Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
The 'immediate' npm package is designed to execute functions asynchronously, as soon as possible, but outside of the current call stack. It uses a set of clever tricks to defer the execution of a function until the stack is clear. It is useful for scheduling tasks to run after the current event loop tick without the overhead of using setTimeout with a delay of 0.
Asynchronous Execution
This feature allows you to schedule a function to be executed asynchronously, immediately after the current call stack is clear, but before the next event loop tick.
var immediate = require('immediate');
immediate(function () {
console.log('Executed after the current event loop tick');
});
The 'asap' npm package is similar to 'immediate' in that it schedules tasks to execute as soon as possible but after the current call stack has cleared. The main difference is in the internal implementation and the specific scheduling mechanisms used by each library.
The 'raf' package stands for requestAnimationFrame, which is used for scheduling animations in web browsers. It can be used to defer tasks until the next repaint, which may be similar to 'immediate' in deferring execution, but it is specifically tied to the browser's frame rate and rendering.
immediate.js is a cross between NobleJS's setImmediate, Cujo's When, and RSVP.
immediate takes the tricks from setImmedate and combines them with the schedualer from when to make a
process.nextTick
In Node.js versions below 0.9, setImmediate
is not available, but process.nextTick
is, so we use it to
shim support for a global setImmediate
. In Node.js 0.9 and above, setImmediate
is available.
Note that we check for actual Node.js environments, not emulated ones like those produced by browserify or similar.
Such emulated environments often already include a process.nextTick
shim that's not as browser-compatible as
setImmediate.js.
MutationObserver
This is what RSVP uses, it's very fast, details on MDN
postMessage
In Firefox 3+, Internet Explorer 9+, all modern WebKit browsers, and Opera 9.5+, postMessage
is
available and provides a good way to queue tasks on the event loop. It's quite the abuse, using a cross-document
messaging protocol within the same document simply to get access to the event loop task queue, but until there are
native implementations, this is the best option.
Note that Internet Explorer 8 includes a synchronous version of postMessage
. We detect this, or any other such
synchronous implementation, and fall back to another trick.
MessageChannel
Unfortunately, postMessage
has completely different semantics inside web workers, and so cannot be used there. So we
turn to MessageChannel
, which has worse browser support, but does work inside a web worker.
<script> onreadystatechange
For our last trick, we pull something out to make things fast in Internet Explorer versions 6 through 8: namely,
creating a <script>
element and firing our calls in its onreadystatechange
event. This does execute in a future
turn of the event loop, and is also faster than setTimeout(…, 0)
, so hey, why not?
In the browser, include it with a <script>
tag; pretty simple. Creates a global
called immediate
which should act like setImmediate. It also has a method called
clear
which should act like clearImmediate
.
In Node.js, do
npm install immediate
then
var immediate = require("immediate");
somewhere early in your app; it attaches to the global.
FAQs
A cross browser microtask library
The npm package immediate receives a total of 10,845,101 weekly downloads. As such, immediate popularity was classified as popular.
We found that immediate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.