Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
cacheable-lookup
Advanced tools
The cacheable-lookup npm package is designed to enhance the Node.js DNS module with caching capabilities. It provides a way to cache DNS lookup results in order to improve performance for repeated DNS queries. This is particularly useful for applications making numerous requests to the same domains, as it reduces the number of DNS queries that need to be performed over the network.
Caching DNS lookups
This feature allows you to cache DNS lookups to improve performance. The code sample demonstrates how to perform a DNS lookup for 'example.com' and cache the result.
const CacheableLookup = require('cacheable-lookup');
const cacheable = new CacheableLookup();
cacheable.lookup('example.com', (err, address, family) => {
console.log(address);
});
Integration with http.Agent
This feature demonstrates how cacheable-lookup can be integrated with Node.js http.Agent to automatically use cached DNS lookups for HTTP requests. This can significantly reduce DNS lookup times for repeated requests to the same domain.
const CacheableLookup = require('cacheable-lookup');
const http = require('http');
const cacheable = new CacheableLookup();
const agent = new http.Agent({
lookup: cacheable.lookup
});
http.get('http://example.com', { agent }, (res) => {
// Handle response
});
dns-cache is a simple DNS cache module. It provides basic caching functionalities similar to cacheable-lookup but lacks some of the advanced features and customizability options such as integration with http.Agent.
A cacheable
dns.lookup(…)
that respects TTL :tada:
Making lots of HTTP requests? You can save some time by caching DNS lookups :zap:
lookup
optionimport http from 'node:http';
import CacheableLookup from 'cacheable-lookup';
const cacheable = new CacheableLookup();
http.get('http://example.com', {lookup: cacheable.lookup}, response => {
// Handle the response here
});
import http from 'node:http';
import https from 'node:https';
import CacheableLookup from 'cacheable-lookup';
const cacheable = new CacheableLookup();
cacheable.install(http.globalAgent);
cacheable.install(https.globalAgent);
http.get('http://example.com', response => {
// Handle the response here
});
Returns a new instance of CacheableLookup
.
Type: object
Default: {}
Options used to cache the DNS lookups.
Type: Map
| Keyv
Default: new Map()
Custom cache instance. If undefined
, it will create a new one.
Note: If you decide to use Keyv instead of the native implementation, the performance will drop by 10x. Memory leaks may occur as it doesn't provide any way to remove all the deprecated values at once.
Tip: QuickLRU
is fully compatible with the Map API, you can use it to limit the amount of cached entries. Example:
import http from 'node:http';
import CacheableLookup from 'cacheable-lookup';
import QuickLRU from 'quick-lru';
const cacheable = new CacheableLookup({
cache: new QuickLRU({maxSize: 1000})
});
http.get('http://example.com', {lookup: cacheable.lookup}, response => {
// Handle the response here
});
Type: number
Default: Infinity
The maximum lifetime of the entries received from the specifed DNS server (TTL in seconds).
If set to 0
, it will make a new DNS query each time.
Pro Tip: This shouldn't be lower than your DNS server response time in order to prevent bottlenecks. For example, if you use Cloudflare, this value should be greater than 0.01
.
Type: number
Default: 3600
(1 hour)
When the DNS server responds with ENOTFOUND
or ENODATA
and the OS reports that the entry is available, it will use dns.lookup(...)
directly for the requested hostnames for the specified amount of time (in seconds).
Note: You should avoid setting this to 0
unless the provided DNS servers' database is limited to few domains.
Type: number
Default: 0.15
The time how long it needs to remember queries that threw ENOTFOUND
or ENODATA
(TTL in seconds).
Note: This option is independent, options.maxTtl
does not affect this.
Pro Tip: This shouldn't be lower than your DNS server response time in order to prevent bottlenecks. For example, if you use Cloudflare, this value should be greater than 0.01
.
Type: dns.Resolver | dns.promises.Resolver
Default: new dns.promises.Resolver()
An instance of DNS Resolver used to make DNS queries.
Type: Function
Default: dns.lookup
The fallback function to use when the DNS server responds with ENOTFOUND
or ENODATA
.
If you don't query internal hostnames (such as localhost
, database.local
etc.), it is strongly recommended to set this to false
.
Type: object
Type: string
The IP address (can be an IPv4 or IPv6 address).
Type: number
The IP family (4
or 6
).
Type: number
Note: This is not present when falling back to dns.lookup(...)
!
The timestamp (Date.now() + ttl * 1000
) when the entry expires.
Note: This is not present when falling back to dns.lookup(...)
!
The time in seconds for its lifetime.
Note: This is not present when falling back to dns.lookup(...)
!
Whether this entry was loaded from the cache or came from a query (cache
or query
)
When options.all
is false
, then callback(error, address, family, expires, ttl)
is called.
When options.all
is true
, then callback(error, entries)
is called.
Type: Array
The DNS servers used to make queries. Can be overridden - doing so will clear the cache.
The asynchronous version of dns.lookup(…)
.
Returns an entry object.
If options.all
is true, returns an array of entry objects.
Type: string
Type: object
The same as the dns.lookup(…)
options.
An asynchronous function which returns cached DNS lookup entries.
This is the base for lookupAsync(hostname, options)
and lookup(hostname, options, callback)
.
Note: This function has no options.
Returns an array of objects with address
, family
, ttl
and expires
properties.
An asynchronous function which makes two DNS queries: A and AAAA. The result is cached.
This is used by query(hostname)
if no entry in the database is present.
Returns an array of objects with address
, family
, ttl
and expires
properties.
Updates interface info. For example, you need to run this when you plug or unplug your WiFi driver.
Note: Running updateInterfaceInfo()
will trigger clear()
only on network interface removal.
Clears the cache for the given hostname. If the hostname argument is not present, the entire cache will be emptied.
Performed on:
example.com
CacheableLookup#lookupAsync x 2,896,251 ops/sec ±1.07% (85 runs sampled)
CacheableLookup#lookupAsync.all x 2,842,664 ops/sec ±1.11% (88 runs sampled)
CacheableLookup#lookupAsync.all.ADDRCONFIG x 2,598,283 ops/sec ±1.21% (88 runs sampled)
CacheableLookup#lookup x 2,565,913 ops/sec ±1.56% (85 runs sampled)
CacheableLookup#lookup.all x 2,609,039 ops/sec ±1.01% (86 runs sampled)
CacheableLookup#lookup.all.ADDRCONFIG x 2,416,242 ops/sec ±0.89% (85 runs sampled)
dns#lookup x 7,272 ops/sec ±0.36% (86 runs sampled)
dns#lookup.all x 7,249 ops/sec ±0.40% (86 runs sampled)
dns#lookup.all.ADDRCONFIG x 5,693 ops/sec ±0.28% (85 runs sampled)
Fastest is CacheableLookup#lookupAsync.all
FAQs
A cacheable dns.lookup(…) that respects TTL
The npm package cacheable-lookup receives a total of 10,532,167 weekly downloads. As such, cacheable-lookup popularity was classified as popular.
We found that cacheable-lookup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.