Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The 'backoff' npm package provides a mechanism to handle retry logic with exponential backoff and other backoff strategies. It is useful for scenarios where you need to retry operations that may fail intermittently, such as network requests or database queries.
Exponential Backoff
This feature allows you to implement an exponential backoff strategy using the Fibonacci sequence. The code sample demonstrates how to set up a Fibonacci backoff with a randomisation factor, initial delay, and maximum delay. It also shows how to handle the 'ready' and 'fail' events.
const backoff = require('backoff');
const fibonacciBackoff = backoff.fibonacci({ randomisationFactor: 0.2, initialDelay: 10, maxDelay: 1000 });
fibonacciBackoff.on('ready', function(number, delay) {
console.log(`Retrying after ${delay} ms`);
// Perform the operation that needs to be retried
});
fibonacciBackoff.on('fail', function() {
console.log('Operation failed after maximum retries');
});
// Start the backoff process
fibonacciBackoff.backoff();
Retry with Custom Strategy
This feature allows you to implement a custom retry strategy using exponential backoff. The code sample demonstrates how to set up an exponential backoff with an initial delay and maximum delay. It also shows how to handle the 'ready' and 'fail' events.
const backoff = require('backoff');
const customStrategy = backoff.exponential({ initialDelay: 100, maxDelay: 10000 });
customStrategy.on('ready', function(number, delay) {
console.log(`Retry attempt #${number} after ${delay} ms`);
// Perform the operation that needs to be retried
});
customStrategy.on('fail', function() {
console.log('Operation failed after maximum retries');
});
// Start the backoff process
customStrategy.backoff();
Handling Errors
This feature demonstrates how to handle errors during the retry process. The code sample shows how to simulate an operation that may fail and how to retry the operation using exponential backoff until it succeeds or reaches the maximum number of retries.
const backoff = require('backoff');
const exponentialBackoff = backoff.exponential({ initialDelay: 100, maxDelay: 10000 });
exponentialBackoff.on('ready', function(number, delay) {
console.log(`Retry attempt #${number} after ${delay} ms`);
// Simulate an operation that may fail
const success = Math.random() > 0.5;
if (!success) {
exponentialBackoff.backoff();
} else {
console.log('Operation succeeded');
}
});
exponentialBackoff.on('fail', function() {
console.log('Operation failed after maximum retries');
});
// Start the backoff process
exponentialBackoff.backoff();
The 'retry' package provides a similar functionality to 'backoff' by allowing you to retry operations with configurable strategies. It supports exponential backoff, custom retry strategies, and error handling. Compared to 'backoff', 'retry' offers a more flexible API for defining custom retry logic.
The 'promise-retry' package is designed for retrying operations that return promises. It provides a simple API for retrying promise-based operations with configurable retry strategies, including exponential backoff. Compared to 'backoff', 'promise-retry' is more focused on promise-based workflows.
The 'async-retry' package is another alternative that supports retrying asynchronous operations with configurable strategies. It works well with both promises and async/await syntax. Compared to 'backoff', 'async-retry' offers a more modern API that integrates seamlessly with async/await.
Fibonacci and exponential backoffs for Node.js.
npm install backoff
npm test
The usual way to instantiate a new Backoff
object is to use one predefined
factory method: backoff.fibonacci([options])
, backoff.exponential([options])
.
Backoff
inherits from EventEmitter
. When a backoff starts, a backoff
event is emitted and, when a backoff ends, a ready
event is emitted.
Handlers for these two events are called with the current backoff number and
delay.
var backoff = require('backoff');
var fibonacciBackoff = backoff.fibonacci({
randomisationFactor: 0,
initialDelay: 10,
maxDelay: 300
});
fibonacciBackoff.failAfter(10);
fibonacciBackoff.on('backoff', function(number, delay) {
// Do something when backoff starts, e.g. show to the
// user the delay before next reconnection attempt.
console.log(number + ' ' + delay + 'ms');
});
fibonacciBackoff.on('ready', function(number, delay) {
// Do something when backoff ends, e.g. retry a failed
// operation (DNS lookup, API call, etc.). If it fails
// again then backoff, otherwise reset the backoff
// instance.
fibonacciBackoff.backoff();
});
fibonacciBackoff.on('fail', function() {
// Do something when the maximum number of backoffs is
// reached, e.g. ask the user to check its connection.
console.log('fail');
});
fibonacciBackoff.backoff();
The previous example would print the following.
0 10ms
1 10ms
2 20ms
3 30ms
4 50ms
5 80ms
6 130ms
7 210ms
8 300ms
9 300ms
fail
Note that Backoff
objects are meant to be instantiated once and reused
several times by calling reset
after a successful "retry".
It's also possible to avoid some boilerplate code when invoking an asynchronous
function in a backoff loop by using backoff.call(fn, [args, ...], callback)
.
Typical usage looks like the following.
var call = backoff.call(get, 'https://duplika.ca/', function(err, res) {
console.log('Num retries: ' + call.getNumRetries());
if (err) {
console.log('Error: ' + err.message);
} else {
console.log('Status: ' + res.statusCode);
}
});
call.retryIf(function(err) { return err.status == 503; });
call.setStrategy(new backoff.ExponentialStrategy());
call.failAfter(10);
call.start();
Constructs a Fibonacci backoff (10, 10, 20, 30, 50, etc.).
The options are the following.
With these values, the backoff delay will increase from 100 ms to 10000 ms. The randomisation factor controls the range of randomness and must be between 0 and 1. By default, no randomisation is applied on the backoff delay.
Constructs an exponential backoff (10, 20, 40, 80, etc.).
The options are the following.
With these values, the backoff delay will increase from 100 ms to 10000 ms. The randomisation factor controls the range of randomness and must be between 0 and 1. By default, no randomisation is applied on the backoff delay.
Constructs a FunctionCall
instance for the given function. The wrapped
function will get retried until it succeds or reaches the maximum number
of backoffs. In both cases, the callback function will be invoked with the
last result returned by the wrapped function.
It is the caller's responsability to initiate the call by invoking the
start
method on the returned FunctionCall
instance.
Constructs a new backoff object from a specific backoff strategy. The backoff
strategy must implement the BackoffStrategy
interface defined bellow.
Sets a limit on the maximum number of backoffs that can be performed before a fail event gets emitted and the backoff instance is reset. By default, there is no limit on the number of backoffs that can be performed.
Starts a backoff operation. If provided, the error parameter will be emitted
as the last argument of the backoff
and fail
events to let the listeners
know why the backoff operation was attempted.
An error will be thrown if a backoff operation is already in progress.
In practice, this method should be called after a failed attempt to perform a sensitive operation (connecting to a database, downloading a resource over the network, etc.).
Resets the backoff delay to the initial backoff delay and stop any backoff operation in progress. After reset, a backoff instance can and should be reused.
In practice, this method should be called after having successfully completed the sensitive operation guarded by the backoff instance or if the client code request to stop any reconnection attempt.
backoff.backoff([err])
Emitted when a backoff operation is started. Signals to the client how long the next backoff delay will be.
Emitted when a backoff operation is done. Signals that the failing operation should be retried.
backoff.backoff([err])
Emitted when the maximum number of backoffs is reached. This event will only
be emitted if the client has set a limit on the number of backoffs by calling
backoff.failAfter(numberOfBackoffs)
. The backoff instance is automatically
reset after this event is emitted.
A backoff strategy must provide the following methods.
Computes and returns the next backoff delay.
Resets the backoff delay to its initial value.
Exponential (10, 20, 40, 80, etc.) backoff strategy implementation.
The options are the following.
Fibonnaci (10, 10, 20, 30, 50, etc.) backoff strategy implementation.
The options are the following.
This class manages the calling of an asynchronous function within a backoff loop.
This class should rarely be instantiated directly since the factory method
backoff.call(fn, [args, ...], callback)
offers a more convenient and safer
way to create FunctionCall
instances.
Constructs a function handler for the given asynchronous function.
Returns whether the call is pending, i.e. hasn't been started.
Returns whether the call is in progress.
Returns whether the call is completed.
Returns whether the call is aborted.
FibonacciStrategy
.Sets the backoff strategy to use. This method should be called before
call.start()
otherwise an exception will be thrown.
Sets the maximum number of backoffs before the call is aborted. By default, there is no limit on the number of backoffs that can be performed.
This method should be called before call.start()
otherwise an exception will
be thrown..
Sets the predicate which will be invoked to determine whether a given error should be retried or not, e.g. a network error would be retriable while a type error would stop the function call. By default, all errors are considered to be retriable.
This method should be called before call.start()
otherwise an exception will
be thrown.
Returns an array containing the last arguments passed to the completion callback of the wrapped function. For example, to get the error code returned by the last call, one would do the following.
var results = call.getLastResult();
// The error code is the first parameter of the callback.
var error = results[0];
Note that if the call was aborted, it will contain the abort error and not the last error returned by the wrapped function.
Returns the number of times the wrapped function call was retried. For a wrapped function that succeeded immediately, this would return 0. This method can be called at any point in time during the call life cycle, i.e. before, during and after the wrapped function invocation.
Initiates the call the wrapped function. This method should only be called once otherwise an exception will be thrown.
Aborts the call and causes the completion callback to be invoked with an abort error if the call was pending or running; does nothing otherwise. This method can safely be called mutliple times.
Emitted each time the wrapped function is called.
Emitted each time the wrapped function invokes its callback.
Emitted each time a backoff operation is started.
Emitted when a call is aborted.
The annotated source code can be found at mathieuturcotte.github.io/node-backoff/docs.
This code is free to use under the terms of the MIT license.
2.5.0
Those changes are not released yet.
abort
event. This makes it possible to detect when abort is called.call.retryIf(predicate)
, which specifies
a predicate used to determine whether a given error is retriable or not. The
default behavior is unaffected, errors remain retriable by default.FAQs
Fibonacci and exponential backoffs.
The npm package backoff receives a total of 463,119 weekly downloads. As such, backoff popularity was classified as popular.
We found that backoff demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.