Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
lodash.once
Advanced tools
Package description
The lodash.once package is a utility that allows you to create a function that can only be called once. After the first call, subsequent calls to the function will return the result of the first call without executing the function again. This is useful for initializing resources or other actions that should only happen once.
Creating a function that can only be called once
This feature allows you to create a function that will only execute its body once and will return the result of the first execution on subsequent calls.
const once = require('lodash.once');
const initialize = once(() => {
console.log('Initialization complete.');
return 'Initialized';
});
console.log(initialize()); // Output: Initialization complete.
console.log(initialize()); // Output: Initialized (without logging 'Initialization complete.' again)
The 'once' package provides a similar functionality to lodash.once, allowing you to ensure a function can only be executed once. It is a standalone package that is not part of the lodash library, which might be preferable for those looking to avoid additional dependencies.
While 'memoizee' is primarily a memoization library, it can be used to achieve a similar effect to lodash.once by memoizing a function with no arguments. The difference is that memoizee offers more advanced features like cache expiration and primitive handling.
Readme
The lodash method _.once
exported as a Node.js module.
Using npm:
$ {sudo -H} npm i -g npm
$ npm i --save lodash.once
In Node.js:
var once = require('lodash.once');
See the documentation or package source for more details.
FAQs
Unknown package
The npm package lodash.once receives a total of 9,078,975 weekly downloads. As such, lodash.once popularity was classified as popular.
We found that lodash.once demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.