npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

open-loop-killer

v1.2.0

Published

Inject timeout protection into JavaScript loops to prevent infinite loops. Supports while, for, do-while, for-in, and for-of loops with customizable timeout and error messages.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dantemessydantemessy

Keywords

infinite-looploop-protectiontimeoutcode-safetysandboxsecurityastcode-injectionuntrusted-codeloop-killerfor-infor-ofwhile-loopfor-loop

Readme

Open Loop Killer

Protect your JavaScript code from infinite loops

NPM Version NPM Downloads

Inject timeout protection into all loop types • Customizable • Production-ready

Install

npm i open-loop-killer

Usage

  • Runs Untrusted code securely with no open loops issue.
  • Add one more layer of safety for your code.
  • Protects while, for, do-while, for...in, and for...of loops from running indefinitely.

How does it work

  1. Parses the code to make sure it's valid JavaScript.
  2. Converts it to AST (Abstract Syntax Tree).
  3. Detects all loops and injects protection code.
  4. Converts AST back to executable JavaScript string.

API

injector(code, options)

Injects loop protection code into JavaScript source code.

Parameters

  • code (string, required) - The JavaScript code to protect
  • options (object, optional) - Configuration options
    • timeout (number, optional) - Timeout in milliseconds before throwing error. Default: 1000
    • errorMessage (string, optional) - Custom error message. Default: 'Open Loop Detected!'

Returns

  • (string) - The protected JavaScript code with injected loop protection

Throws

  • Error if code is invalid JavaScript
  • Error if options are invalid

TypeScript Support

This package includes TypeScript type definitions out of the box. No need to install separate @types packages!

import { injector, InjectorOptions } from 'open-loop-killer';

const code = 'while(true) { console.log("test"); }';
const options: InjectorOptions = {
  timeout: 2000,
  errorMessage: 'Loop timeout!'
};

const protectedCode: string = injector(code, options);

Examples

Basic Usage

const {injector} = require('open-loop-killer');

let code = `
    while(true){
    }
`
let injectedCode = injector(code);

With Custom Timeout

const {injector} = require('open-loop-killer');

let code = `
    for(let i = 0; i < 1000000; i++){
        // Some operation
    }
`
let injectedCode = injector(code, {
    timeout: 5000  // 5 seconds
});

With Custom Error Message

const {injector} = require('open-loop-killer');

let code = `
    while(true){
    }
`
let injectedCode = injector(code, {
    errorMessage: 'Loop execution timeout exceeded!'
});

With Both Options

const {injector} = require('open-loop-killer');

let injectedCode = injector(code, {
    timeout: 2000,
    errorMessage: 'Custom timeout message'
});

Injected Code Example

Input:

while(true) { }

Output:

let _a3f9b2 = Date.now();
while (true) {
    if (Date.now() - _a3f9b2 > 1000) {
        throw new Error('Open Loop Detected!');
    }
    {
    }
}

Supported Loop Types

Fully Protected:

  • while loops
  • for loops
  • do-while loops
  • for...in loops
  • for...of loops

Limitations

⚠️ Important: This package has the following limitations:

  1. No protection (not yet supported) for:

    • for await...of loops (async iteration)
    • ❌ Recursive functions
    • ❌ Async loops or promises without await
    • ❌ Array methods like .forEach(), .map(), etc.

  2. Timeout behavior:

    • Timeout is checked on each iteration
    • If a single iteration takes longer than the timeout, it won't be caught
    • Protection works best for loops with many fast iterations
    • For for...in and for...of, protection works on iteration count, not property/item count

  3. Error handling:

    • When a loop times out, it throws an error
    • Make sure to wrap execution in try-catch if needed

License

MIT