
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
gate-executor
Advanced tools
A work queue that can be gated, stopping to wait for sub-queues to complete.
A work execution queue that provides gating. Work items submitted to the queue are called in order, and execute concurrently. However, if the queue is gated, then a sub-queue is created, and work items added to the sub-queue must complete first.
Gating operates to any depth, allowing you to form a tree-structured queue that must complete breadth-first.
The queue also handles timeouts, so that failing work items do not
block processing. Timeouts use a shared setInterval
, so are nice and
efficient.
Used by the Seneca microservice framework to implement plugin initialisation.
var GateExecutor = require('gate-executor')
var ge = GateExecutor()
ge.add({
fn: function first (done) {
console.log('first')
done()
}
})
// create a gate
var subge = ge.gate()
ge.add({
fn: function second (done) {
console.log('second')
done()
}
})
// this needs to complete before 'second' can run
subge.add({
fn: function second (done) {
console.log('third')
done()
}
})
ge.start(function () {
console.log('done')
done()
})
// prints:
// first
// third
// second
// done
For detailed information, and API descriptions, see the Annotated Source
If you're using this module, feel free to contact me on twitter if you have any questions! :) @rjrodger
npm test
FAQs
A work queue that can be gated, stopping to wait for sub-queues to complete.
The npm package gate-executor receives a total of 5,413 weekly downloads. As such, gate-executor popularity was classified as popular.
We found that gate-executor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.