Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
switchback
Advanced tools
Normalize a callback to a "switchback" and vice versa.
========================================
Jump to... | |
---|---|
I | Usage for Users |
II | Usage for Implementors |
III | Usage w/ Other Flow Control Libraries |
IV | Details |
V | License |
========================================
// So you heard about this new function called `mowLawn`
// which accepts a switchback. We know it has a `success`
// handler, and a catch-all `error` handler, but turns out
// it also has two others: `gasolineExplosion` and `sliceOffFinger`.
// Let's try it!
// Pass in a switchback:
mowLawn('quickly', 'zigzags', {
// We can omit the `error` handler because the documentation for `mowLawn` says that it's optional.
// This varies function-to-function.
// (i.e. its only purpose is to act as a catch-all if the two explicit handlers are not specified)
gasolineExplosion: function () {
// Safety goggles next time.
},
sliceOffFinger: function (numFingersLost) {
// Oh my.
},
success: function (dollarsEarned) {
// Lawn was mowed, everything worked.
}
});
// Or we can pass in a callback function instead:
mowLawn('quickly', 'zigzags', function (err, dollarsEarned) {
if (err) {
// Handle the error, count fingers to figure out what happened, etc.
// Also don't forget to return early or use `else` or something.
return;
}
// Lawn was mowed, everything worked.
});
// Both are cool.
// Finally, it's worth noting that the return value is an EventEmitter:
mowLawn('quickly', 'zigzags')
.on('gasolineExplosion', function (err) {
// Safety goggles next time.
})
.on('sliceOffFinger', function (numFingersLost) {
// Oh my.
})
.on('success', function (dollarsEarned) {
// Lawn was mowed, everything worked.
})
Adding an optional switchback interface to a function is pretty simple. Just install:
$ npm install switchback --save
Require:
var switchback = require('switchback');
And then call switchback()
on the callback at the top of your function, overriding the original value:
cb = switchback(cb);
To enable complete, chainable usage, you should also return the switchback from your function:
return cb;
For example:
var switchback = require('switchback');
function myFunction (stuff, cb) {
cb = switchback(cb);
// that's it!
// All the standard callback things work the same
if (err) return cb(err);
// But now you can call custom handlers too:
if (cb.someHandler) {
}
// Mix it up!
// Table the label!
// Wear your own name!
cb(null, 'whatever', 'you', 'want');
// Make it chainable
return cb;
}
========================================
Switchback is a JavaScript flow control library. It works alongside async, promises, generators, and conventional Node callbacks to provide support for error negotiation via casefunctions. It also makes your callbacks EventEmitters. You might be familiar with a similar concept from jQuery.ajax
(i.e. $.ajax({ success: foo, error: bar });
). It may be helpful to think about this module as the equivalent of something like async.if()
or async.switch()
.
function freeHouseholdPets (cb) {
// At the very top, upgrade the callback to a switchback.
// You can also do `var sb = switchback(cb)` to make the distinction explicit.
cb = switchback(cb);
// Do your stuff
// ...
// If cb was a switchback:
/////////////////////////////////////////////////
// Things that trigger the `success` handler:
return cb();
return cb(null);
return cb.success('the results!!!!');
return cb.success();
// Things that trigger the `error` handler:
return cb('bahh!');
return cb.error('bahh!');
return cb.error();
// If cb was a callback function:
/////////////////////////////////////////////////
// OK but what about usage with normal node callbacks?
//
// If a user of `freeHouseholdPets()` passes in an old-school callback,
// e.g. function (err, results) {console.log(err,results);}, here's what
// will get printed to the console in each case:
cb() // ---> null undefined
cb(null, 'the results!!!!') // ---> null the results!!!!
cb.success() // ---> null undefined
cb.success('the results!!!!'); // ---> null the results!!!!
cb('bahh!') // ---> bahh! undefined
cb('bahh!', 'foo') // ---> bahh! foo
cb.error() // ---> [Error] undefined
cb.error('bahh!') // ---> bahh! undefined
}
// Now everybody can use a good ole-fashioned callback function:
freeHouseholdPets(function (err, results) {
if (err) {
// Something came up, the pets were not freed.
//
// Handle the error, but don't forget to return early
// or use `else` or something..
return;
}
// Pets were freed, we can go about our business
});
// or a switchback:
freeHouseholdPets({
error: function (err) {
// Something came up, the pets were not freed.
// Handle the error.
},
success: function (results) {
// Pets were freed, we can go about our business
}
});
========================================
For the examples below, imagine juiceFruit(fruitName, sb)
is a switchback-enabled function (i.e. you can pass in exits or a callback for the sb
argument).
async
var fruits = ['apples', 'oranges', 'miracle fruit'];
async.each(stuff, function (fruit, next){
// do stuff w/ fruit here... (juice it, eat it, whatever you want)
juiceFruit(fruit, next);
}, function afterwards(err){
if (err) {
console.error('Oh no I made a mess:',err);
return;
}
console.log('mm mmm fruit');
});
q
promises// TODO
// TODO
========================================
MIT © 2014 Mike McNeil, Balderdash & contributors
This module is free and open-source under the MIT License.
FAQs
Normalize callback fns to switchbacks and vice versa
The npm package switchback receives a total of 54,476 weekly downloads. As such, switchback popularity was classified as popular.
We found that switchback demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.