Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Turns async function into sync via JavaScript wrapper of Node event loop
The deasync npm package allows you to convert asynchronous functions into synchronous ones. This can be useful in scenarios where you need to perform asynchronous operations in a synchronous manner, such as during initialization or configuration phases.
Convert Asynchronous Function to Synchronous
This feature allows you to convert an asynchronous function into a synchronous one. The code demonstrates how to use deasync to wait for an asynchronous function to complete before proceeding.
const deasync = require('deasync');
let done = false;
let result;
asyncFunction((err, res) => {
if (err) throw err;
result = res;
done = true;
});
while (!done) {
deasync.sleep(100);
}
console.log(result);
Sleep Function
The sleep function pauses the execution of code for a specified number of milliseconds. This can be useful for delaying operations or simulating long-running tasks.
const deasync = require('deasync');
console.log('Start');
deasync.sleep(2000);
console.log('End');
Synchronous Read File
This feature demonstrates how to read a file synchronously using deasync. The code waits for the asynchronous readFile operation to complete before proceeding.
const fs = require('fs');
const deasync = require('deasync');
let content;
fs.readFile('example.txt', 'utf8', (err, data) => {
if (err) throw err;
content = data;
done = true;
});
while (!done) {
deasync.sleep(100);
}
console.log(content);
The sync-request package allows you to make synchronous HTTP requests. Unlike deasync, which can convert any asynchronous function to synchronous, sync-request is specifically designed for HTTP requests.
The wait-for-stuff package provides synchronous versions of common asynchronous operations like reading files and making HTTP requests. It offers a more limited scope compared to deasync, which can handle any asynchronous function.
The fibers package allows you to write asynchronous code in a synchronous style using fibers. It is more complex and powerful than deasync, offering more control over the execution flow but requiring a deeper understanding of fibers.
DeAsync turns async function into sync, implemented with a blocking mechanism by calling Node.js event loop at JavaScript layer. The core of deasync is written in C++.
Suppose you maintain a library that exposes a function getData
. Your users call it to get actual data:
var myData = getData();
Under the hood data is saved in a file so you implemented getData
using Node.js built-in fs.readFileSync
. It's obvious both getData
and fs.readFileSync
are sync functions. One day you were told to switch the underlying data source to a repo such as MongoDB which can only be accessed asynchronously. You were also told for backward compatibility, getData
API cannot be changed to return merely a promise or demand a callback parameter. How do you meet both requirements?
You may tempted to use node-fibers or a module derived from it, but node fibers can only wrap async function call into a sync function inside a fiber. In the case above you cannot assume all callers are inside fibers. On the other hand, if you start a fiber in getData
then getData
itself will still return immediately without waiting for the async call result. For similar reason ES6 generators introduced in Node v0.11 won't work either.
What really needed is a way to block subsequent JavaScript from running without blocking entire thread by yielding to allow other events in the event loop to be handled. Ideally the blockage is removed as soon as the result of async function is available. A less ideal but often acceptable alternative is a sleep
function which you can use to implement the blockage like while(!done) sleep(100);
. It is less ideal because sleep duration has to be guessed. It is important the sleep
function not only shouldn't block entire thread, but also shouldn't incur busy wait that pegs the CPU to 100%.
DeAsync supports both alternatives.
function(p1,...pn,function cb(error,result){})
. Returns result
and throws error
as exception if not null:var deasync = require('deasync');
var cp = require('child_process');
var exec = deasync(cp.exec);
// output result of ls -la
try{
console.log(exec('ls -la'));
}
catch(err){
console.log(err);
}
// done is printed last, as supposed, with cp.exec wrapped in deasync; first without.
console.log('done');
function asyncFunction(p1,function cb(res){})
, use loopWhile(predicateFunc)
where predicateFunc
is a function that returns boolean loop conditionvar done = false;
var data;
asyncFunction(p1,function cb(res){
data = res;
done = true;
});
require('deasync').loopWhile(function(){return !done;});
// data is now populated
function SyncFunction(){
var ret;
setTimeout(function(){
ret = "hello";
},3000);
while(ret === undefined) {
require('deasync').sleep(100);
}
// returns hello with sleep; undefined without
return ret;
}
Except on a few platforms + Node version combinations where binary distribution is included, DeAsync uses node-gyp to compile C++ source code so you may need the compilers listed in node-gyp. You may also need to update npm's bundled node-gyp.
To install, run
npm install deasync
Unlike other (a)sync js packages that mostly have only syntactic impact, DeAsync also changes code execution sequence. As such, it is intended to solve niche cases like the above one. If all you are facing is syntactic problem such as callback hell, using a less drastic package implemented in pure js is recommended.
Pull requests and issue reporting are welcome. For issues to be considered by maintainer
To that end, the issue should contain platform information, error message relevant to DeAsync, and preferably code snippet. If code snippet is supplied, it must be self-contained, i.e. independent from your runtime environment or other modules not explicitly specified via require
in the code snippet.
The MIT License (MIT)
Copyright (c) 2015
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Turns async function into sync via JavaScript wrapper of Node event loop
The npm package deasync receives a total of 367,384 weekly downloads. As such, deasync popularity was classified as popular.
We found that deasync demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.