Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-domexception
Advanced tools
The node-domexception package provides a way to handle DOMException objects in Node.js environments, similar to how they are handled in web browsers. This package is useful for projects that need to simulate browser-like handling of exceptions, particularly in testing environments or server-side applications that interact with web APIs.
Creating DOMException objects
This feature allows developers to create instances of DOMException with a custom message and name, mimicking the behavior seen in web browsers. It is particularly useful for throwing and catching specific types of exceptions in Node.js applications.
const DOMException = require('node-domexception');
const exception = new DOMException('An error occurred', 'NotFoundError');
console.log(exception.name); // Outputs: NotFoundError
console.log(exception.message); // Outputs: An error occurred
Checking instance of DOMException
This feature enables developers to check if an object is an instance of DOMException. This is useful for error handling and control flow in applications that need to differentiate between exception types.
const DOMException = require('node-domexception');
const exception = new DOMException('Failed operation', 'SecurityError');
if (exception instanceof DOMException) {
console.log('Caught a DOMException');
}
The 'domexception' package is very similar to 'node-domexception' and provides a way to create DOMException objects in non-browser environments. It closely mimics the standard behavior of DOMExceptions in web browsers, making it a direct competitor to node-domexception.
An implementation of the DOMException class from NodeJS
NodeJS has DOMException built in (from v10.5), but it is not easily available... you can't require or import it from somewhere (unless you use node v17 - at which point it got added to global scope)
This package exposes the DOMException
class that comes from NodeJS itself. (including all of the legacy codes)
# makes use of atob | require NodeJS 16+
npm install node-domexception
# makes use of worker_thread | require NodeJS 10+
npm install node-domexception@1.x
v2.x now depend on global atob
to obtain DOMException
from a error.
which also binds it to NodeJS v16+ (at which point atob
become globally available).
This NodeJS dependency/export free solution is better for cross env platform solutions.
it no longer have any cjs or esm exports and it's attached to globalThis.DOMException only if needed.
v1.x used a older tech which depended on node:worker_threads
to obtain
DOMException
which works all the way down to NodeJS v10.5+
If you are not supporting older NodeJS versions (before v17) then you won't need this package at all. My personal recommendation is that you update to a newer NodeJS version. This pkg will likely be deprecated once v18 becomes LTS
import 'node-domexception'
// You could also do conditional import.
globalThis.DOMException || await import('node-domexception')
/********************************************************************/
import { MessageChannel } from 'worker_threads'
try {
const port = new MessageChannel().port1
const ab = new ArrayBuffer()
port.postMessage(ab, [ab, ab])
} catch (err) {
console.assert(err.name === 'DataCloneError')
console.assert(err.code === 25)
console.assert(err.constructor === DOMException)
}
const e1 = new DOMException('Something went wrong', 'BadThingsError')
console.assert(e1.name === 'BadThingsError')
console.assert(e1.code === 0)
const e2 = new DOMException('Another exciting error message', 'NoModificationAllowedError')
console.assert(e2.name === 'NoModificationAllowedError')
console.assert(e2.code === 7)
console.assert(DOMException.INUSE_ATTRIBUTE_ERR === 10)
The only possible way is to use some web-ish tools that have been introduced into NodeJS that throws a DOMException and catch the constructor. This is exactly what this package does for you and exposes it.
This way you will have the same class that NodeJS has and you can check if the error is a instance of DOMException.
The instanceof check would not have worked with a custom class such as the DOMException provided by domenic which also is much larger in size since it has to re-construct the whole class from the ground up.
The DOMException is used in many places such as the Fetch API, File & Blobs, PostMessaging and more.
Why they decided to call it DOM, I don't know
Please consider sponsoring if you find this helpful
FAQs
An implementation of the DOMException class from NodeJS
The npm package node-domexception receives a total of 4,715,600 weekly downloads. As such, node-domexception popularity was classified as popular.
We found that node-domexception demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.