Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
defer-to-connect
Advanced tools
The defer-to-connect npm package allows you to defer actions until a socket connection is established. It provides hooks for different stages of a connection, such as 'lookup', 'connect', 'secureConnect', and 'close'. This can be useful for debugging, logging, or modifying the socket during its lifecycle.
Defer actions until the socket connects
This feature allows you to execute code when the socket connects. In the provided code sample, a message is logged to the console once the socket connection is established.
const net = require('net');
const deferToConnect = require('defer-to-connect');
const socket = net.createConnection({ port: 80, host: 'example.com' });
deferToConnect(socket, (event) => {
if (event === 'connect') {
console.log('Socket connected!');
}
});
Defer actions until the socket is secured
This feature allows you to execute code when a TLS socket is secured. In the provided code sample, a message is logged to the console once the TLS socket connection is secured.
const tls = require('tls');
const deferToConnect = require('defer-to-connect');
const socket = tls.connect({ port: 443, host: 'example.com' });
deferToConnect(socket, (event) => {
if (event === 'secureConnect') {
console.log('Socket secured!');
}
});
Defer actions until the socket closes
This feature allows you to execute code when the socket closes. In the provided code sample, a message is logged to the console once the socket connection is closed.
const net = require('net');
const deferToConnect = require('defer-to-connect');
const socket = net.createConnection({ port: 80, host: 'example.com' });
deferToConnect(socket, (event) => {
if (event === 'close') {
console.log('Socket closed!');
}
});
The 'once' package is similar in that it allows you to add a one-time listener for an event. However, it is not specifically tailored to socket connections and does not provide the same granularity for different stages of a socket's lifecycle.
The 'eventemitter3' package is an implementation of the EventEmitter module found in Node.js. It allows you to emit and listen for events, which can be used to achieve similar functionality to defer-to-connect, but it requires more manual management of connection events and does not provide out-of-the-box support for deferring actions until specific socket events.
The safe way to handle the
connect
socket event
Once you receive the socket, it may be already connected (or disconnected).
To avoid checking that, use defer-to-connect
. It'll do that for you.
const deferToConnect = require('defer-to-connect');
deferToConnect(socket, () => {
console.log('Connected!');
});
Calls connectListener()
when connected.
An object representing connect
, secureConnect
and close
properties.
Calls connect()
when the socket is connected.
Calls secureConnect()
when the socket is securely connected.
Calls close()
when the socket is destroyed.
MIT
FAQs
The safe way to handle the `connect` socket event
The npm package defer-to-connect receives a total of 11,144,153 weekly downloads. As such, defer-to-connect popularity was classified as popular.
We found that defer-to-connect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.