Security News
Node.js Moves to Annual Major Releases Starting with Node 27
The project is retiring its odd/even release model in favor of a simpler annual cadence where every major version becomes LTS.
By Sarah Gooding - Mar 11, 2026
You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP →
@vltpkg/cache-unzip
Advanced tools
@vltpkg/cache-unzip
This is a script that can be run as a detached background process to un-gzip any cached response bodies in the vlt cache.
Usage
Whenever you get a cache entry with a gzipped body, tell this module about it.
import { register } from '@vltpkg/cache-unzip'
import { Cache } from '@vltpkg/cache'
const cache = new Cache({ path: cachePath })
// later...
const response = get_response_cache_entry_somehow()
cache.set(myKey, response.encode())
// unzip it after this process is done
if (response.isGzip) {
register(cachePath, myKey)
}
On process exit, these registered keys will be passed as arguments to
a detached deref'ed vlt-cache-unzip process. So, the main program
exits normally, but the child process ignores the SIGHUP and keeps
going until it's done. The next time that cache entry is read, it
won't have to be unzipped.
Why Do This
Because it's faster to not have to decompress the same content more times than necessary.
FAQs
Daemon that manages the @vltpkg/cache disk store
The npm package @vltpkg/cache-unzip receives a total of 24,483 weekly downloads. As such, @vltpkg/cache-unzip popularity was classified as popular.
We found that @vltpkg/cache-unzip demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 03 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
5 Malicious Rust Crates Posed as Time Utilities to Exfiltrate .env Files
Published late February to early March 2026, these crates impersonate timeapi.io and POST .env secrets to a threat actor-controlled lookalike domain.
By Kirill Boychenko - Mar 10, 2026
Security News
OpenClaw Advisory Surge Highlights Gaps Between GHSA and CVE Tracking
A recent burst of security disclosures in the OpenClaw project is drawing attention to how vulnerability information flows across advisory and CVE systems.
By Sarah Gooding - Mar 10, 2026