Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Oraq (Ordered redis asynchronous queue) is a cross process, cross server, fast, reliable and lightweight redis-based async queue for Node.
Supports node.js >= 7.6.0.
npm install --save oraq
const Oraq = require('oraq');
const oraq = new Oraq({
id: 'myQueue',
concurrency: 1
});
const job = ms => new Promise(resolve => setTimeout(() => resolve(ms), ms));
// do a lot of heavy jobs with concurrency 1
Promise.all([
14000,
8000,
10000,
7000
].map(delay => oraq.limit(job, {jobData: delay})))
.then(jobResults => console.log(jobResults));
const oraq = new Oraq({
id, // id {string} (limiters with the same prefix and id share their queues, "queue" by default)
prefix, // custom redis key prefix {string} ("oraq" by default)
connection, // redis connection param {any} (anything that ioredis constructor supports)
ping, // processing job keep alive interval in ms {integer} (60000 by default)
timeout, // job will run after this time {integer} (in case of too long previous tasks processing, 2 * 60 * 60 * 1000 (2 hours) by default)
concurrency // jobs concurrency {integer} (1 by default)
});
const oraq = new Oraq();
oraq.limit(
job, // job {function}
jobOptions = { // job options {object}
jobId, // job id {string} (random string by default)
jobData, // data to pass as an argument to the job {any}
lifo // last-in-first-out {boolean} (false by default)
}
).then(jobResult => console.log(jobResult));
MIT © Yevhen Samoilenko
0.1.0
FAQs
Ordered redis asynchronous queue
The npm package oraq receives a total of 81 weekly downloads. As such, oraq popularity was classified as not popular.
We found that oraq demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.