Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
questmap
questmap is a simple helper library for writing webquest exercises.
Installation
npm install questmap
Usage
First, initialize an exercise and export it at the end:
const qm = require('questmap')
const exercise = qm()
module.exports = exercise
Then, you can add processors and such:
const qm = require('questmap')
const exercise = qm()
exercise.addVerifySetup(async function () {
// setup here
})
exercise.addProcessor(async function () {
// processing here
})
exercise.addRunCleanup(async function () {
// cleanup here
})
module.exports = exercise
Exercise flow
There's three different stages which we can modify: setup, processor and cleanup. Although it's not required, it's recommended to use them in this way:
setupfor setting up variables, objects and other thingsprocessorto actually check and run exercisescleanupto close connections, clean up variables and such
There's also three different versions of each, one that only runs when the exercise is in Verify mode, one for if it's in Run mode, or one that runs on both:
exercise.addProcessor()
exercise.addRunProcessor()
exercise.addVerifyProcessor()
NOTE: The function arguments to these functions HAVE to be async function (), NOT arrow functions.
Interacting with the exercise
The most important part of exercise verification and running is this. this keeps functions that let us interact with what the user sees, but also contains important contextual variables. Here's a list of what it contains:
this.log(MESSAGE)
Outputs an info message to the user.
this.error(MESSAGE)
Fails the exercise with MESSAGE.
this.end()
Ends the exercise run. If this.error() hasn't been called previously, passes the exercise. This doesn't need to be run, only if you want to end the exercise run early.
this.mode
Contains the mode, e.g. run or verify.
this.bus
Contains the nanobus instance used to talk to the user. It's not recommended to use this directly.
this.file
The path to the solution file passed in by the user.
this.context
The this object used by webquest itself.
Maintainers
This project is a community-owned and maintained project, meaning everyone takes part in caring for its wellbeing. Its current contributors are:
- @pup (Olivia Hugger)
License
AGPL-3.0+ (see LICENSE)
Keywords
FAQs
exercise helper for webquest
We found that questmap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 11 Jan 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026