Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
compression
Advanced tools
The compression npm package is a middleware for Node.js that enables response compression, typically used with Express.js. It can compress response bodies for requests that traverse through the middleware, thus reducing the size of the response sent to clients and improving web application performance.
Compress response bodies
This code demonstrates how to use the compression middleware in an Express.js application to compress response bodies for all routes.
const express = require('express');
const compression = require('compression');
const app = express();
// Use compression middleware
app.use(compression());
// Example route
app.get('/', function (req, res) {
res.send('Hello World!');
});
app.listen(3000);
Filter requests to compress
This code shows how to use a custom filter function to decide whether to compress responses based on the request headers.
const express = require('express');
const compression = require('compression');
const app = express();
// Compression options with filter
const shouldCompress = (req, res) => {
if (req.headers['x-no-compression']) {
// Don't compress responses if this request header is present
return false;
}
// Fallback to the standard compression filter function
return compression.filter(req, res);
};
app.use(compression({ filter: shouldCompress }));
app.get('/', function (req, res) {
res.send('Hello World!');
});
app.listen(3000);
shrink-ray-current is an npm package that offers response compression using Brotli and Zopfli, which can provide better compression ratios than the default zlib library used by compression. It is a modern alternative to compression with additional features like cache-friendly ETag support and streaming compression.
koa-compress is a compression middleware for Koa, another popular Node.js web framework. It provides similar functionality to compression but is designed specifically for the Koa ecosystem. It supports various compression algorithms like gzip, deflate, and brotli.
fastify-compress is a plugin for the Fastify web framework that provides response compression capabilities. It supports 'gzip', 'deflate', and 'brotli' encoding methods and allows for custom compression options. It is similar to compression but tailored for use with Fastify.
Node.js compression middleware.
The following compression codings are supported:
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install compression
var compression = require('compression')
Returns the compression middleware using the given options
. The middleware
will attempt to compress response bodies for all requests that traverse through
the middleware, based on the given options
.
This middleware will never compress responses that include a Cache-Control
header with the no-transform
directive,
as compressing will transform the body.
compression()
accepts these properties in the options object. In addition to
those listed below, zlib options may be
passed in to the options object.
The default value is zlib.Z_DEFAULT_CHUNK
, or 16384
.
See Node.js documentation regarding the usage.
A function to decide if the response should be considered for compression.
This function is called as filter(req, res)
and is expected to return
true
to consider the response for compression, or false
to not compress
the response.
The default filter function uses the compressible
module to determine if res.getHeader('Content-Type')
is compressible.
The level of zlib compression to apply to responses. A higher level will result in better compression, but will take longer to complete. A lower level will result in less compression, but will be much faster.
This is an integer in the range of 0
(no compression) to 9
(maximum
compression). The special value -1
can be used to mean the "default
compression level", which is a default compromise between speed and
compression (currently equivalent to level 6).
-1
Default compression level (also zlib.Z_DEFAULT_COMPRESSION
).0
No compression (also zlib.Z_NO_COMPRESSION
).1
Fastest compression (also zlib.Z_BEST_SPEED
).2
3
4
5
6
(currently what zlib.Z_DEFAULT_COMPRESSION
points to).7
8
9
Best compression (also zlib.Z_BEST_COMPRESSION
).The default value is zlib.Z_DEFAULT_COMPRESSION
, or -1
.
Note in the list above, zlib
is from zlib = require('zlib')
.
This specifies how much memory should be allocated for the internal compression
state and is an integer in the range of 1
(minimum level) and 9
(maximum
level).
The default value is zlib.Z_DEFAULT_MEMLEVEL
, or 8
.
See Node.js documentation regarding the usage.
This is used to tune the compression algorithm. This value only affects the compression ratio, not the correctness of the compressed output, even if it is not set appropriately.
zlib.Z_DEFAULT_STRATEGY
Use for normal data.zlib.Z_FILTERED
Use for data produced by a filter (or predictor).
Filtered data consists mostly of small values with a somewhat random
distribution. In this case, the compression algorithm is tuned to
compress them better. The effect is to force more Huffman coding and less
string matching; it is somewhat intermediate between zlib.Z_DEFAULT_STRATEGY
and zlib.Z_HUFFMAN_ONLY
.zlib.Z_FIXED
Use to prevent the use of dynamic Huffman codes, allowing
for a simpler decoder for special applications.zlib.Z_HUFFMAN_ONLY
Use to force Huffman encoding only (no string match).zlib.Z_RLE
Use to limit match distances to one (run-length encoding).
This is designed to be almost as fast as zlib.Z_HUFFMAN_ONLY
, but give
better compression for PNG image data.Note in the list above, zlib
is from zlib = require('zlib')
.
The byte threshold for the response body size before compression is considered
for the response, defaults to 1kb
. This is a number of bytes or any string
accepted by the bytes module.
Note this is only an advisory setting; if the response size cannot be determined
at the time the response headers are written, then it is assumed the response is
over the threshold. To guarantee the response size can be determined, be sure
set a Content-Length
response header.
The default value is zlib.Z_DEFAULT_WINDOWBITS
, or 15
.
See Node.js documentation regarding the usage.
The default filter
function. This is used to construct a custom filter
function that is an extension of the default function.
var compression = require('compression')
var express = require('express')
var app = express()
app.use(compression({ filter: shouldCompress }))
function shouldCompress (req, res) {
if (req.headers['x-no-compression']) {
// don't compress responses with this request header
return false
}
// fallback to standard filter function
return compression.filter(req, res)
}
This module adds a res.flush()
method to force the partially-compressed
response to be flushed to the client.
When using this module with express or connect, simply app.use
the module as
high as you like. Requests that pass through the middleware will be compressed.
var compression = require('compression')
var express = require('express')
var app = express()
// compress all responses
app.use(compression())
// add all routes
Because of the nature of compression this module does not work out of the box with server-sent events. To compress content, a window of the output needs to be buffered up in order to get good compression. Typically when using server-sent events, there are certain block of data that need to reach the client.
You can achieve this by calling res.flush()
when you need the data written to
actually make it to the client.
var compression = require('compression')
var express = require('express')
var app = express()
// compress responses
app.use(compression())
// server-sent event stream
app.get('/events', function (req, res) {
res.setHeader('Content-Type', 'text/event-stream')
res.setHeader('Cache-Control', 'no-cache')
// send a ping approx every 2 seconds
var timer = setInterval(function () {
res.write('data: ping\n\n')
// !!! this is the important part
res.flush()
}, 2000)
res.on('close', function () {
clearInterval(timer)
})
})
FAQs
Node.js compression middleware
The npm package compression receives a total of 15,474,420 weekly downloads. As such, compression popularity was classified as popular.
We found that compression demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.