Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Throttle the parallelism of an asynchronous (promise returning) function / functions
The 'throat' npm package is a utility for limiting the number of concurrent asynchronous operations. It is particularly useful when you need to control the rate of operations to avoid overwhelming resources or hitting rate limits.
Limit Concurrent Promises
This feature allows you to limit the number of concurrent promises. In this example, only 2 tasks will run concurrently.
const throat = require('throat')(2);
const tasks = [
() => new Promise(resolve => setTimeout(() => resolve('Task 1'), 1000)),
() => new Promise(resolve => setTimeout(() => resolve('Task 2'), 500)),
() => new Promise(resolve => setTimeout(() => resolve('Task 3'), 300)),
() => new Promise(resolve => setTimeout(() => resolve('Task 4'), 200))
];
Promise.all(tasks.map(throat(task => task()))).then(results => {
console.log(results); // ['Task 1', 'Task 2', 'Task 3', 'Task 4']
});
Limit Concurrent Function Calls
This feature allows you to limit the number of concurrent function calls. In this example, only 1 task will run at a time.
const throat = require('throat')(1);
const task = (name, delay) => () => new Promise(resolve => setTimeout(() => resolve(name), delay));
const tasks = [
task('Task 1', 1000),
task('Task 2', 500),
task('Task 3', 300),
task('Task 4', 200)
];
Promise.all(tasks.map(throat(task => task()))).then(results => {
console.log(results); // ['Task 1', 'Task 2', 'Task 3', 'Task 4']
});
The 'p-limit' package provides similar functionality by limiting the number of concurrent promises. It offers a more modern API and is often used in conjunction with other promise utilities from the 'p-*' family of packages.
The 'async' package is a comprehensive utility library for asynchronous operations. It includes a 'queue' function that can limit the number of concurrent tasks, among many other features. It is more feature-rich but also more complex than 'throat'.
The 'promise-limit' package is another alternative for limiting the number of concurrent promises. It is lightweight and straightforward, similar to 'throat', but with a slightly different API.
Throttle the parallelism of an asynchronous, promise returning, function / functions. This has special utility when you set the concurrency to 1
. That way you get a mutually exclusive lock.
Professionally supported throat is now available
npm install throat
This returns a function that acts a bit like a lock (exactly as a lock if concurrency is 1).
Example, only 2 of the following functions will execute at any one time:
const throat = require('throat')(2);
const resA = throat(async () => {
/* async stuff... */
});
const resB = throat(async () => {
/* async stuff... */
});
const resC = throat(async () => {
/* async stuff... */
});
const resD = throat(async () => {
/* async stuff... */
});
const resE = throat(async () => {
/* async stuff... */
});
This returns a function that is an exact copy of worker
except that it will only execute up to concurrency
times in parallel before further requests are queued:
const throat = require('throat');
const input = ['fileA.txt', 'fileB.txt', 'fileC.txt', 'fileD.txt'];
const data = Promise.all(
input.map(throat(2, (fileName) => readFile(fileName)))
);
Only 2 files will be read at a time, sometimes limiting parallelism in this way can improve scalability.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
MIT
FAQs
Throttle the parallelism of an asynchronous (promise returning) function / functions
The npm package throat receives a total of 8,676,629 weekly downloads. As such, throat popularity was classified as popular.
We found that throat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.