Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The 'immediate' npm package is designed to execute functions asynchronously, as soon as possible, but outside of the current call stack. It uses a set of clever tricks to defer the execution of a function until the stack is clear. It is useful for scheduling tasks to run after the current event loop tick without the overhead of using setTimeout with a delay of 0.
Asynchronous Execution
This feature allows you to schedule a function to be executed asynchronously, immediately after the current call stack is clear, but before the next event loop tick.
var immediate = require('immediate');
immediate(function () {
console.log('Executed after the current event loop tick');
});
The 'asap' npm package is similar to 'immediate' in that it schedules tasks to execute as soon as possible but after the current call stack has cleared. The main difference is in the internal implementation and the specific scheduling mechanisms used by each library.
The 'raf' package stands for requestAnimationFrame, which is used for scheduling animations in web browsers. It can be used to defer tasks until the next repaint, which may be similar to 'immediate' in deferring execution, but it is specifically tied to the browser's frame rate and rendering.
npm install immediate --save
then
var immediate = require("immediate");
immediate(function () {
// this will run soon
});
immediate(function (arg1, arg2) {
// get your args like in iojs
}, thing1, thing2);
immediate is a microtask library, decended from NobleJS's setImmediate, but including ideas from Cujo's When and RSVP.
immediate takes the tricks from setImmedate and RSVP and combines them with the schedualer inspired (vaugly) by whens.
Note versions 2.6.5 and earlier were strictly speaking a 'macrotask' library not a microtask one, see this for the difference, if you need a macrotask library, I got you covered.
Several new features were added in versions 3.1.0 and 3.2.0 to maintain parity with process.nextTick, but the 3.0.x series is still being kept up to date if you just need the small barebones version
process.nextTick
Note that we check for actual Node.js environments, not emulated ones like those produced by browserify or similar.
MutationObserver
This is what RSVP uses, it's very fast, details on MDN.
MessageChannel
Unfortunately, postMessage
has completely different semantics inside web workers, and so cannot be used there. So we
turn to MessageChannel
, which has worse browser support, but does work inside a web worker.
<script> onreadystatechange
For our last trick, we pull something out to make things fast in Internet Explorer versions 6 through 8: namely,
creating a <script>
element and firing our calls in its onreadystatechange
event. This does execute in a future
turn of the event loop, and is also faster than setTimeout(…, 0)
, so hey, why not?
setImmediate
We avoid this process.nextTick in node is better suited to our needs and in Internet Explorer 10 there is a broken version of setImmediate we avoid using this.
FAQs
A cross browser microtask library
The npm package immediate receives a total of 5,634,091 weekly downloads. As such, immediate popularity was classified as popular.
We found that immediate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.