Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
pony-cause
Advanced tools
Helpers and ponyfill for Error Causes
findCauseByReference
- finding an error of a specific type within the cause chaingetErrorCause
- getting the direct cause of an error, if there is anymessageWithCauses
- gets the error message with the messages of its cause chain appended to itstackWithCauses
- gets a stack trace for the error + all its causesAll the above are backwards compatible with causes created by the VError
module which predated the Error Causes spec and is still used in parts of the ecosystem.
ErrorWithCause
- an exported Error
subclass that works like the Error Causes spec. By using this class you "ponyfill" the spec locally rather than eg. polyfilling it globally.pony-cause
is dual published as both CommonJS and ESM, use whichever you like and make use of the TypeScript compliant types no matter which.
ErrorWithCause
Ponyfill of the cause
-supporting Error
class
const { ErrorWithCause } = require('pony-cause');
try { /* Something that can break */ } catch (err) {
throw new ErrorWithCause('Failed doing what I intended', { cause: err });
}
findCauseByReference
Finding an error of a specific type within the cause chain. Is typescript friendly.
const { findCauseByReference } = require('pony-cause');
try { /* Something that can break */ } catch (err) {
/** @type {MySpecialError} */
const specialErr = findCauseByReference(err, MySpecialError);
if (specialErr && specialErr.specialProperty === 'specialValue') {
// Its okay, chill!
} else {
throw err;
}
}
Used to find a specific type of error in the chain of causes in an error.
Similar to VError.findCauseByName
but resolves causes in both Error Causes style, .cause
, and VError style, .cause()
+ takes a reference to the Error class that you are looking for rather than simply the name of it, as that enables the TypeScript types to properly type the returned error, typing it with the same type as the reference.
Can be useful if there's some extra data on it that can help determine whether it's an unexpected error or an error that can be handled.
If it's an error related to a HTTP request, then maybe the request can be retried? If its a database error that tells you about a duplicated row, then maybe you know how to work with that? Maybe forward that error to the user rather than show a 500
error?
Note: findCauseByReference
has protection against circular causes
getErrorCause
Getting the direct cause of an error, if there is any
const { getErrorCause } = require('pony-cause');
try { /* Something that can break */ } catch (err) {
// Returns the Error cause, VError cause or undefined
const cause = getErrorCause(err);
}
The output is similar to VError.cause()
but resolves causes in both Error Causes style, .cause
, and VError style, .cause()
.
Always return an Error
, a subclass of Error
or undefined
. If a cause in Error Causes style cause is not an Error
or a subclass of Error
, it will be ignored and undefined
will be returned.
messageWithCauses
Gets the error message with the messages of its cause chain appended to it.
const { messageWithCauses, ErrorWithCause } = require('pony-cause');
try {
try {
// First error...
throw new Error('First error');
} catch (err) {
// ...that's caught and wrapped in a second error
throw new ErrorWithCause('Second error', { cause: err });
}
} catch (err) {
// Logs the full message trail: "Second error: First error"
console.log(messageWithCauses(err));
}
The output is similar to the standard VError
behaviour of appending message
with the cause.message
, separating the two with a :
.
Since Error Causes doesn't do this, messageWithCauses
exist to mimic that behaviour.
It respects VError
messages, it won't append any error message of their causes, though it will walk past the VError
causes to see if there's a non-VError cause up the chain and then append that.
The reason to use this method is explained by VError
:
The idea is that each layer in the stack annotates the error with a description of what it was doing. The end result is a message that explains what happened at each level.
If an inner error has a message ENOENT, stat '/nonexistent'
, an outer error wraps it and adds Can't perform X
and maybe one more error wraps that and adds Can't start program
, then messageWithCauses
will join those three errors together when providing it with the outer most error and return Can't start program: Can't perform X: ENOENT, stat '/nonexistent'
which provides details about both cause and effect as well as the connection between the two – each which on their own would be a lot harder to understand the impact of.
Note: messageWithCauses
has protection against circular causes
stackWithCauses
Gets a stack trace for the error + all its causes.
const { stackWithCauses } = require('pony-cause');
try { /* Something that can break */ } catch (err) {
console.log('We had a mishap:', stackWithCauses(err));
}
The output is similar to VError.fullStack()
but resolves causes in both Error Causes style, .cause
, and VError style, .cause()
.
Note: stackWithCauses
has protection against circular causes
Output looks like:
Error: something really bad happened here
at Object.<anonymous> (/examples/fullStack.js:5:12)
at Module._compile (module.js:409:26)
at Object.Module._extensions..js (module.js:416:10)
at Module.load (module.js:343:32)
at Function.Module._load (module.js:300:12)
at Function.Module.runMain (module.js:441:10)
at startup (node.js:139:18)
at node.js:968:3
caused by: Error: something bad happened
at Object.<anonymous> (/examples/fullStack.js:3:12)
at Module._compile (module.js:409:26)
at Object.Module._extensions..js (module.js:416:10)
at Module.load (module.js:343:32)
at Function.Module._load (module.js:300:12)
at Function.Module.runMain (module.js:441:10)
at startup (node.js:139:18)
at node.js:968:3
Available as part of the Tidelift Subscription.
The maintainers of pony-cause
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
verror
– a module which has long enabled error causes in javascript. Superseded by the new Error Cause proposal. Differs in that.cause
represents a function that returns the cause, its not the cause itself.@netflix/nerror
– a Netflix fork of verror
error-cause
– strict polyfill for the Error Cause proposal. Provides no helpers or similar to achieve VError
-like functionality, which pony-cause
does.FAQs
Ponyfill and helpers for Error Causes
The npm package pony-cause receives a total of 1,040,720 weekly downloads. As such, pony-cause popularity was classified as popular.
We found that pony-cause demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.