Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The wrappy npm package is a simple utility module designed to wrap asynchronous functions. It ensures that the callback provided to the wrapped function is only called once, which can be useful in preventing issues where a callback might accidentally be called multiple times due to programming errors.
Callback wrapping
This code demonstrates how to use wrappy to wrap a callback function so that it can only be called once. The 'once' function wraps the provided function 'fn' using wrappy, ensuring that subsequent calls to 'wrapped' after the first one have no effect.
const wrappy = require('wrappy')
function once (fn) {
return wrappy(function () {
if (fn === null) return
var callFn = fn
fn = null
callFn.apply(this, arguments)
})
}
var wrapped = once(function (a) {
console.log('Called with', a)
})
wrapped('first call')
wrapped('second call') // This will not be called
The 'once' package is similar to wrappy in that it ensures a function can only be called once. It is more specialized than wrappy, as it is specifically designed for the purpose of creating functions that can only be called one time, whereas wrappy is a more general-purpose wrapper.
Provided by the popular Lodash utility library, 'lodash.once' is a function that ensures a given function can only be called once. Like 'once', it is more specialized compared to wrappy, and it comes with the additional overhead of the Lodash library if you are not already using it in your project.
Callback wrapping utility
var wrappy = require("wrappy")
// var wrapper = wrappy(wrapperFunction)
// make sure a cb is called only once
// See also: http://npm.im/once for this specific use case
var once = wrappy(function (cb) {
var called = false
return function () {
if (called) return
called = true
return cb.apply(this, arguments)
}
})
function printBoo () {
console.log('boo')
}
// has some rando property
printBoo.iAmBooPrinter = true
var onlyPrintOnce = once(printBoo)
onlyPrintOnce() // prints 'boo'
onlyPrintOnce() // does nothing
// random property is retained!
assert.equal(onlyPrintOnce.iAmBooPrinter, true)
FAQs
Callback wrapping utility
The npm package wrappy receives a total of 40,367,485 weekly downloads. As such, wrappy popularity was classified as popular.
We found that wrappy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.