Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The lunr npm package is a small, full-text search library for use in a web browser or Node.js environment. It provides a simple search interface for retrieving documents based on a search query. Lunr is designed to be easy to set up and use, without the need for a dedicated backend search server.
Creating an index
This code sample demonstrates how to create a search index with lunr. Fields to be indexed are specified, and documents are added to the index.
const lunr = require('lunr');
const idx = lunr(function () {
this.field('title');
this.field('body');
this.add({
'title': 'Example',
'body': 'This is an example.'
});
});
Searching the index
Once an index has been created, you can search it using a query string. This code sample searches for the term 'example' in the index.
const results = idx.search('example');
Serializing and loading an index
Lunr allows you to serialize an index to JSON and load it back. This is useful for saving the index to disk or sending it over the network.
const serializedIndex = JSON.stringify(idx);
const loadedIndex = lunr.Index.load(JSON.parse(serializedIndex));
Elasticlunr is a lightweight full-text search engine in JavaScript. It is based on lunr.js but provides more flexibility and is faster than lunr.js. It allows for configuring similarity tuning, custom scoring, and has a chainable API.
Fuse.js is a powerful, lightweight fuzzy-search library with a rich set of options. It is different from lunr in that it performs 'fuzzy' searches, which can find matches even when the search terms are not exactly the same as the indexed terms.
Js-search is a library that enables efficient search in JavaScript and JSON objects. It supports various search strategies and is more customizable than lunr, allowing for indexing and searching in multiple languages.
Algolia is a hosted search API that provides a full suite of search features. It is more feature-rich and scalable than lunr, offering real-time search, typo tolerance, and geo-search out of the box. Unlike lunr, it requires an external service and is not a purely client-side solution.
A bit like Solr, but much smaller and not as bright.
A very simple search index can be created using the following:
var idx = lunr(function () {
this.field('title')
this.field('body')
this.add({
"title": "Twelfth-Night",
"body": "If music be the food of love, play on: Give me excess of it…",
"author": "William Shakespeare",
"id": "1"
})
})
Then searching is as simple as:
idx.search("love")
This returns a list of matching documents with a score of how closely they match the search query as well as any associated metadata about the match:
[
{
"ref": "1",
"score": 0.3535533905932737,
"matchData": {
"metadata": {
"love": {
"body": {}
}
}
}
}
]
API documentation is available, as well as a full working example.
Lunr.js is a small, full-text search library for use in the browser. It indexes JSON documents and provides a simple search interface for retrieving documents that best match text queries.
For web applications with all their data already sitting in the client, it makes sense to be able to search that data on the client too. It saves adding extra, compacted services on the server. A local search index will be quicker, there is no network overhead, and will remain available and usable even without a network connection.
Simply include the lunr.js source file in the page that you want to use it. Lunr.js is supported in all modern browsers.
Alternatively an npm package is also available npm install lunr
.
Browsers that do not support ES5 will require a JavaScript shim for Lunr to work. You can either use Augment.js, ES5-Shim or any library that patches old browsers to provide an ES5 compatible JavaScript environment.
See the CONTRIBUTING.md
file.
2.3.9
FAQs
Simple full-text search in your browser.
The npm package lunr receives a total of 2,685,493 weekly downloads. As such, lunr popularity was classified as popular.
We found that lunr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.