the server instance and the second is the plugin function while the third is the options object that you give to use.
const assert = require('node:assert')
const server = { count: 0 }
const app = require('avvio')(server)
console.log(app !== server, 'override must be set on the Avvio instance')
app.override = function (s, fn, opts) {
// create a new instance with the
// server as the prototype
const res = Object.create(s)
res.count = res.count + 1
return res
}
app.use(function first (s1, opts, cb) {
assert(s1 !== server)
assert(Object.prototype.isPrototypeOf.call(server, s1))
assert(s1.count === 1)
s1.use(second)
cb()
function second (s2, opts, cb) {
assert(s2 !== s1)
assert(Object.prototype.isPrototypeOf.isPrototypeOf.call(s1, s2))
assert(s2.count === 2)
cb()
}
})
Registers a new callback that will be fired once then close
api is called.
The callback changes basing on the parameters you give:
context
.context
unless you have specified both server and override, in that case the context
will be what the override returns, the second will be the done
callback.const server = {}
const app = require('avvio')(server)
...
// onClose with one parameter
app.onClose(function (context) {
// ...
})
// onClose with one parameter, returning a promise
app.onClose(function (context) {
return new Promise((resolve, reject) => {
// ...
})
})
// async onClose with one parameter
app.onClose(async function (context) {
// ...
await ...
})
// onClose with two parameter
app.onClose(function (context, done) {
// ...
done()
})
If the callback returns a promise, the next onClose callback and the close callback will not run until the promise is either resolved or rejected.
done
must be called only once.
Returns the instance on which onClose
is called, to support a chainable API.
Starts the shutdown procedure, the callback is called once all the registered callbacks with onClose
has been executed.
The callback changes based on the parameters you give:
error
object.error
object, the second will be the done
callback.error
object, the second will be the top level context
unless you have specified both server and override, in that case the context
will be what the override returns, and the third the done
callback.If no callback is provided close
will return a Promise.
const server = {}
const app = require('avvio')(server)
...
// close with one parameter
app.close(function (err) {
if (err) throw err
})
// close with two parameter
app.close(function (err, done) {
if (err) throw err
done()
})
// close with three parameters
app.close(function (err, context, done) {
if (err) throw err
assert.equal(context, server)
done()
})
// close with Promise
app.close()
.then(() => console.log('Closed'))
.catch(err => {
console.error(err)
process.exit(1)
})
done
must be called only once.
Return a JSON tree representing the state of the plugins and the loading time.
Call it on preReady
to get the complete tree.
const avvio = require('avvio')()
avvio.on('preReady', () => {
avvio.toJSON()
})
The output is like this:
{
"label": "root",
"start": 1550245184665,
"nodes": [
{
"parent": "root",
"start": 1550245184665,
"label": "first",
"nodes": [
{
"parent": "first",
"start": 1550245184708,
"label": "second",
"nodes": [],
"stop": 1550245184709,
"diff": 1
}
],
"stop": 1550245184709,
"diff": 44
},
{
"parent": "root",
"start": 1550245184709,
"label": "third",
"nodes": [],
"stop": 1550245184709,
"diff": 0
}
],
"stop": 1550245184709,
"diff": 44
}
This method will return a printable string with the tree returned by the toJSON()
method.
const avvio = require('avvio')()
avvio.on('preReady', () => {
console.log(avvio.prettyPrint())
})
The output will be like:
avvio 56 ms
├── first 52 ms
├── second 1 ms
└── third 2 ms
This project was kindly sponsored by nearForm.
Copyright Matteo Collina 2016-2020, Licensed under MIT.
FAQs
Asynchronous bootstrapping of Node applications
The npm package avvio receives a total of 1,819,661 weekly downloads. As such, avvio popularity was classified as popular.
We found that avvio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.