Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
throttled-queue
Advanced tools
Throttles arbitrary code to execute a maximum number of times per interval. Best for making throttled API requests.
Throttles arbitrary code to execute a maximum number of times per interval. Best for making throttled API requests.
For example, making network calls to popular APIs such as Twitter is subject to rate limits. By wrapping all of your API calls in a throttle, it will automatically adjust your requests to be within the acceptable rate limits.
Unlike the throttle
functions of popular libraries like lodash and underscore, throttled-queue
will not prevent any executions. Instead, every execution is placed into a queue, which will be drained at the desired rate limit.
npm install throttled-queue
It can be used in a Node.js environment, or directly in the browser.
require
or import
the factory function:const throttledQueue = require('throttled-queue');
import throttledQueue from 'throttled-queue';
const throttle = throttledQueue(5, 1000); // at most 5 requests per second.
throttle
instance as a function to enqueue actions:throttle(() => {
// perform some type of activity in here.
});
The throttle
function will also return a promise with the result of your operation:
const result = await throttle(() => {
return Promise.resolve('hello!');
});
// result now equals "hello"
Rapidly assigning network calls to be run, but they will be limited to 1 request per second.
const throttledQueue = require('throttled-queue');
const throttle = throttledQueue(1, 1000); // at most make 1 request every second.
for (let x = 0; x < 100; x++) {
throttle(() => {
// make a network request.
return fetch('https://api.github.com/search/users?q=shaunpersad');
});
}
Wherever the throttle
instance is used, your action will be placed into the same queue,
and be subject to the same rate limits.
const throttledQueue = require('throttled-queue');
const throttle = throttledQueue(1, 60 * 1000); // at most make 1 request every minute.
for (let x = 0; x < 50; x++) {
throttle(() => {
// make a network request.
return fetch('https://api.github.com/search/users?q=shaunpersad');
});
}
for (let y = 0; y < 50; y++) {
throttle(() => {
// make another type of network request.
return fetch('https://api.github.com/search/repositories?q=throttled-queue+user:shaunpersad');
});
}
By specifying a number higher than 1 as the first parameter, you can dequeue multiple actions within the given interval:
const throttledQueue = require('throttled-queue');
const throttle = throttledQueue(10, 1000); // at most make 10 requests every second.
for (let x = 0; x < 100; x++) {
throttle(() => {
// This will fire at most 10 a second, as rapidly as possible.
return fetch('https://api.github.com/search/users?q=shaunpersad');
});
}
You can space out your actions by specifying true
as the third (optional) parameter:
const throttledQueue = require('throttled-queue');
const throttle = throttledQueue(10, 1000, true); // at most make 10 requests every second, but evenly spaced.
for (var x = 0; x < 100; x++) {
throttle(() => {
// This will fire at most 10 requests a second, spacing them out instead of in a burst.
return fetch('https://api.github.com/search/users?q=shaunpersad');
});
}
Starting in version 2.0.0
, you can wait for the results of your operation:
const throttledQueue = require('throttled-queue');
const throttle = throttledQueue(10, 1000, true); // at most make 10 requests every second, but evenly spaced.
const usernames = ['shaunpersad', 'forward-motion'];
const profiles = await Promise.all(
usernames.map((username) => throttle(() => {
return fetch(`https://api.github.com/search/users?q=${username}`);
}))
);
const justMe = await throttle(() => fetch('https://api.github.com/search/users?q=shaunpersad'));
The package is written in Typescript and includes types by default. The throttle
function is a generic,
and in most cases will automatically infer the right type for the result of the promise from the input.
However, you may also specify the return type of the promise when needed:
import throttledQueue from 'throttled-queue';
const throttle = throttledQueue<number>(1, 1000);
const result1 = await throttle<string>(() => '1');
const result2 = await throttle<boolean>(() => Promise.resolve(true));
FAQs
Throttles arbitrary code to execute a maximum number of times per interval. Best for making throttled API requests.
The npm package throttled-queue receives a total of 22,853 weekly downloads. As such, throttled-queue popularity was classified as popular.
We found that throttled-queue demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.