Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Fuse.js is a powerful, lightweight fuzzy-search library, with zero dependencies. It provides a simple way to perform approximate string matching (fuzzy searching) by searching for patterns in text, which is useful for implementing features like search-as-you-type, autocomplete, and other search-related functionalities.
Simple Search
This feature allows you to perform a simple fuzzy search on a list of items. The code sample demonstrates searching for the term 'old man' in an array of book titles.
const Fuse = require('fuse.js');
const books = [{ title: 'Old Man's War' }, { title: 'The Lock Artist' }];
const fuse = new Fuse(books, { keys: ['title'] });
const result = fuse.search('old man');
Weighted Search
This feature allows you to perform a search where each field can have a different weight, affecting the relevance of search results. The code sample demonstrates a weighted search where the author field has a higher weight than the title.
const Fuse = require('fuse.js');
const books = [{ title: 'Old Man's War', author: 'John Scalzi' }, { title: 'The Lock Artist', author: 'Steve Hamilton' }];
const fuse = new Fuse(books, { keys: [{ name: 'title', weight: 0.3 }, { name: 'author', weight: 0.7 }] });
const result = fuse.search('john');
Extended Search
This feature allows you to use an extended search syntax to perform searches that include logical operators. The code sample demonstrates searching for items that do not include the word 'lock'.
const Fuse = require('fuse.js');
const books = [{ title: 'Old Man's War' }, { title: 'The Lock Artist' }];
const options = { includeMatches: true, useExtendedSearch: true };
const fuse = new Fuse(books, options);
const result = fuse.search('!lock');
Algolia is a hosted search engine capable of delivering real-time results from the first keystroke. It's more feature-rich and includes a complete search API compared to the client-side library Fuse.js. However, it requires setting up an account and is not a purely client-side solution.
Lunr.js is a small, full-text search library for use in the browser. It indexes data ahead of time and provides a simple search interface. Lunr.js is more suited for smaller datasets and static websites, whereas Fuse.js does not require pre-indexing and can handle dynamic content better.
Elasticlunr.js is a lightweight full-text search engine in JavaScript for browser search and offline search. It is based on lunr.js but provides more flexibility and is faster. Compared to Fuse.js, Elasticlunr.js requires pre-indexing and is more suitable for static content.
Fuse is a full JavaScript fuzzy-search implementation that searches accross the keys of every record in a list.
keys (type: Array
)
List of properties that will be searched. This also supports nested properties:
var books = [{
title: "Old Man's War"
author: {
firstName: "John",
lastName: "Scalzi"
}
}];
var fuse = new Fuse(books, { keys: ["title", "author.firstName"] });
id (type: String
)
The name of the identifier property. If specified, the returned result will be a list of the items' identifiers, otherwise it will be a list of the items.
caseSensitive (type: Boolean
, default: false
)
Indicates whether comparisons should be case sensitive.
includeScore (type: Boolean
, default: false
)
Whether the score should be included in the result set. When true
, each result in the list will be of the form { item: ..., score: ... }
shouldSort (type: Boolean
, default: true
)
Whether to sort the result list, by score.
searchFn (type: Function
, default: BitapSearcher
)
The search function to use. Note that the search function ([[Function]]
) must conform to the following API:
/*
@param pattern The pattern string to search
@param options The search option
*/
[[Function]].constructor = function(pattern, options) { ... }
/*
@param text: the string to search in for the pattern
@return Object in the form of:
- isMatch: boolean
- score: Int
*/
[[Function]].prototype.search = function(text) { ... }
getFn (type: Function
, default: Utils.deepValue
)
The get function to use when fetching an object's properties. The default will search nested paths ie foo.bar.baz
/*
@param obj The object being searched
@param path The path to the target property
*/
// example using an object with a `getter` method
getFn: function (obj, path) {
return obj.get(path);
}
sortFn (type: Function
, default: Array.prototype.sort
)
The function that is used for sorting the result list.
location (type: Integer
, default: 0
)
Determines approximately where in the text is the pattern expected to be found.
threshold (type: Decimal
, default: 0.6
)
At what point does the match algorithm give up. A threshold of 0.0
requires a perfect match (of both letters and location), a threshold of 1.0
would match anything.
distance (type: Integer
, default: 100
)
Determines how close the match must be to the fuzzy location (specified by location
). An exact letter match which is distance
characters away from the fuzzy location would score as a complete mismatch. A distance
of 0
requires the match be at the exact location
specified, a threshold
of 1000
would require a perfect match to be within 800 characters of the location
to be found using a threshold
of 0.8
.
maxPatternLength (type: Integer
, default: 32
)
The maximum length of the pattern. The longer the pattern, the more intensive the search operation will be. Whenever the pattern exceeds the maxPatternLength
, an error will be thrown. Why is this important? Read this.
Before submitting a pull request, please add relevant tests in test/fuse-test.js
, and execute them via npm test
.
Note that ALL TESTS MUST PASS, otherwise the pull request will be automatically rejected.
FAQs
Lightweight fuzzy-search
We found that fuse.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.