Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A benchmarking library that supports high-resolution timers & returns statistically significant results.
The 'benchmark' npm package is a library for benchmarking JavaScript code. It provides a simple and flexible API to measure the performance of code snippets, allowing developers to compare the speed of different implementations and optimize their code.
Basic Benchmarking
This feature allows you to create a suite of benchmarks to compare the performance of different code snippets. The example demonstrates how to add tests, attach listeners for cycle and completion events, and run the suite asynchronously.
const Benchmark = require('benchmark');
const suite = new Benchmark.Suite;
// add tests
suite.add('RegExp#test', function() {
/o/.test('Hello World!');
})
.add('String#indexOf', function() {
'Hello World!'.indexOf('o') > -1;
})
// add listeners
.on('cycle', function(event) {
console.log(String(event.target));
})
.on('complete', function() {
console.log('Fastest is ' + this.filter('fastest').map('name'));
})
// run async
.run({ 'async': true });
Event Handling
This feature allows you to handle various events during the benchmarking process, such as 'start', 'cycle', 'complete', etc. The example shows how to attach event listeners to a benchmark suite.
const Benchmark = require('benchmark');
const suite = new Benchmark.Suite;
suite.add('Example Test', function() {
// code to benchmark
})
.on('start', function() {
console.log('Benchmark started');
})
.on('complete', function() {
console.log('Benchmark completed');
})
.run();
Customizing Benchmark Options
This feature allows you to customize various options for your benchmarks, such as the minimum number of samples. The example demonstrates how to set the 'minSamples' option for a benchmark test.
const Benchmark = require('benchmark');
const suite = new Benchmark.Suite;
suite.add('Example Test', function() {
// code to benchmark
}, {
'minSamples': 100
})
.run();
The 'fastest' package is another benchmarking tool for JavaScript. It focuses on providing a simple API for running benchmarks and comparing the performance of different code snippets. Compared to 'benchmark', 'fastest' is more lightweight and may be easier to use for simple benchmarking tasks.
The 'matcha' package is a powerful benchmarking library for Node.js. It provides a command-line interface and a flexible API for writing and running benchmarks. 'matcha' offers more advanced features and a more comprehensive reporting system compared to 'benchmark'.
The 'benchmarkjs' package is a fork of the 'benchmark' library with additional features and improvements. It aims to provide a more modern and feature-rich benchmarking tool while maintaining compatibility with the original 'benchmark' API.
A robust benchmarking library that supports high-resolution timers & returns statistically significant results. As seen on jsPerf.
Benchmark.js’ only hard dependency is lodash. Include platform.js to populate Benchmark.platform.
In a browser:
<script src="lodash.js"></script>
<script src="platform.js"></script>
<script src="benchmark.js"></script>
In an AMD loader:
require({
'paths': {
'benchmark': 'path/to/benchmark',
'lodash': 'path/to/lodash',
'platform': 'path/to/platform'
}
},
['benchmark'], function(Benchmark) {/*…*/});
Using npm:
$ npm i --save benchmark
In Node.js:
var Benchmark = require('benchmark');
Optionally, use the microtime module by Wade Simmons:
npm i --save microtime
Usage example:
var suite = new Benchmark.Suite;
// add tests
suite.add('RegExp#test', function() {
/o/.test('Hello World!');
})
.add('String#indexOf', function() {
'Hello World!'.indexOf('o') > -1;
})
// add listeners
.on('cycle', function(event) {
console.log(String(event.target));
})
.on('complete', function() {
console.log('Fastest is ' + this.filter('fastest').map('name'));
})
// run async
.run({ 'async': true });
// logs:
// => RegExp#test x 4,161,532 +-0.99% (59 cycles)
// => String#indexOf x 6,139,623 +-1.00% (131 cycles)
// => Fastest is String#indexOf
Tested in Chrome 54-55, Firefox 49-50, IE 11, Edge 14, Safari 9-10, Node.js 6-7, & PhantomJS 2.1.1.
Benchmark.js is part of the BestieJS “Best in Class” module collection. This means we promote solid browser/environment support, ES5+ precedents, unit testing, & plenty of documentation.
FAQs
A benchmarking library that supports high-resolution timers & returns statistically significant results.
The npm package benchmark receives a total of 194,834 weekly downloads. As such, benchmark popularity was classified as popular.
We found that benchmark demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.