Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@elastic/elasticsearch-canary
Advanced tools
@elastic/elasticsearch-canary
The official Elasticsearch client for Node.js
Elasticsearch Node.js client
Download the latest version of Elasticsearch or sign-up for a free trial of Elastic Cloud.
The official Node.js client for Elasticsearch.
Installation
Refer to the Installation section of the getting started documentation.
Connecting
Refer to the Connecting section of the getting started documentation.
Usage
- Creating an index
- Indexing a document
- Getting documents
- Searching documents
- Updating documents
- Deleting documents
- Deleting an index
Node.js support
NOTE: The minimum supported version of Node.js is v18.
The client versioning follows the Elastic Stack versioning, this means that major, minor, and patch releases are done following a precise schedule that often does not coincide with the Node.js release times.
To avoid support insecure and unsupported versions of Node.js, the client will drop the support of EOL versions of Node.js between minor releases. Typically, as soon as a Node.js version goes into EOL, the client will continue to support that version for at least another minor release. If you are using the client with a version of Node.js that will be unsupported soon, you will see a warning in your logs (the client will start logging the warning with two minors in advance).
Unless you are always using a supported version of Node.js,
we recommend defining the client dependency in your
package.json with the ~ instead of ^. In this way, you will lock the
dependency on the minor release and not the major. (for example, ~7.10.0 instead
of ^7.10.0).
| Node.js Version | Node.js EOL date | End of support |
|---|---|---|
8.x | December 2019 | 7.11 (early 2021) |
10.x | April 2021 | 7.12 (mid 2021) |
12.x | April 2022 | 8.2 (early 2022) |
14.x | April 2023 | 8.8 (early 2023) |
16.x | September 2023 | 8.11 (late 2023) |
Compatibility
Language clients are forward compatible; meaning that clients support communicating with greater or equal minor versions of Elasticsearch. Elasticsearch language clients are only backwards compatible with default distributions and without guarantees made.
| Elasticsearch Version | Client Version |
|---|---|
8.x | 8.x |
7.x | 7.x |
6.x | 6.x |
5.x | 5.x |
To install a specific major of the client, run the following command:
npm install @elastic/elasticsearch@<major>
Browser
[!WARNING] There is no official support for the browser environment. It exposes your Elasticsearch instance to everyone, which could lead to security issues. We recommend that you write a lightweight proxy that uses this client instead, you can see a proxy example here.
Documentation
- Introduction
- Usage
- Client configuration
- API reference
- Authentication
- Observability
- Creating a child client
- Client helpers
- Typescript support
- Testing
- Examples
Install multiple versions
If you are using multiple versions of Elasticsearch, you need to use multiple versions of the client. In the past, install multiple versions of the same package was not possible, but with npm v6.9, you can do that via aliasing.
The command you must run to install different version of the client is:
npm install <alias>@npm:@elastic/elasticsearch@<version>
So for example if you need to install 7.x and 6.x, you will run:
npm install es6@npm:@elastic/elasticsearch@6
npm install es7@npm:@elastic/elasticsearch@7
And your package.json will look like the following:
"dependencies": {
"es6": "npm:@elastic/elasticsearch@^6.7.0",
"es7": "npm:@elastic/elasticsearch@^7.0.0"
}
You will require the packages from your code by using the alias you have defined.
const { Client: Client6 } = require('es6')
const { Client: Client7 } = require('es7')
const client6 = new Client6({
cloud: { id: '<cloud-id>' },
auth: { apiKey: 'base64EncodedKey' }
})
const client7 = new Client7({
cloud: { id: '<cloud-id>' },
auth: { apiKey: 'base64EncodedKey' }
})
client6.info().then(console.log, console.log)
client7.info().then(console.log, console.log)
Finally, if you want to install the client for the next version of Elasticsearch (the one that lives in Elasticsearch’s main branch), you can use the following command:
npm install esmain@github:elastic/elasticsearch-js
License
This software is licensed under the Apache License 2.0.
FAQs
The official Elasticsearch client for Node.js
The npm package @elastic/elasticsearch-canary receives a total of 1,279 weekly downloads. As such, @elastic/elasticsearch-canary popularity was classified as popular.
We found that @elastic/elasticsearch-canary demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 62 open source maintainers collaborating on the project.
Package last updated on 28 Feb 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025