Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
@elastic/elasticsearch
Advanced tools
@elastic/elasticsearch is the official Node.js client for Elasticsearch. It allows developers to interact with Elasticsearch clusters, perform CRUD operations, search, and manage indices, among other functionalities.
Connecting to Elasticsearch
This code demonstrates how to create a new client instance to connect to an Elasticsearch cluster running on localhost.
const { Client } = require('@elastic/elasticsearch');
const client = new Client({ node: 'http://localhost:9200' });
Indexing Documents
This code sample shows how to index a document into an Elasticsearch index named 'my-index'.
async function run() {
await client.index({
index: 'my-index',
id: '1',
body: {
title: 'Test Document',
content: 'This is a test document.'
}
});
}
run().catch(console.log);
Searching Documents
This code demonstrates how to search for documents in the 'my-index' index that match the term 'Test' in the title field.
async function run() {
const { body } = await client.search({
index: 'my-index',
body: {
query: {
match: { title: 'Test' }
}
}
});
console.log(body.hits.hits);
}
run().catch(console.log);
Managing Indices
This code sample shows how to create a new index named 'my-new-index' in Elasticsearch.
async function run() {
await client.indices.create({
index: 'my-new-index'
});
}
run().catch(console.log);
The 'elasticsearch' package is an older, community-maintained client for Elasticsearch. It provides similar functionalities but is not officially maintained by Elastic. It may lack some of the newer features and optimizations present in @elastic/elasticsearch.
Searchkit is a toolkit for building search UIs with Elasticsearch. It provides higher-level abstractions and components for building search interfaces, making it easier to integrate Elasticsearch into front-end applications. However, it may not offer the same low-level control as @elastic/elasticsearch.
The official Node.js client for Elasticsearch.
Note: In the past months we have worked on the new Elasticsearch Node.js client and you can use it by following the instructions below. If you're going to use the legacy one or report an issue, however, please check out elastic/elasticsearch-js-legacy.
npm install @elastic/elasticsearch
NOTE: The minimum supported version of Node.js is v12
.
The client versioning follows the Elastc Stack versioning, this means that major, minor, and patch releases are done following a precise schedule that often does not coincide with the Node.js release times.
To avoid support insecure and unsupported versions of Node.js, the client will drop the support of EOL versions of Node.js between minor releases. Typically, as soon as a Node.js version goes into EOL, the client will continue to support that version for at least another minor release. If you are using the client with a version of Node.js that will be unsupported soon, you will see a warning in your logs (the client will start logging the warning with two minors in advance).
Unless you are always using a supported version of Node.js,
we recommend defining the client dependency in your
package.json
with the ~
instead of ^
. In this way, you will lock the
dependency on the minor release and not the major. (for example, ~7.10.0
instead
of ^7.10.0
).
Node.js Version | Node.js EOL date | End of support |
---|---|---|
8.x | December 2019 | 7.11 (early 2021) |
10.x | April 2021 | 7.12 (mid 2021) |
Language clients are forward compatible; meaning that clients support communicating with greater or equal minor versions of Elasticsearch. Elasticsearch language clients are only backwards compatible with default distributions and without guarantees made.
Elasticsearch Version | Client Version |
---|---|
master | master |
7.x | 7.x |
6.x | 6.x |
5.x | 5.x |
To install a specific major of the client, run the following command:
npm install @elastic/elasticsearch@<major>
WARNING: There is no official support for the browser environment. It exposes your Elasticsearch instance to everyone, which could lead to security issues. We recommend that you write a lightweight proxy that uses this client instead, you can see a proxy example here.
First of all, require the client and initialize it:
const { Client } = require('@elastic/elasticsearch')
const client = new Client({ node: 'http://localhost:9200' })
You can use both the callback-style API and the promise-style API, both behave the same way.
// promise API
const result = await client.search({
index: 'my-index',
body: {
query: {
match: { hello: 'world' }
}
}
})
// callback API
client.search({
index: 'my-index',
body: {
query: {
match: { hello: 'world' }
}
}
}, (err, result) => {
if (err) console.log(err)
})
The returned value of every API call is formed as follows:
{
body: object | boolean
statusCode: number
headers: object
warnings: [string]
meta: object
}
Let's see a complete example!
'use strict'
const { Client } = require('@elastic/elasticsearch')
const client = new Client({ node: 'http://localhost:9200' })
async function run () {
// Let's start by indexing some data
await client.index({
index: 'game-of-thrones',
// type: '_doc', // uncomment this line if you are using Elasticsearch ≤ 6
body: {
character: 'Ned Stark',
quote: 'Winter is coming.'
}
})
await client.index({
index: 'game-of-thrones',
// type: '_doc', // uncomment this line if you are using Elasticsearch ≤ 6
body: {
character: 'Daenerys Targaryen',
quote: 'I am the blood of the dragon.'
}
})
await client.index({
index: 'game-of-thrones',
// type: '_doc', // uncomment this line if you are using Elasticsearch ≤ 6
body: {
character: 'Tyrion Lannister',
quote: 'A mind needs books like a sword needs a whetstone.'
}
})
// here we are forcing an index refresh, otherwise we will not
// get any result in the consequent search
await client.indices.refresh({ index: 'game-of-thrones' })
// Let's search!
const { body } = await client.search({
index: 'game-of-thrones',
// type: '_doc', // uncomment this line if you are using Elasticsearch ≤ 6
body: {
query: {
match: { quote: 'winter' }
}
}
})
console.log(body.hits.hits)
}
run().catch(console.log)
If you are using multiple versions of Elasticsearch, you need to use multiple versions of the client. In the past, install multiple versions of the same package was not possible, but with npm v6.9
, you can do that via aliasing.
The command you must run to install different version of the client is:
npm install <alias>@npm:@elastic/elasticsearch@<version>
So for example if you need to install 7.x
and 6.x
, you will run
npm install es6@npm:@elastic/elasticsearch@6
npm install es7@npm:@elastic/elasticsearch@7
And your package.json
will look like the following:
"dependencies": {
"es6": "npm:@elastic/elasticsearch@^6.7.0",
"es7": "npm:@elastic/elasticsearch@^7.0.0"
}
You will require the packages from your code by using the alias you have defined.
const { Client: Client6 } = require('es6')
const { Client: Client7 } = require('es7')
const client6 = new Client6({ node: 'http://localhost:9200' })
const client7 = new Client7({ node: 'http://localhost:9201' })
client6.info(console.log)
client7.info(console.log)
Finally, if you want to install the client for the next version of Elasticsearch (the one that lives in Elasticsearch’s master branch), you can use the following command:
npm install esmaster@github:elastic/elasticsearch-js
This software is licensed under the Apache 2 license.
FAQs
The official Elasticsearch client for Node.js
The npm package @elastic/elasticsearch receives a total of 644,903 weekly downloads. As such, @elastic/elasticsearch popularity was classified as popular.
We found that @elastic/elasticsearch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 69 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.