Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
compression-next
Advanced tools
NOTE: Folks have been having conversations about adding brotli compression to expressjs/compression for over five years. In the spirit of using brotli compression today rather than 5 more years from now, there is this fork. Once #172 is merged into expressjs/compression we should all get back to using core.
Node.js compression middleware.
The following compression codings are supported:
Note Brotli is supported only since Node.js versions v11.7.0 and v10.16.0.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install compression-next
var compression = require('compression-next')
Returns the compression middleware using the given options
. The middleware
will attempt to compress response bodies for all request that traverse through
the middleware, based on the given options
.
This middleware will never compress responses that include a Cache-Control
header with the no-transform
directive,
as compressing will transform the body.
compression()
accepts these properties in the options object. In addition to
those listed below, zlib options may be
passed in to the options object or
brotli options.
The default value is zlib.Z_DEFAULT_CHUNK
, or 16384
.
See Node.js documentation regarding the usage.
A function to decide if the response should be considered for compression.
This function is called as filter(req, res)
and is expected to return
true
to consider the response for compression, or false
to not compress
the response.
The default filter function uses the compressible
module to determine if res.getHeader('Content-Type')
is compressible.
The level of zlib compression to apply to responses. A higher level will result in better compression, but will take longer to complete. A lower level will result in less compression, but will be much faster.
This is an integer in the range of 0
(no compression) to 9
(maximum
compression). The special value -1
can be used to mean the "default
compression level", which is a default compromise between speed and
compression (currently equivalent to level 6).
-1
Default compression level (also zlib.Z_DEFAULT_COMPRESSION
).0
No compression (also zlib.Z_NO_COMPRESSION
).1
Fastest compression (also zlib.Z_BEST_SPEED
).2
3
4
5
6
(currently what zlib.Z_DEFAULT_COMPRESSION
points to).7
8
9
Best compression (also zlib.Z_BEST_COMPRESSION
).The default value is zlib.Z_DEFAULT_COMPRESSION
, or -1
.
Note in the list above, zlib
is from zlib = require('zlib')
.
This specifies how much memory should be allocated for the internal compression
state and is an integer in the range of 1
(minimum level) and 9
(maximum
level).
The default value is zlib.Z_DEFAULT_MEMLEVEL
, or 8
.
See Node.js documentation regarding the usage.
zlib.constants.BROTLI_PARAM_MODE
zlib.constants.BROTLI_MODE_GENERIC
(default)zlib.constants.BROTLI_MODE_TEXT
, adjusted for UTF-8 textzlib.constants.BROTLI_MODE_FONT
, adjusted for WOFF 2.0 fontszlib.constants.BROTLI_PARAM_QUALITY
zlib.constants.BROTLI_MIN_QUALITY
to
zlib.constants.BROTLI_MAX_QUALITY
, with a default of
4
(which is not node's default but the most optimal).Note that here the default is set to compression level 4. This is a balanced setting with a very good speed and a very good compression ratio.
This is used to tune the compression algorithm. This value only affects the compression ratio, not the correctness of the compressed output, even if it is not set appropriately.
zlib.Z_DEFAULT_STRATEGY
Use for normal data.zlib.Z_FILTERED
Use for data produced by a filter (or predictor).
Filtered data consists mostly of small values with a somewhat random
distribution. In this case, the compression algorithm is tuned to
compress them better. The effect is to force more Huffman coding and less
string matching; it is somewhat intermediate between zlib.Z_DEFAULT_STRATEGY
and zlib.Z_HUFFMAN_ONLY
.zlib.Z_FIXED
Use to prevent the use of dynamic Huffman codes, allowing
for a simpler decoder for special applications.zlib.Z_HUFFMAN_ONLY
Use to force Huffman encoding only (no string match).zlib.Z_RLE
Use to limit match distances to one (run-length encoding).
This is designed to be almost as fast as zlib.Z_HUFFMAN_ONLY
, but give
better compression for PNG image data.Note in the list above, zlib
is from zlib = require('zlib')
.
The byte threshold for the response body size before compression is considered
for the response, defaults to 1kb
. This is a number of bytes or any string
accepted by the bytes module.
Note this is only an advisory setting; if the response size cannot be determined
at the time the response headers are written, then it is assumed the response is
over the threshold. To guarantee the response size can be determined, be sure
set a Content-Length
response header.
The default value is zlib.Z_DEFAULT_WINDOWBITS
, or 15
.
See Node.js documentation regarding the usage.
The default filter
function. This is used to construct a custom filter
function that is an extension of the default function.
var compression = require('compression-next')
var express = require('express')
var app = express()
app.use(compression({ filter: shouldCompress }))
function shouldCompress (req, res) {
if (req.headers['x-no-compression']) {
// don't compress responses with this request header
return false
}
// fallback to standard filter function
return compression.filter(req, res)
}
This module adds a res.flush()
method to force the partially-compressed
response to be flushed to the client.
When using this module with express or connect, simply app.use
the module as
high as you like. Requests that pass through the middleware will be compressed.
var compression = require('compression-next')
var express = require('express')
var app = express()
// compress all responses
app.use(compression())
// add all routes
Because of the nature of compression this module does not work out of the box with server-sent events. To compress content, a window of the output needs to be buffered up in order to get good compression. Typically when using server-sent events, there are certain block of data that need to reach the client.
You can achieve this by calling res.flush()
when you need the data written to
actually make it to the client.
var compression = require('compression-next')
var express = require('express')
var app = express()
// compress responses
app.use(compression())
// server-sent event stream
app.get('/events', function (req, res) {
res.setHeader('Content-Type', 'text/event-stream')
res.setHeader('Cache-Control', 'no-cache')
// send a ping approx every 2 seconds
var timer = setInterval(function () {
res.write('data: ping\n\n')
// !!! this is the important part
res.flush()
}, 2000)
res.on('close', function () {
clearInterval(timer)
})
})
FAQs
Node.js compression middleware
The npm package compression-next receives a total of 9,626 weekly downloads. As such, compression-next popularity was classified as popular.
We found that compression-next demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.