Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
fast-async
Advanced tools
'fast-async' is a Babel plugin that implements the ES7 keywords async
and await
using syntax transformation
at compile-time, rather than generators.
For Babel v6.x.x install fast-async@6 For Babel v7.x.x install fast-async@7 NB: Babel 7 is in beta. The core nodent functionality is due to be included in Babel 7 release - see https://github.com/babel/babel/pull/7076
The main reason for using 'fast-async' as opposed to Babel's default implementation of async/await is performance (https://github.com/MatAtBread/nodent#performance) - it's 3-4 times faster in a browser/node, and as much as 10 times faster on a mobile browsers, mainly due to avoiding generators (and therefore regenerator).
There's a simple test (that just makes sure the plugin works and generates code that runs). More complete test coverage is included with nodent.
Because Babel parses the code, the ES7 extensions possible with nodent (await
anywhere, async return
and async throw
) are not supported, however full implementation of async function
containing await
expressions is implemented.
For Babel v5.x.x install fast-async@1.0.3
v6.1.x fast-async@>=6.1.0 can use nodent v2 or v3 (and acorn v3 or v4). Nodent v3 has the option of generating code with Promises which needs no runtime at all, at the cost of size and speed. v6.1.x can also reference the runtime via an import (useRuntimeModule option), rather than include the source inline.
npm install fast-async --save
Just include the plugin to the babel options. Minimal .babelrc
example:
{
"plugins": ["fast-async"]
}
N.B.: Starting in Babel v7, you'll need to prefix plugin names that do not begin with the babel-plugin-
prefix with a module:
directive:
{
"plugins": ["module:fast-async"]
}
That's all. Neither babel-plugin-transform-runtime
nor babel-polyfill
required. Your application, once compiled, will probably needs nodent's runtime = see below.
With options:
{
"plugins": [
["fast-async", {
"env": {
"log":false
},
"compiler": {
"promises": true,
"generators": false
},
"runtimePattern":null,
"useRuntimeModule":false
}]
]
}
The option spec
sets the compiler up to produce the most spec-compatible output (at the expense of some performance) by using the wrapAwait
, noRuntime
and promises
options. Since noRuntime
is specified, no runtime options are required.
{
"plugins": [
["fast-async", {
"spec":true
}]
]
}
From the installation directory (e.g. node_modules/fast-async):
npm test
The plugin accepts the following options object, which itself is optional, as are all members. These are based on the options in nodent, but since much of the parsing is done by Babel some are unused.
env:{
log:function(string), // Supplied routine to emit transformation warnings. Default: console.log
},
compiler:{
promises:true // Use nodent's "Promises" mode. Set to false if your runtime environment does not support Promises (default: true)
},
runtimePattern:null, // See below
useRuntimeModule:false // See below
NB: As of v6.3.x, the env
options augmentObject
,dontMapStackTraces
and dontInstallRequireHook:false
are no longer impemented or required. These modified the execution environment of the compiler (as opposed to the runtime environment of the code generated) and consequently had no purpose.
For more information on the compiler options, see ES7 and Promises in the nodent documentation.
6.1.x The dontMapStackTraces now defaults to
true
as having both nodent and babel map stack traces doesn't work well
By default, fast-async will put the nodent runtime into every file containing an async
function or await
expression.
If your project is made up of more than one file, the constant redefinition of the runtime is a waste of time and space. You can
specify that you want the runtime in particular file(s) by setting the 'runtimePattern' to a regular expression (in quotes).
Only files that match the regular expression will have the runtime defined (which is global, so you only need it once).
Note: At least one of the file(s) matching the "runtimePattern" must use either await
or async
as the runtime function (or require('nodent-runtime')
if you set "useRuntimeModule":true
) is only included for files that reference it.
For example:
"babel": {
"plugins": [
"syntax-async-functions",
["fast-async",{
"runtimePattern":"test-input\\.js"
}]
]
}
Alternatively, if you set runtimePattern to "directive"
, the statement "use runtime-nodent";
will be replaced with the runtime during compilation.
v6.1.x If you specify the option
"useRuntimeModule":true
, the runtime is not included directly as source, but via an import of nodent-runtime, which is typically resolved torequire()
by babel. The nodent-runtime module must be added as a dependency in your target project. The runtime need only be included once in your entire project, and should precede any code that uses async or await.
The purpose of fast-async
is to transform the async
and await
into code which can be run in environments that don't support these keywords. With promises: false
option, the transformed code will not reference the Promise
global object for its internal logic, however if you use Promise
in your code, it will be left as is. Therefore, you still need to install a polyfill if you want to use this plugin to transpile code for environments without the Promise
support.
For example, with Webpack
, you can do it by using webpack.ProvidePlugin
:
// npm install zousan
const config = {
// ...
plugins: {
new webpack.ProvidePlugin({
Promise: 'zousan',
}),
},
}
Online performance checkers:
FAQs
fast-async/await transformer Babel plugin
The npm package fast-async receives a total of 39,499 weekly downloads. As such, fast-async popularity was classified as popular.
We found that fast-async demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.