Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
typed-duration
Advanced tools
A Zero-dependency typed duration library for JavaScript/TypeScript. Express and convert time durations with type-safety.
This library uses Value Object Typing to allow you to express time durations in a type-safe way, and perform conversion between different units.
Note: requires TypeScript 3.8 or later
Version 1.x works on Node 10+ Version 2.x requires Node 16+
Install the library to your project:
npm i typed-duration
Consider the following code:
setTimeout(doSomething, 1000)
It's pretty clear that these are milliseconds, because you know the API. Typically, developers might do something like:
setTimeout(doSomething, 5 * 60 * 1000) // In Five Minutes
With this library, you can do this:
import { Duration } from 'typed-duration'
const { milliseconds, minutes } = Duration
const period = minutes.of(5)
setTimeout(doSomething, milliseconds.from(period)) // Every Five Minutes
Well, that looks like more code. Yes, it is. It is also more semantically expressive of the programmer's intent, which makes it better for maintenance.
The situation is exacerbated when you expose a programming API that takes a time duration as a number
. We all know that setTimeout
takes milliseconds, but how do you communicate to consumers of your API what the time units are for timeout
in your API call?
You should, of course, document it, and put it in JSDoc comments so that they can get hinting in their IDE.
You could call it timeoutSeconds
to make it clear that it expects seconds.
Or you could make it take a TimeDuration
and allow them to pass in whatever they want, and convert it to the units you need, like this:
import { Duration, TimeDuration } from 'typed-duration'
function executeLater(fn: () => void, delay: TimeDuration) {
setTimeout(fn, Duration.milliseconds.from(delay))
}
Now, consumers of this function can call it like this:
import { Duration } from 'typed-duration'
const { milliseconds, seconds, minutes, hours, days } = Duration
// After 2.5 seconds
executeLater(doSomething, milliseconds.of(2500))
// After 10 seconds
executeLater(doSomething, seconds.of(10))
// After 15 minutes
executeLater(doSomething, minutes.of(15))
// After 3 hours
executeLater(doSomething, hours.of(3))
// After 6 days
executeLater(doSomething, days.of(6))
#winning
If you have an existing API you want to add this to, you can use the MaybeTimeDuration
type, like this:
import { Duration, MaybeTimeDuration } from 'typed-duration'
function executeLater(fn: () => void, period: MaybeTimeDuration) {
setTimeout(fn, Duration.milliseconds.from(period))
}
// You can pass in a typed duration, and it will convert to a number of milliseconds
executeLater(doSomething, Duration.seconds.from(20))
// a number will be allowed by the MaybeTimeDuration type
// and the milliseconds.from() call will simply pass it through
executeLater(doSomething, 2500)
You can log times for user information in the format that the user specified them, including units, with Duration.value.of
. You can supply an optional default unit to be used for untyped numbers (if you don't, it will just print the number).
For example:
import { Duration, MaybeTimeDuration } from 'typed-duration'
function executeLater(fn: () => void, delay: MaybeTimeDuration) {
console.log(`Executing in ${Duration.value.of(delay, "ms")}...`)
setTimeout(fn, Duration.milliseconds.from(delay))
}
executeLater(doSomething, Duration.seconds.from(20))
// Executing in 20s...
executeLater(doSomething, Duration.milliseconds.from(350))
// Executing in 350ms...
executeLater(doSomething, Duration.hours.from(3))
// Executing in 3h...
executeLater(doSomething, 2500)
// Executing in 2500ms...
See the GitHub repo.
FAQs
Zero-dependency typed duration library for JavaScript
We found that typed-duration demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.