Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The lunr npm package is a small, full-text search library for use in a web browser or Node.js environment. It provides a simple search interface for retrieving documents based on a search query. Lunr is designed to be easy to set up and use, without the need for a dedicated backend search server.
Creating an index
This code sample demonstrates how to create a search index with lunr. Fields to be indexed are specified, and documents are added to the index.
const lunr = require('lunr');
const idx = lunr(function () {
this.field('title');
this.field('body');
this.add({
'title': 'Example',
'body': 'This is an example.'
});
});
Searching the index
Once an index has been created, you can search it using a query string. This code sample searches for the term 'example' in the index.
const results = idx.search('example');
Serializing and loading an index
Lunr allows you to serialize an index to JSON and load it back. This is useful for saving the index to disk or sending it over the network.
const serializedIndex = JSON.stringify(idx);
const loadedIndex = lunr.Index.load(JSON.parse(serializedIndex));
Elasticlunr is a lightweight full-text search engine in JavaScript. It is based on lunr.js but provides more flexibility and is faster than lunr.js. It allows for configuring similarity tuning, custom scoring, and has a chainable API.
Fuse.js is a powerful, lightweight fuzzy-search library with a rich set of options. It is different from lunr in that it performs 'fuzzy' searches, which can find matches even when the search terms are not exactly the same as the indexed terms.
Js-search is a library that enables efficient search in JavaScript and JSON objects. It supports various search strategies and is more customizable than lunr, allowing for indexing and searching in multiple languages.
Algolia is a hosted search API that provides a full suite of search features. It is more feature-rich and scalable than lunr, offering real-time search, typo tolerance, and geo-search out of the box. Unlike lunr, it requires an external service and is not a purely client-side solution.
A bit like Solr, but much smaller and not as bright.
A very simple search index can be created using the following:
var idx = lunr(function () {
this.field('title')
this.field('body')
this.add({
"title": "Twelfth-Night",
"body": "If music be the food of love, play on: Give me excess of it…",
"author": "William Shakespeare",
"id": "1"
})
})
Then searching is as simple as:
idx.search("love")
This returns a list of matching documents with a score of how closely they match the search query as well as any associated metadata about the match:
[
{
"ref": "1",
"score": 0.3535533905932737,
"matchData": {
"metadata": {
"love": {
"body": {}
}
}
}
}
]
API documentation is available, as well as a full working example.
Lunr.js is a small, full-text search library for use in the browser. It indexes JSON documents and provides a simple search interface for retrieving documents that best match text queries.
For web applications with all their data already sitting in the client, it makes sense to be able to search that data on the client too. It saves adding extra, compacted services on the server. A local search index will be quicker, there is no network overhead, and will remain available and usable even without a network connection.
Simply include the lunr.js source file in the page that you want to use it. Lunr.js is supported in all modern browsers.
Alternatively an npm package is also available npm install lunr
.
Browsers that do not support ES5 will require a JavaScript shim for Lunr to work. You can either use Augment.js, ES5-Shim or any library that patches old browsers to provide an ES5 compatible JavaScript environment.
See the CONTRIBUTING.md
file.
2.3.9
FAQs
Simple full-text search in your browser.
The npm package lunr receives a total of 2,067,120 weekly downloads. As such, lunr popularity was classified as popular.
We found that lunr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.