Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
p-throttle
Advanced tools
The p-throttle npm package is used to throttle the execution of asynchronous functions. It allows you to limit the number of times a function can be called over a specified period, which is useful for rate-limiting API requests or controlling the flow of operations in a system.
Basic Throttling
This feature allows you to throttle the execution of a function. In this example, the function can only be called twice per second.
const pThrottle = require('p-throttle');
const throttle = pThrottle({ limit: 2, interval: 1000 });
const throttled = throttle(async (index) => {
console.log(index);
});
(async () => {
for (let i = 0; i < 10; i++) {
throttled(i);
}
})();
Throttling with Promises
This feature demonstrates throttling with asynchronous functions that return promises. The function is throttled to execute once every two seconds.
const pThrottle = require('p-throttle');
const throttle = pThrottle({ limit: 1, interval: 2000 });
const throttled = throttle(async (index) => {
return new Promise((resolve) => {
setTimeout(() => {
console.log(index);
resolve();
}, 1000);
});
});
(async () => {
for (let i = 0; i < 5; i++) {
await throttled(i);
}
})();
Bottleneck is a powerful rate limiter that can be used to control the rate of asynchronous operations. It offers more advanced features like clustering and priority queues, making it more suitable for complex scenarios compared to p-throttle.
Limiter is another rate-limiting library that provides a simple way to limit the number of operations over a given time period. It is similar to p-throttle but offers a more straightforward API for basic use cases.
Rate-limiter-flexible is a highly flexible rate-limiting library that supports various backends like Redis and MongoDB. It provides more configuration options and is suitable for distributed systems, offering more flexibility than p-throttle.
Throttle promise-returning & async functions
It also works with normal functions.
Useful for rate limiting calls to an external API, for example.
$ npm install --save p-throttle
Here, the trottled function is only called twice a second:
const pThrottle = require('p-throttle');
const now = Date.now();
const throttled = pThrottle(i => {
const secDiff = ((Date.now() - now) / 1000).toFixed();
return Promise.resolve(`${i}: ${secDiff}s`);
}, 2, 1000);
for (let i = 1; i <= 6; i++) {
throttled(i).then(console.log);
}
//=> 1: 0s
//=> 2: 0s
//=> 3: 1s
//=> 4: 1s
//=> 5: 2s
//=> 6: 2s
Returns a throttled version of fn
.
Type: Function
Promise-returning/async function or a normal function.
Type: number
Maximum number of calls within an interval
.
Type: number
Timespan for limit
.
Abort pending executions. All unresolved promises are rejected with a pThrottle.AbortError
error.
MIT © Sindre Sorhus
FAQs
Throttle promise-returning & async functions
We found that p-throttle demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.