
Security News
Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Most Ruby web API libraries use Net::HTTP (because it's ubiquitous), but I want to use them in my non-blocking EventMachine-based applications, and I don't want Net::HTTP to block. I therefore wrote this.
Using the magic of Ruby 1.9's Fibers, we monkeypatch Net::HTTP to use the faster, nonblocking em-http-request under the hood. Obviously this will only work from inside the EventMachine event loop, and from within a spawned fiber:
require 'em-net-http'
EM.run do
Fiber.new do
Net::HTTP.start('encrypted.google.com', :use_ssl=>true) do |http|
res = http.get('/search?q=james')
puts res.body
end
EM.stop_event_loop
end.resume
end
The above will run without blocking your carefully-tuned nonblocking webapp.
There are a few tests (taking advantage of the very useful Mimic gem) that assert that responses are identical to those created by Net::HTTP. These are by no means exhaustive; if you're using Net::HTTP in some other way and the em-net-http's behaviour is not what you expect, do send me a failing test case.
Currently tested with Ruby (MRI) 1.9.1 and 1.9.2.
The Net::HTTP API is a many-headed hydra -- I haven't patched much of it. Your mileage may therefore vary. Please feed me patches, pull requests and bug reports!
FAQs
Unknown package
We found that em-net-http demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.