Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Hook is a simple node package used for counting unique occurances (by key) in a window of time that performs and has a low memory footprint. It works with multiple instances of node if used in conjunction with redis.
This allows for throttling and statistics tracking over a period of time.
middleware
Throttle by ip address
var hook = require('hook');
var connect = require('connect');
var IP_LIMIT = 1000;
var IP_PER = "day"; // hour or minute
var app = connect(
hook.middleware.throttleIP(IP_LIMIT, IP_PER)
);
Count urls by day and generate a realtime report:
var app = express.createServer(
hook.middleware.countURL("day")
);
app.get('/stats', function(req, res, next) {
req.writeHead(200, { "Content-type": "text/html" });
req.end(hook.middleware.htmlTable();
});
More specific throttling
// throttle by url.
// A url can only be visited 10 times in an hour
// hour on minute granularity
connect(
hook.middleware.throttle({
limit: 10,
buckets: 60,
seconds: 60,
prefix: "ip"
}, function (req) { return req.url; })
);
Range counters are used for collecting data in a sliding window. They are not meant to be persistent. Instead, they are a snapshot of statistical data. They are a few concepts that need to be defined:
Example
Say we want to limit the number of times a user can log in a 10 minute time period:
var redis = require('redis').createClient();
var buckets = 10;
var seconds = 60;
var prefix = "login:users"; // for redis
var users = new hook.RangeCounter(buckets, seconds, prefix);
var limit = 100;
function userLoggedIn(username) {
users.inc(username);
}
function canUserLogin(username) {
return users.getCount(username) < limit;
}
// sync counter data to redis (prefix key is "login:users");
// if you have multiple node instances running, they will sync up
// to each other every 5 seconds
setInterval(function () { hook.RangeCounter.sync(redis, users) }, 5000);
new hook.RangeCounter(buckets, seconds, prefix)
Instantiates a range counter. Inputs:
counter.inc(key)
Increments counter for a specific key (eg. ip address, url)
counter.getCount(key)
Returns integer for the count of a key
counter.getCounts()
Returns a hash where the keys are the keys and the counts are the values.
FAQs
NodeJS Throttler
The npm package hook receives a total of 0 weekly downloads. As such, hook popularity was classified as not popular.
We found that hook demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.