Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
workbox-background-sync
Advanced tools
Queues failed requests and uses the Background Sync API to replay them when the network is available
The workbox-background-sync npm package is part of the Workbox suite of service worker libraries, designed to make offline caching, background sync, and other service worker features easier to implement. It provides a way to reliably sync data with a web server even when a user's device is offline. The package queues failed requests and retries them when the network is available again.
Queueing failed requests
This feature allows developers to queue failed POST requests when the network is unavailable. The requests are retried automatically when the network comes back online. The code sample shows how to register a route that captures failed POST requests to URLs ending with 'json' and uses the background sync plugin to manage the queue.
workbox.routing.registerRoute(
new RegExp('/api/.*\json'),
new workbox.strategies.NetworkOnly({
plugins: [
new workbox.backgroundSync.Plugin('myQueueName', {
maxRetentionTime: 24 * 60 // Retry for max of 24 Hours
})
]
}),
'POST'
);
Customizing the retry mechanism
This feature allows developers to customize the behavior of the background sync process. The code sample demonstrates how to add a callback function that is called when the sync event occurs. Developers can use this to add custom logic for handling the retry of queued requests.
const bgSyncPlugin = new workbox.backgroundSync.Plugin('myQueueName', {
maxRetentionTime: 24 * 60, // Retry for max of 24 Hours
onSync: async ({ queue }) => {
let entry;
while (entry = await queue.shiftRequest()) {
try {
await fetch(entry.request);
console.log('Replay successful for request', entry.request);
} catch (error) {
console.error('Replay failed for request', entry.request, error);
// Put the entry back in the queue and rethrow the error:
await queue.unshiftRequest(entry);
throw error;
}
}
console.log('Replay complete!');
}
});
The 'offline-plugin' is a webpack plugin designed to provide offline experience for webpack projects. It includes features like service worker generation and asset caching but does not focus specifically on background sync like workbox-background-sync. It is more of a general offline solution.
This module's documentation can be found at https://developers.google.com/web/tools/workbox/modules/workbox-background-sync
FAQs
Queues failed requests and uses the Background Sync API to replay them when the network is available
We found that workbox-background-sync demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.