Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/PuerkitoBio/redisc
Package redisc implements a redis cluster client built on top of the redigo package. See the documentation for details.
$ go get [-u] [-t] github.com/mna/redisc
v1.3.2 : Export the HashSlots
constant to make it nicer to write the Cluster.LayoutRefresh
function signature.
v1.3.1 : Fix closing/releasing of connections used in Cluster.EachNode
.
v1.3.0 : Add Cluster.EachNode
to call a function with a connection for each known node in the cluster (e.g. to run diagnostics commands on each node or to collect all keys in a cluster); add optional Cluster function field BgError
to receive notification of errors happening in background topology refreshes and on closing of RetryConn
after following a redirection to a new connection; add optional Cluster function field LayoutRefresh
to receive the old and new cluster slot mappings to server address(es); prevent unnecessary cluster layout refreshes when the internal mapping is the same as the redirection error; better handling of closed Cluster; move CI to Github Actions; drop support for old Go versions (currently tested on 1.15+); enable more static analysis/linters; refactor tests to create less separate clusters and run faster.
v1.2.0 : Use Go modules, fix a failing test due to changed error message on Redis 6.
v1.1.7 : Do not bind to a random node if Do
is called without a command and the connection is not already bound (thanks to @tysonmote).
v1.1.6 : Append the actual error messages when a refresh returns "all nodes failed" error.
v1.1.5 : Add Cluster.PoolWaitTime
to configure the time to wait on a connection from a pool with MaxActive
> 0 and Wait
set to true (thanks to @iwanbk).
v1.1.4 : Add Conn.DoWithTimeout
and Conn.ReceiveWithTimeout
to match redigo's ConnWithTimeout
interface (thanks to @letsfire).
v1.1.3 : Fix handling of ASK
replies in RetryConn
.
v1.1.2 : Remove mention that StartupNodes
in Cluster
struct needs to be master nodes (it can be replicas). Add supporting test.
v1.1.1 : Fix CI tests.
v1.1.0 : This release builds with the github.com/gomodule/redigo
package (the new import path of redigo
, which also has a breaking change in its v2.0.0
, the PMessage
type has been removed and consolidated into Message
).
v1.0.0 : This release builds with the github.com/garyburd/redigo
package, which - according to its readme - will not be maintained anymore, having moved to github.com/gomodule/redigo
for future development. As such, redisc
will not be updated with the old redigo package, this version was created only to avoid causing issues to users of redisc.
The code documentation is the canonical source for documentation.
The design goal of redisc is to be as compatible as possible with the redigo package. As such, the Cluster
type can be used as a drop-in replacement to a redis.Pool
when moving from a standalone Redis to a Redis Cluster setup, and the connections returned by the cluster implement redigo's redis.Conn
interface. The package offers additional features specific to dealing with a cluster that may be needed for more advanced scenarios.
The main features are:
redis.Pool
(the Cluster
type implements the same Get
and Close
method signatures).redis.Conn
interfaces and use the redigo
package to execute commands, redisc
only handles the cluster part.RetryConn
.IsTryAgain
and ParseRedir
.BindConn
when needed.SplitBySlot
.Note that to make efficient use of Redis Cluster, some upfront work is usually required. A good understanding of Redis Cluster is highly recommended and the official Redis website has good documentation that covers this. In particular, Migrating to Redis Cluster will help understand how straightforward (or not) the migration may be for your specific case.
There are a number of ways you can support the project:
The BSD 3-Clause license.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.