Product
Rust Support in Socket Is Now Generally Available
Socket’s Rust and Cargo support is now generally available, providing dependency analysis and supply chain visibility for Rust projects.
By Trevor Norris - Jan 19, 2026
Launch Week Day 1:Rust Support in Socket Is Now Generally Available.Learn More →
js-script
Allow asynchronous APIs to be scripted using pure synchronous JavaScript.
Installation
npm install js-script
Usage
See the example folder for a real working example script that appears to synchronously download all the octocats from GitHub.
var script = require('js-script')
script(function (block, lazy) {
var api = {}
api.first = block(function (input, callback) {
setTimeout(function () {
callback(null, input + 'bar')
}, 1000)
})
api.second = block(function (input) {
return Q.delay(input + 'foo', 1000)
})
api.third = lazy(function () {
return 'ding'
})
return api
}, 'return [first('foo'), second('bar'), third()]', 'inline.js')
.nodeify(function (err, res) {
if (err) throw err
assert.deepEqual(res, ['foobar', 'barfoo', 'ding'])
})
The first parameter passed to script should be a function used to generate an API. The second parameter must be the source code of the script and the third parameter is an optional file name for better stack traces.
The API generator function gets passed two function wrappers, block and lazy. Use block to wrap any asynchronous methods and lazy to wrap any synchronous methods that are computationally expensive, cause side effects or don't always return the same value.
Providing that the script is idempotent and deterministic (except for functions wrapped by block and lazy) it will appear to work just as if it were synchronous.
How does it work?
This works by executing the script repeatedly. Once it gets to the first un-computed result (the first block/lazy) it stops the function, waits until it has computed that result, and starts again. The second time through, it skips that first block/lazy and just returns the pre-computed result. This is slow if the function is computationally expensive, but for IO heavy workloads it is fine. It should also be oted that no garbage collection can occur until the script has finished executing, because the results may need to be re-used. This means that the octocats example is very inefficient in terms of memory usage, but often the tradeoff in readability is worth it.
Security
All scripts are run in a vm sandbox and with strict mode enabled. This makes them moderately secure, but the node.js manual recommends you also use a separate process if executing un-trusted code.
License
MIT
FAQs
Allow asynchronous APIs to be scripted using pure synchronous JavaScript
We found that js-script demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Jul 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date Handling
Chrome 144 introduces the Temporal API, a modern approach to date and time handling designed to fix long-standing issues with JavaScript’s Date object.
By Sarah Gooding - Jan 16, 2026
Research
5 Malicious Chrome Extensions Enable Session Hijacking in Enterprise HR and ERP Systems
Five coordinated Chrome extensions enable session hijacking and block security controls across enterprise HR and ERP platforms.
By Kush Pandya - Jan 15, 2026