Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
Greenlet 
Move an async function into its own thread.
A simplified single-function version of workerize, offering the same performance as direct Worker usage.
The name is somewhat of a poor choice, but it was available on npm.
Greenlet only supports browser environments, since it uses Web Workers. For use in a NodeJS environment, Web Workers must be polyfilled using a library like node-webworker.
Installation & Usage
npm i -S greenlet
Accepts an async function with, produces a copy of it that runs within a Web Worker.
⚠️ Caveat: the function you pass cannot rely on its surrounding scope, since it is executed in an isolated context.
greenlet(Function) -> Function
‼️ Important: never call greenlet() dynamically. Doing so creates a new Worker thread for every call:
-const BAD = () => greenlet(x => x)('bad') // creates a new thread on every call
+const fn = greenlet(x => x);
+const GOOD = () => fn('good'); // uses the same thread on every call
Since Greenlets can't rely on surrounding scope anyway, it's best to always create them at the "top" of your module.
Example
Greenlet is most effective when the work being done has relatively small inputs/outputs.
One such example would be fetching a network resource when only a subset of the resulting information is needed:
import greenlet from 'greenlet'
let getName = greenlet( async username => {
let url = `https://api.github.com/users/${username}`
let res = await fetch(url)
let profile = await res.json()
return profile.name
})
console.log(await getName('developit'))
🔄 Run this example on JSFiddle
Transferable ready
Greenlet will even accept and optimize transferables as arguments to and from a greenlet worker function.
Browser support
Thankfully, Web Workers have been around for a while and are broadly supported by Chrome, Firefox, Safari, Edge, and Internet Explorer 10+.
If you still need to support older browsers, you can just check for the presence of window.Worker:
if (window.Worker) {
...
} else {
...
}
CSP
If your app has a Content-Security-Policy,
Greenlet requires worker-src data: and script-src data: in your config.
License & Credits
In addition to the contributors, credit goes to @sgb-io for his annotated exploration of Greenlet's source. This prompted a refactor that clarified the code and allowed for further size optimizations.
FAQs
Move an async function into its own thread.
The npm package greenlet receives a total of 651 weekly downloads. As such, greenlet popularity was classified as not popular.
We found that greenlet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Oct 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025