Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gatsby-plugin-source-algolia
Advanced tools
Gatsby Plugin to source Algolia Data in a scalable manner.
npm i gatsby-plugin-source-algolia
If you're using Algolia as a psuedo-data-store or want to make build-time-rendered results pages without touching the Algolia client, this package is for you.
Unlike whatever solution you (may) have already hacked together, this plugin abstracts full Algolia object fetching into resolvers, which Gatsby can run in parallel - instead of relying on big, singular browseObjects queries that make your dev experience slow + fragile, and your build times long.
To power this - it relies on a few important assumptions:
createPages
when generating pages from Algolia dataslug
- which you can define inside the plugin's config - based on data sourced from AlgoliaUsed in production on many projects at Healthmarkets.com.
Yes!
Very! When used on Gatsby Cloud on a site with >100K pages, build times decreased ~5x without caching, compared to sourcing data in createPages. Install it and see for yourself. By running most of the data fetching inside resolvers, Gatsby can parallel our data fetching across multiple worker processes, without the choking Algolia usually experiences when returning massive pages of data.
After installing, add the plugin to your gatsby-config.js
file. You will need to add config options to setup the plugin.
Option Name | Description |
---|---|
applicationId (required) | Your Algolia application ID. |
browseObjectsApiKey (required) | Your Algolia 'all-access' browseObjects API key. |
indexName (required) | The name of your index on Algolia. |
gatsbyTypeName (required) | This will be the typename for your new data source in GraphQL. |
dependencies (required) | The data you need in advance to create your pages and slugs. This is an array of keys (string) representing keys on your Algolia object. Examples would be objectID, permalink, firstName - any data you need in advance. |
getSlug (required) | This is a required function that you must implement in order to create slugs for your Algolia items - so that you can build pages with them. Return a string to source a node, return undefined to exclude the node from being sourced. More on this below. |
limitItems (optional) | Optionally provide a max amount of items to source - occasionally useful when working in dev if you are having issues with connecting to Algolia. |
cacheLifetime (optional) | The max amount of time to save your Algolia records in Gatsby's cache - in hours. This will speed up your builds a lot if your Algolia data isn't changing frequently. Default is 72 hours. Set to 0 to disable. |
{
resolve: 'gatsby-plugin-source-algolia',
options: {
indexName: 'locations',
applicationId: "XXXXXXXXX",
browseObjectsApiKey: "XXXXXXXXX",
gatsbyTypeName: 'Locations',
dependencies: ['objectID', 'state', 'city', 'active'],
getSlug: (data) => {
if (data.active) {
// Return the node if the record is 'active'
return data.state + "/" + data.city
}
// Exclude this node from Gatsby if the record wasn't 'active' on Algolia
return undefined;
},
limitItems: process.env.NODE_ENV === "development" ? 10000 : undefined,
cacheLifetime: 48, // 48 hours
},
},
FAQs
Gatsby Plugin to source Algolia Data in a scalable manner.
The npm package gatsby-plugin-source-algolia receives a total of 11 weekly downloads. As such, gatsby-plugin-source-algolia popularity was classified as not popular.
We found that gatsby-plugin-source-algolia demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.