Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The seq-queue npm package provides a mechanism to manage and execute tasks sequentially. It ensures that tasks are processed one at a time in the order they were added, which is useful for scenarios where tasks need to be executed in a specific sequence to avoid race conditions or ensure data consistency.
Creating a Queue
This feature allows you to create a new sequential queue instance. The queue will manage tasks and ensure they are executed one at a time in the order they were added.
const seqqueue = require('seq-queue');
const queue = seqqueue.createQueue();
Adding Tasks to the Queue
This feature allows you to add tasks to the queue. Each task is a function that receives a task object, which must call the `done` method when the task is complete. This ensures the next task in the queue can be executed.
queue.push(function(task) {
console.log('Task 1 executed');
task.done();
});
queue.push(function(task) {
console.log('Task 2 executed');
task.done();
});
Handling Task Timeouts
This feature allows you to specify a timeout for each task. If the task does not call `done` within the specified timeout, it will be considered failed, and the next task in the queue will be executed.
queue.push(function(task) {
setTimeout(function() {
console.log('Task 3 executed');
task.done();
}, 1000);
}, 500);
The async package provides various utilities for working with asynchronous JavaScript, including sequential task execution through functions like `series` and `waterfall`. Unlike seq-queue, async offers a broader range of asynchronous control flow patterns.
The queue package is a simple and efficient queue implementation for managing asynchronous tasks. It allows for both sequential and concurrent task execution, providing more flexibility compared to seq-queue, which focuses solely on sequential execution.
The p-queue package is a promise-based queue for managing asynchronous tasks. It supports both sequential and concurrent task execution with advanced features like priority and concurrency control. This makes it more versatile compared to seq-queue.
Seq-queue is simple tool to keep requests to be executed in order.
As we known, Node.js codes run in asynchronous mode and the callbacks are unordered. But sometimes we may need the requests to be processed in order. For example, in a game, a player would do some operations such as turn right and go ahead. And in the server side, we would like to process these requests one by one, not do them all at the same time.
Seq-queue takes the responsibility to make the asynchronous, unordered processing flow into serial and ordered. It's simple but not a repeated wheel.
Seq-queue is a FIFO task queue and we can push tasks as we wish, anytime(before the queue closed), anywhere(if we hold the queue instance). A task is known as a function and we can do anything in the function and just need to call task.done()
to tell the queue current task has finished. It promises that a task in queue would not be executed util all tasks before it finished.
Seq-queue add timeout for each task execution. If a task throws an uncaught exception in its call back or a developer forgets to call task.done()
callback, queue would be blocked and would not execute the left tasks. To avoid these situations, seq-queue set a timeout for each task. If a task timeout, queue would drop the task and notify develop by a 'timeout' event and then invoke the next task. Any task.done()
invoked in a timeout task would be ignored.
##Installation
npm install seq-queue
##Usage
var seqqueue = require('seq-queue');
var queue = seqqueue.createQueue(1000);
queue.push(
function(task) {
setTimeout(function() {
console.log('hello ');
task.done();
}, 500);
},
function() {
console.log('task timeout');
},
1000
);
queue.push(
function(task) {
setTimeout(function() {
console.log('world~');
task.done();
}, 500);
}
);
##API
###seqqueue.createQueue(timeout)
Create a new queue instance. A global timeout value in ms for the new instance can be set by timeout
parameter or use the default timeout (3s) by no parameter.
###queue.push(fn, ontimeout, timeout) Add a task into the queue instance. ####Arguments
fn
takes a arguemnt task and we must call task.done() to tell queue current task has finished.fn
. If specified, it would overwrite the global timeout that set by createQueue
for fn
.###queue.close(force)
Close the queue. A closed queue would stop receiving new task immediately. And the left tasks would be treated in different ways decided by force
.
####Arguments
##Event
Seq-queue instances extend the EventEmitter and would emit events in their life cycles.
###'timeout'(totask)
If current task not invoke task.done() within the timeout ms, a timeout event would be emit. totask.fn and totask.timeout is the fn
and timeout
arguments that passed by queue.push(2)
.
###'error'(err, task)
If the task function (not callbacks) throws an uncaught error, queue would emit an error event and passes the err and task informations by event callback arguments.
###'closed'
Emit when the close(false) is invoked.
###'drained'
Emit when close(true) is invoked or all tasks left have finished in closed status.
FAQs
A simple tool to keep requests to be executed in order.
The npm package seq-queue receives a total of 2,386,225 weekly downloads. As such, seq-queue popularity was classified as popular.
We found that seq-queue demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.