@metamask/safe-event-emitter

This is a drop-in replacement for Node's EventEmitter that prevents handler exceptions from breaking the emitter or affecting other listeners. In practice, this means one buggy listener won't crash your entire event chain—critical for wallet and extension architectures where third-party code might attach listeners.

The API is identical to standard EventEmitter, making migration trivial. Errors in handlers are caught and re-emitted as 'error' events, which you must handle or they're silently swallowed. This default behavior prevents crashes but can hide bugs if you don't set up error listeners early. The library is small, well-tested, and has minimal dependencies (just @metamask/utils), reducing supply chain risk.

From a security perspective, the error isolation is actually a feature—it prevents potentially malicious handlers from using exceptions to disrupt execution flow. However, you need discipline around error event handling to avoid masking security-relevant failures. The library doesn't add authentication or input validation—that's your responsibility at the handler level.

This library does exactly what it says: wraps Node's EventEmitter to prevent listener exceptions from crashing your emitter or affecting other listeners. In practice, this is critical for plugin systems or any architecture where you're accepting third-party event handlers. The API is a drop-in replacement for EventEmitter, so migration is trivial.

From a security perspective, the error isolation is its main feature—preventing cascading failures when untrusted handlers throw. However, it doesn't provide much beyond that. There's no built-in input validation for event payloads, no rate limiting, and errors are simply swallowed by default unless you handle the 'error' event. You'll need to be deliberate about logging these caught exceptions or they disappear silently, which can mask security-relevant failures.

The codebase is small and auditable, maintained by MetaMask with reasonable update cadence. No external dependencies means minimal supply chain risk. For what it does—preventing handler exceptions from breaking your event flow—it's reliable and well-suited to production use.

This is a straightforward drop-in replacement for Node's EventEmitter that prevents listener errors from propagating to the emitter. In practice, this means one bad handler won't crash your entire event chain - critical for plugin architectures or any scenario where you're calling untrusted/third-party listeners. The implementation wraps each listener in try-catch and emits 'error' events instead of throwing, which you can handle centrally.

Performance overhead is negligible in real-world usage. The package extends Node's native EventEmitter, so you get all the standard methods (on, once, removeListener) with identical APIs. Migration is literally changing your import statement. Memory footprint is minimal since it doesn't maintain additional data structures beyond what EventEmitter already uses.

The main gotcha is that errors are now silent by default if you don't listen for the 'error' event - this is by design but can hide bugs during development. You'll want observability hooks in place from day one. No connection pooling or retry logic (it's just an emitter), but timeout behavior is what you'd expect. Documentation is sparse but the API surface is tiny so you won't need much hand-holding.