Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
maxmind
Advanced tools
Readme
Javascript module for Geo IP lookup using Maxmind binary databases (aka mmdb or geoip2). Fastest Maxmind lookup library available - up to 17,000% faster than other libraries. Module has 100% test coverage with comprehensive test suite. It natively works with binary Maxmind database format and doesn't require any "CSV - {specific lib format}" conversions as some other modules do. Maxmind binary databases are highly optimized for size and performance so there's no point using other formats.
You might want to use geolite2 module with free geo databases. Alternatively, free databases available for download here. If you need better accuracy you should consider buying commercial subscription.
npm i maxmind
import maxmind, { CityResponse } from 'maxmind';
const lookup = await maxmind.open<CityResponse>('/path/to/GeoLite2-City.mmdb');
console.log(lookup.get('66.6.44.4')); // inferred type maxmind.CityResponse
console.log(lookup.getWithPrefixLength('66.6.44.4')); // tuple with inferred type [maxmind.CityResponse|null, number]
You can use Reader
class directly in case if you would want to instantiate it in non-async fashion. Use cases would include receiving a buffer database over network, or just reading it synchronously from disk.
import { Reader } from 'maxmind';
const buffer = fs.readFileSync('./db.mmdb');
const lookup = new Reader<CityResponse>(buffer);
const city = lookup.get('8.8.8.8');
const [city2, prefixLength] = lookup.getWithPrefixLength('66.6.44.4');
Supported response types:
- CountryResponse
- CityResponse
- AnonymousIPResponse
- AsnResponse
- ConnectionTypeResponse
- DomainResponse
- IspResponse
Module is fully compatible with IPv6. There are no differences in API between IPv4 and IPv6.
const lookup = await maxmind.open('/path/to/GeoLite2.mmdb');
const location = lookup.get('2001:4860:0:1001::3004:ef68');
maxmind.open(filepath, [options])
filepath
: <string>
Path to the binary mmdb database file.options
: <Object>
cache
: <Object>
Cache options. Under the bonnet module uses tiny-lru cache.
max
: <number>
Max cache items to keep in memory. Default: 6000
.watchForUpdates
: <boolean>
Supports reloading the reader when changes occur to the database that is loaded. Default: false
.watchForUpdatesNonPersistent
: <boolean>
Controlls wether the watcher should be persistent or not. If it is persistent, a node process will be blocked in watching state if the watcher is the only thing still running in the program. Default: false
.watchForUpdatesHook
: <Function>
Hook function that is fired on database update. Default: null
.Current module is designed to work in node.js environment. Check out mmdb-lib that's used under the bonnet - it's environment agnostic and does work in browser.
Module supports validation for both IPv4 and IPv6:
maxmind.validate('66.6.44.4'); // returns true
maxmind.validate('66.6.44.boom!'); // returns false
maxmind.validate('2001:4860:0:1001::3004:ef68'); // returns true
maxmind.validate('2001:4860:0:1001::3004:boom!'); // returns false
In case you want to use legacy GeoIP binary databases you should use maxmind@0.6.
MIT
FAQs
IP lookup using Maxmind databases
The npm package maxmind receives a total of 159,568 weekly downloads. As such, maxmind popularity was classified as popular.
We found that maxmind demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.