
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
queue-promise
Advanced tools
A simple, dependency-free library for concurrent promise-based queues. Comes with with concurrency and timeout control.
queue-promise
is a small, dependency-free library for promise-based queues. It will resolve enqueued functions concurrently at a given speed. When a task is being resolved or rejected, an event will be emitted.
$ npm install queue-promise
import Queue from "queue-promise";
const queue = new Queue({
// How many tasks should be resolved at a time (defaults to `5`):
concurrent: 1,
// How often should new tasks be resolved (in ms – defaults to `500`):
interval: 2000,
// If should resolve new tasks automatically when they are added (defaults to `true`):
start: true
});
queue.on("resolve", data => console.log(data));
queue.on("reject", error => console.error(error));
queue.enqueue(asyncTaskA); // resolved/rejected after 0s
queue.enqueue(asyncTaskB); // resolved/rejected after 2s
queue.enqueue(asyncTaskC); // resolved/rejected after 4s
queue.enqueue(asyncTaskD); // resolved/rejected after 6s
new Queue(options)
Create a new Queue
instance.
Option | Default | Description |
---|---|---|
concurrent | 5 | How many tasks can be handled at the same time |
interval | 500 | How often should new tasks be handled (in ms) |
start | true | Whether we should automatically resolve new tasks as soon as they are added |
.enqueue(tasks)
/.add(tasks)
Puts a new task on the stack. A task should be an async function (ES2017) or return a Promise. Throws an error if the provided task
is not a valid function.
Example:
async function getRepos(user) {
return await github.getRepos(user);
}
queue.enqueue(getRepos("userA"));
queue.enqueue(getRepos("userB"));
// …equivalent to:
queue.enqueue([getRepos("userA"), getRepos("userB")]);
.dequeue()
Manually resolves n concurrent (based od options.concurrent
) promises from the queue. Uses global Promises. Is called automatically if options.start
is set to true
. Emits resolve
and reject
events.
Example:
queue.enqueue(getRepos("userA"));
queue.enqueue(getRepos("userB"));
// If "concurrent" is set to 1, only one promise is resolved on dequeue:
const userA = await queue.dequeue();
const userB = await queue.dequeue();
// If "concurrent" is set to 2, two promises are resolved concurrently:
const [userA, userB] = await queue.dequeue();
.on(event, callback)
Sets a callback
for an event
. You can set callback for those events: start
, stop
, resolve
, reject
, end
.
Example:
queue.enqueue([…]);
queue.on("resolve", data => …);
queue.on("reject", error => …);
queue.on("end", () => …);
.start()
Starts the queue – it will automatically dequeue tasks periodically. Emits start
event.
queue.enqueue(getRepos("userA"));
queue.enqueue(getRepos("userB"));
queue.enqueue(getRepos("userC"));
queue.enqueue(getRepos("userD"));
queue.start();
// No need to call `dequeue` – you can just listen for events:
queue.on("resolve", data => …);
queue.on("reject", error => …);
.stop()
Forces the queue to stop. New tasks will not be resolved automatically even if options.start
was set to true
. Emits stop
event.
.clear()
Removes all tasks from the queue.
.started
Whether the queue has been started or not.
.stopped
Whether the queue has been forced to stop.
.isEmpty
Whether the queue is empty, i.e. there's no tasks.
$ npm test
FAQs
A simple, dependency-free library for concurrent promise-based queues. Comes with with concurrency and timeout control.
We found that queue-promise demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.