Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@charliehess/redux-persist
Advanced tools
Persist and rehydrate a redux store.
Redux Persist is performant, easy to implement, and easy to extend.
npm i --save redux-persist
Basic usage requires adding a few lines to a traditional redux application:
import {compose, applyMiddleware, createStore} from 'redux'
import {persistStore, autoRehydrate} from 'redux-persist'
// add `autoRehydrate` as an enhancer to your store (note: `autoRehydrate` is not a middleware)
const store = createStore(
reducer,
undefined,
compose(
applyMiddleware(...),
autoRehydrate()
)
)
// begin periodically persisting the store
persistStore(store)
For per reducer rehydration logic, you can opt-in by adding a handler to your reducer:
import {REHYDRATE} from 'redux-persist/constants'
//...
case REHYDRATE:
var incoming = action.payload.myReducer
if (incoming) return {...state, ...incoming, specialKey: processSpecial(incoming.specialKey)}
return state
You may also need to configure the persistence layer, or take action after rehydration has completed:
persistStore(store, {blacklist: ['someTransientReducer']}, () => {
console.log('rehydration complete')
})
And if things get out of wack, just purge the storage
persistStore(store, config, callback).purge()
persistStore(store, [config, callback])
persistor object
.purge(keys)
.rehydrate(incoming, options)
serial:true
, incoming should be a string, that will be deserialized and passed through the transforms defined in the persistor.pause()
resume()
autoRehydrate(config)
constants
import * as constants from 'redux-persist/constants'
. This includes REHYDRATE
and KEY_PREFIX
.If you need more control over persistence flow, you can implement getStoredState
and createPersistor
. For example you can skip autoRehydrate and directly pass restoredState into your store as initialState:
import {getStoredState, autoRehydrate, createPersistor} from 'redux-persist'
const persistConfig = { /* ... */ }
getStoredState(persistConfig, (err, restoredState) => {
const store = createStore(reducer, restoredState)
const persistor = createPersistor(store, persistConfig)
})
import {persistStore, createPersistor} from 'redux-persist'
const persistor = persistStore(store) // persistStore restores and persists
const secondaryPersistor = createPersistor(store, {storage: specialBackupStorage}) // createPersistor only persists
setItem
getItem
removeItem
getAllKeys
. [example]// sessionStorage
import { persistStore } from 'redux-persist'
import { asyncSessionStorage } from 'redux-persist/storages'
persistStore(store, {storage: asyncSessionStorage})
// react-native
import {AsyncStorage} from 'react-native'
persistStore(store, {storage: AsyncStorage})
// web with recommended localForage
import localForage from 'localforage'
persistStore(store, {storage: localForage})
Transforms allow for arbitrary state transforms before saving and during rehydration.
import { createTransform, persistStore } from 'redux-persist'
let myTransform = createTransform(
// transform state coming from redux on its way to being serialized and stored
(inboundState, key) => specialSerialize(inboundState, key),
// transform state coming from storage, on its way to be rehydrated into redux
(outboundState, key) => specialDeserialize(outboundState, key),
// configuration options
{whitelist: ['specialReducer']}
)
persistStore(store, {transforms: [myTransform]})
import { createTransform, persistStore } from 'redux-persist'
let myTransform = createTransform(
async (inboundState, key) => {
const serialized = await asyncSerialize(inboundState, key)
return serialized
},
async (outboundState, key) => {
const deserialized = await specialDeserialize(outboundState, key)
return deserialized
},
{whitelist: ['specialReducer']}
)
persistStore(store, {
transforms: [myTransform],
asyncTransforms: true
})
One challenge developers encounter when persisting state for the first time is what happens when the shape of the application state changes between deployments? Solution: redux-persist-migrate
A common mistake is to fire actions that modify state before rehydration is complete which then will be overwritten by the rehydrate action. You can either defer firing of those actions until rehydration is complete, or you can use an action buffer.
Because persisting state is inherently stateful, persistStore
lives outside of the redux store. Importantly this keeps the store 'pure' and makes testing and extending the persistor much easier.
autoRehydrate is a store enhancer that automatically rehydrates state.
While auto rehydration works out of the box, individual reducers can opt in to handling their own rehydration, allowing for more complex operations like data transforms and cache invalidation. Simply define a handler for the rehydrate action in your reducer, and if the state is mutated, auto rehydrate will skip that key.
Auto rehydrate is provided as a convenience. In a large application, or one with atypical reducer composition, auto rehydration may not be convenient. In this case, simply omit autoRehydrate. Rehydration actions will still be fired by persistStore
, and can then be handled individually by reducers or using a custom rehydration handler.
FAQs
persist and rehydrate redux stores
The npm package @charliehess/redux-persist receives a total of 2 weekly downloads. As such, @charliehess/redux-persist popularity was classified as not popular.
We found that @charliehess/redux-persist demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.