
Security News
minimatch Patches 3 High-Severity ReDoS Vulnerabilities
minimatch patched three high-severity ReDoS vulnerabilities that can stall the Node.js event loop, and Socket has released free certified patches.
Install this package using NPM:
npm install operate
For a primer on zones, review the Dart introduction.
const operate = require('operate');
const fs = require('fs');
var fileContent = null;
// An application that does multiple unknown asynchronous operations
function application() {
function readFile () {
// Read file asynchronously
fs.readFile('data.txt', function callback (data) {
fileContent = data;
});
}
// Wait for 1 second and then start a request
setTimeout(readFile, 1000);
}
operate(application).then(
function () {
console.log('This file content has been read: ' + fileContent);
}
).catch(
function (error) {
console.log('Either setTimeout or fs.readFile threw an uncatched error');
}
);
const vm = require('vm');
var sandbox = {
setTimeout,
setInterval,
setImmediate,
print: console.log
};
// Use operate in connection with vm to run a program in an isolated context
operate(
function () {
vm.runInNewContext(applicationCode, sandbox);
}
).then(
function () { console.log('Terminated successfully'); }
).catch(
function (error) { console.log('An error occurred'); }
);
var zone = operate(application);
// Cancel all pending events after 1 minute
setTimeout(function () {
zone.cancel();
}, 60000);
// If node is stalling due to pending tasks in the operating zone,
// zone.cancel() will unstall it.
Promise.all(
operate(app1),
operate(app2),
operate(app3)
).then(
function() { console.log('All tasks have concluded successfully'); }
).catch(
function() { console.log('An error occurred'); }
);
MIT © 2016 (see full text)
FAQs
Zones for JavaScript with Promise support
We found that operate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
minimatch patched three high-severity ReDoS vulnerabilities that can stall the Node.js event loop, and Socket has released free certified patches.

Research
/Security News
Socket uncovered 26 malicious npm packages tied to North Korea's Contagious Interview campaign, retrieving a live 9-module infostealer and RAT from the adversary's C2.

Research
An impersonated golang.org/x/crypto clone exfiltrates passwords, executes a remote shell stager, and delivers a Rekoobe backdoor on Linux.