Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
express-rescue
Advanced tools
express-rescue
A wrapper for async functions which makes sure all async errors are passed to your errors handler
Express Rescue
It's a wrapper for async functions which makes sure all async errors are passed to your error handler preventing those anoing UnhandledPromiseRejectionWarning when using async/await, especially with expressjs routes/middlewares. And nope, this is not an anti-pattern.
Usin with expressjs
It's so simple... how about I just show you how it's done?
const rescue = require('express-rescue')
// ...
app.get('/:id', rescue(async (req, res, next) => {
const user = await repository.getById(req.params.id)
if (!user) {
throw new UserNotFoundError
}
res.status(200)
.json(user)
}))
app.use((err, req, res, next) => {
if (err instanceof UserNotFoundError) {
return res.status(404)
.json({ error: 'these are not the droids you\'re looking for'})
}
res.status(500)
.json({ error: 'i have a bad feeling about this'})
})
That's all. Told you it was simple, right?
Using anywhere else
It was intended to be use with expressjs but I'm pretty sure you could use it anywhere you want since you pass your error handler as the last argument.
Let's try it out:
const rescue = require('express-rescue')
const somethingWrong = rescue(function (arg1, arg2, arg3, arg4, errorHandler) {
throw new Error('Houston, we have a problem!')
})
const arg1 = null
const arg2 = null
const arg3 = null
const arg4 = null
const errorHandler = function (err) {
console.log(err.message)
process.exit(1)
}
somethingWrong(arg1, arg2, arg3, arg4, errorHandler) // Houston, we have a problem!
Oh in case you didn't notice: yes, you're not limited to use only async functions. somethingWrong is a regular (sync) function.
Hope you enjoy the async/await heaven!
Chears!
Tests
yarn test v0.27.5
$ mocha specs --require ./specs/spec-helper.js
const callable = rescue(async ([err,] req, res, next) => { })
calls the last argument (next) with the thrown error
✓ Raises a TypeError if last argument is not a function
✓ callable(req, res, next) - works for routes and middlewares
✓ callable(err, req, res, next) - works for error handler middlewares
✓ callable(foo, bar, baz, foobar, foobaz, errorHandler) - should work for basically anything, since you place an error handler as the last argument
4 passing (17ms)
Done in 0.48s.
FAQs
A wrapper for async functions which makes sure all async errors are passed to your errors handler
The npm package express-rescue receives a total of 158 weekly downloads. As such, express-rescue popularity was classified as not popular.
We found that express-rescue demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Dec 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025