
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
The 'delay' npm package is a simple utility that allows you to pause the execution of an asynchronous function for a specified amount of time. It is primarily used to introduce delays in promise chains or async functions, making it useful for testing, rate limiting, or creating time-based behavior in applications.
Basic Delay
This feature allows you to pause the execution of code within an async function for a specified duration (in milliseconds). In this example, the code waits for 2 seconds before printing '2 seconds later'.
const delay = require('delay');
(async () => {
console.log('Waiting...');
await delay(2000);
console.log('2 seconds later');
})();
Delay with Value
This feature enables you to resolve a promise with a specific value after a delay. Here, the promise resolves with the string 'Hello after 1.5 seconds' after waiting for 1.5 seconds.
const delay = require('delay');
(async () => {
const result = await delay(1500, {value: 'Hello after 1.5 seconds'});
console.log(result);
})();
Delay with Options
This feature supports passing an options object that can include an AbortSignal to cancel the delay. If the abort signal is triggered, the delay is cancelled, and the subsequent code may not execute.
const delay = require('delay');
(async () => {
await delay(1000, {signal: someAbortSignal});
console.log('This will not run if the abort signal is triggered');
})();
Similar to 'delay', 'timeout' is used to introduce a delay in asynchronous operations. However, it focuses more on setting timeouts for promises, potentially rejecting them if they take too long, which is a slight functional shift from simply delaying.
This package offers functionality similar to 'delay' by resolving a promise after a specified timeout. The main difference is in the API design and naming conventions, but the core functionality of introducing delays in promise-based workflows is very similar.
While 'p-timeout' provides delay functionalities, it is primarily designed to add timeout capabilities to promises. It can reject a promise if it does not settle within a specified period, which is a feature not provided by 'delay'.
Delay a promise a specified amount of time
If you target Node.js 16 or later, you can use import {setTimeout} from 'node:timers/promises'; await setTimeout(1000);
instead. This package can still be useful if you need browser support or the extra features.
npm install delay
import delay from 'delay';
bar();
await delay(100);
// Executed 100 milliseconds later
baz();
Create a promise which resolves after the specified milliseconds
.
Create a promise which resolves after a random amount of milliseconds between minimum
and maximum
has passed.
Useful for tests and web scraping since they can have unpredictable performance. For example, if you have a test that asserts a method should not take longer than a certain amount of time, and then run it on a CI, it could take longer. So with this method, you could give it a threshold instead.
Type: number
Milliseconds to delay the promise.
Type: object
Type: unknown
A value to resolve in the returned promise.
import delay from 'delay';
const result = await delay(100, {value: '🦄'});
// Executed after 100 milliseconds
console.log(result);
//=> '🦄'
Type: AbortSignal
The returned promise will be rejected with an AbortError
if the signal is aborted.
import delay from 'delay';
const abortController = new AbortController();
setTimeout(() => {
abortController.abort();
}, 500);
try {
await delay(1000, {signal: abortController.signal});
} catch (error) {
// 500 milliseconds later
console.log(error.name)
//=> 'AbortError'
}
Clears the delay and settles the promise.
If you pass in a promise that is already cleared or a promise coming from somewhere else, it does nothing.
import delay, {clearDelay} from 'delay';
const delayedPromise = delay(1000, {value: 'Done'});
setTimeout(() => {
clearDelay(delayedPromise);
}, 500);
// 500 milliseconds later
console.log(await delayedPromise);
//=> 'Done'
Creates a new delay
instance using the provided functions for clearing and setting timeouts. Useful if you're about to stub timers globally, but you still want to use delay
to manage your tests.
import {createDelay} from 'delay';
const customDelay = createDelay({clearTimeout, setTimeout});
const result = await customDelay(100, {value: '🦄'});
// Executed after 100 milliseconds
console.log(result);
//=> '🦄'
setImmediate()
FAQs
Delay a promise a specified amount of time
The npm package delay receives a total of 3,020,618 weekly downloads. As such, delay popularity was classified as popular.
We found that delay demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
Research
Security News
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
Security News
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.