Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The maxmind npm package provides tools for IP geolocation and other related functionalities using MaxMind's GeoIP2 and GeoLite2 databases. It allows developers to determine the geographical location, ISP, and other details of an IP address.
IP Geolocation
This feature allows you to determine the geographical location of an IP address. The code sample demonstrates how to use the GeoLite2-City database to get the city information for the IP address '8.8.8.8'.
const maxmind = require('maxmind');
const lookup = async (ip) => {
const cityLookup = await maxmind.open('GeoLite2-City.mmdb');
const city = cityLookup.get(ip);
console.log(city);
};
lookup('8.8.8.8');
ISP Information
This feature allows you to get the ISP information of an IP address. The code sample demonstrates how to use the GeoIP2-ISP database to get the ISP details for the IP address '8.8.8.8'.
const maxmind = require('maxmind');
const lookup = async (ip) => {
const ispLookup = await maxmind.open('GeoIP2-ISP.mmdb');
const isp = ispLookup.get(ip);
console.log(isp);
};
lookup('8.8.8.8');
Anonymous IP Detection
This feature allows you to detect if an IP address is associated with anonymous networks such as VPNs, proxies, or Tor. The code sample demonstrates how to use the GeoIP2-Anonymous-IP database to get anonymous IP details for the IP address '8.8.8.8'.
const maxmind = require('maxmind');
const lookup = async (ip) => {
const anonLookup = await maxmind.open('GeoIP2-Anonymous-IP.mmdb');
const anon = anonLookup.get(ip);
console.log(anon);
};
lookup('8.8.8.8');
The ipstack package provides IP geolocation services similar to maxmind. It offers detailed information about the location, currency, timezone, and connection of an IP address. Unlike maxmind, ipstack is a cloud-based service and requires an API key for access.
The geoip-lite package offers a lightweight IP geolocation solution using a local database. It provides basic geolocation information such as country, region, and city. Compared to maxmind, geoip-lite is less comprehensive but is easier to set up and use for simple geolocation needs.
The ipinfo package provides IP address information including geolocation, ASN, and company details. It uses the IPinfo API and requires an API key. Compared to maxmind, ipinfo offers additional data points such as company information and is also cloud-based.
Javascript module for Geo IP lookup using Maxmind binary databases (aka mmdb or geoip2). Fastest Maxmind lookup library available - up to 17,000% faster than other libraries. Module has 100% test coverage with comprehensive test suite. It natively works with binary Maxmind database format and doesn't require any "CSV - {specific lib format}" conversions as some other modules do. Maxmind binary databases are highly optimized for size and performance so there's no point using other formats.
You might want to use geolite2 module with free geo databases. Alternatively, free databases available for download here. If you need better accuracy you should consider buying commercial subscription.
npm i maxmind
import maxmind, { CityResponse } from 'maxmind';
const lookup = await maxmind.open<CityResponse>('/path/to/GeoLite2-City.mmdb');
console.log(lookup.get('66.6.44.4')); // inferred type maxmind.CityResponse
console.log(lookup.getWithPrefixLength('66.6.44.4')); // tuple with inferred type [maxmind.CityResponse|null, number]
You can use Reader
class directly in case if you would want to instantiate it in non-async fashion. Use cases would include receiving a buffer database over network, or just reading it synchronously from disk.
import { Reader } from 'maxmind';
const buffer = fs.readFileSync('./db.mmdb');
const lookup = new Reader<CityResponse>(buffer);
const city = lookup.get('8.8.8.8');
const [city2, prefixLength] = lookup.getWithPrefixLength('66.6.44.4');
Supported response types:
- CountryResponse
- CityResponse
- AnonymousIPResponse
- AsnResponse
- ConnectionTypeResponse
- DomainResponse
- IspResponse
Module is fully compatible with IPv6. There are no differences in API between IPv4 and IPv6.
const lookup = await maxmind.open('/path/to/GeoLite2.mmdb');
const location = lookup.get('2001:4860:0:1001::3004:ef68');
maxmind.open(filepath, [options])
filepath
: <string>
Path to the binary mmdb database file.options
: <Object>
cache
: <Object>
Cache options. Under the bonnet module uses tiny-lru cache.
max
: <number>
Max cache items to keep in memory. Default: 10_000
.watchForUpdates
: <boolean>
Supports reloading the reader when changes occur to the database that is loaded. Default: false
.watchForUpdatesNonPersistent
: <boolean>
Controls whether the watcher should be persistent or not. If it is persistent, a node process will be blocked in watching state if the watcher is the only thing still running in the program. Default: false
.watchForUpdatesHook
: <Function>
Hook function that is fired on database update. Default: null
.Current module is designed to work in node.js environment. Check out mmdb-lib that's used under the bonnet - it's environment agnostic and does work in browser.
Module supports validation for both IPv4 and IPv6:
maxmind.validate('66.6.44.4'); // returns true
maxmind.validate('66.6.44.boom!'); // returns false
maxmind.validate('2001:4860:0:1001::3004:ef68'); // returns true
maxmind.validate('2001:4860:0:1001::3004:boom!'); // returns false
In case you want to use legacy GeoIP binary databases you should use maxmind@0.6.
MIT
FAQs
IP lookup using Maxmind databases
We found that maxmind demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.