Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
Sorry we don't scan binary artifacts yet
- Maintainers
- 1
queuepool - A multithread-safe resource pool based on synchronized queue
The main problem with psycopg2.pool (https://github.com/psycopg/psycopg2/blob/master/lib/pool.py), for example, is that the pool raises an exception (instead of blocking) when there are no more connections in the pool, and you either have to match the number of connections to the number of workers, or implement retry logic. Also, it doesn't implement connection recycling (on timeout or usage count), and therefore, doesn't fully address issue with stale connections and suited less (scales worse) for large production installations.
This implementation is based on synchronized queue (https://docs.python.org/3/library/queue.html), and thus multithred safe. This is a streamlined port from Java version that was implemented about ten years ago and that has since then been running in heavy production evironment of one of our financial clients.
This implementation features:
- A pool of generic resources that can be extended for specific resources like psycopg2 connections. Psycopg2 connection pool implementation is provided.
- On-demand lazy resource opening.
- Idle and open timeout recycling. Requires user code to execute
pool.recycle()method periodically (or start recycler thread bypool.startRecycler()), for example, once a minute. If this method isn’t executed periodically, then the recycling is performed only when the resource are either taken or returned back to the pool, and therefore, the pool can accumulate a number of idle connections that exceed the idle or open timeouts. - Usage count recycling.
- Recycling on exception.
- Recycling on a resource status.
- Context manager allows to use the pool with "with" context manager so that the resources could be returned safely to the pool.
- LIFO queue helps the pool keep number of open resources to the minimum.
This pool can be utilized successfully in large production installations as it tries to keep the number of open resources to the minimum, yet providing sufficient number of “hot” (open) resources to avoid open/close cost.
License
OSI Approved 3 clause BSD License
Prerequisites
- Python 3.7+ (with queue)
- For psycopg2 connections: psycopg2 2.8.2+
Installation
If prerequisites are met, you can install queuepool like any other Python package, using pip to download it from PyPI:
$ pip install queuepool
or using setup.py if you have downloaded the source package locally:
$ python setup.py build
$ sudo python setup.py install
FAQs
A multithread-safe resource pool based on synchronized queue
We found that queuepool demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024