![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
synckit
Advanced tools
Package description
The synckit npm package allows for executing asynchronous tasks synchronously using worker threads or child processes. It is designed to offload heavy computation or I/O-bound tasks without blocking the main thread, thus enabling a synchronous-like coding style while maintaining non-blocking behavior.
Running asynchronous tasks synchronously
This feature allows you to run an asynchronous task inside a worker thread and wait for the result synchronously. The 'worker.js' file should export an async function that will be executed with the provided arguments.
const { runAsWorkerThread } = require('synckit');
const result = runAsWorkerThread('./worker.js', ...args);
Creating a synchronous API from asynchronous functions
With this feature, you can create a synchronous version of an asynchronous function. The 'async-fn.js' file should export an async function that will be executed with the provided arguments, and the result will be returned synchronously.
const { createSyncFn } = require('synckit');
const syncFn = createSyncFn('./async-fn.js');
const result = syncFn(...args);
Deasync turns asynchronous functions into synchronous by blocking the event loop. It is similar to synckit in providing a way to write synchronous-style code, but it does so by pausing the event loop, which can lead to performance issues and is not recommended for production use.
The 'threads' package is used to manage and work with Web Workers and worker threads in Node.js. It offers similar functionality to synckit by allowing asynchronous tasks to be offloaded to separate threads, but it provides a more comprehensive API for managing those threads.
Workerpool is a package for managing a pool of workers and running tasks in parallel. It is similar to synckit in that it uses worker threads to execute tasks asynchronously, but it focuses on managing a pool of workers and distributing tasks among them for parallel processing.
Changelog
Readme
Perform async work synchronously in Node.js using worker_threads
with first-class TypeScript support.
# yarn
yarn add synckit
# npm
npm i synckit
// runner.js
import { createSyncFn } from 'synckit'
// the worker path must be absolute
const syncFn = createSyncFn(require.resolve('./worker'), {
tsRunner: 'tsx', // optional, can be `'ts-node' | 'esbuild-register' | 'esbuild-runner' | 'tsx'`
})
// do whatever you want, you will get the result synchronously!
const result = syncFn(...args)
// worker.js
import { runAsWorker } from 'synckit'
runAsWorker(async (...args) => {
// do expensive work
return result
})
You must make sure, the result
is serializable by Structured Clone Algorithm
export interface GlobalShim {
moduleName: string
/**
* `undefined` means side effect only
*/
globalName?: string
/**
* 1. `undefined` or empty string means `default`, for example:
* ```js
* import globalName from 'module-name'
* ```
*
* 2. `null` means namespaced, for example:
* ```js
* import * as globalName from 'module-name'
* ```
*
*/
named?: string | null
/**
* If not `false`, the shim will only be applied when the original `globalName` unavailable,
* for example you may only want polyfill `globalThis.fetch` when it's unavailable natively:
* ```js
* import fetch from 'node-fetch'
*
* if (!globalThis.fetch) {
* globalThis.fetch = fetch
* }
* ```
*/
conditional?: boolean
}
bufferSize
same as env SYNCKIT_BUFFER_SIZE
timeout
same as env SYNCKIT_TIMEOUT
execArgv
same as env SYNCKIT_EXEC_ARGV
tsRunner
same as env SYNCKIT_TS_RUNNER
transferList
: Please refer Node.js worker_threads
documentationglobalShims
: Similar like env SYNCKIT_GLOBAL_SHIMS
but much more flexible which can be a GlobalShim
Array
, see GlobalShim
's definition for more detailsSYNCKIT_BUFFER_SIZE
: bufferSize
to create SharedArrayBuffer
for worker_threads
(default as 1024
)SYNCKIT_TIMEOUT
: timeout
for performing the async job (no default)SYNCKIT_EXEC_ARGV
: List of node CLI options passed to the worker, split with comma ,
. (default as []
), see also node
docsSYNCKIT_TS_RUNNER
: Which TypeScript runner to be used, it could be very useful for development, could be 'ts-node' | 'esbuild-register' | 'esbuild-runner' | 'swc' | 'tsx'
, 'ts-node'
is used by default, make sure you have installed them alreadySYNCKIT_GLOBAL_SHIMS
: Whether to enable the default DEFAULT_GLOBAL_SHIMS_PRESET
as globalShims
ts-node
If you want to use ts-node
for worker file (a .ts
file), it is supported out of box!
If you want to use a custom tsconfig as project instead of default tsconfig.json
, use TS_NODE_PROJECT
env. Please view ts-node for more details.
If you want to integrate with tsconfig-paths, please view ts-node for more details.
esbuild-register
Please view esbuild-register
for its document
esbuild-runner
Please view esbuild-runner
for its document
swc
Please view @swc-node/register
for its document
tsx
Please view tsx
for its document
It is about 20x faster than sync-threads
but 3x slower than native for reading the file content itself 1000 times during runtime, and 18x faster than sync-threads
but 4x slower than native for total time.
And it's almost same as deasync
but requires no native bindings or node-gyp
.
See benchmark.cjs and benchmark.esm for more details.
You can try it with running yarn benchmark
by yourself. Here is the benchmark source code.
1stG | RxTS | UnTS |
---|---|---|
1stG | RxTS | UnTS |
---|---|---|
Detailed changes for each release are documented in CHANGELOG.md.
FAQs
Unknown package
The npm package synckit receives a total of 6,856,515 weekly downloads. As such, synckit popularity was classified as popular.
We found that synckit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.