![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
memorystore
Advanced tools
Readme
express-session full featured
MemoryStore
module without leaks!
A session store implementation for Express using lru-cache.
Because the default MemoryStore
for express-session will lead to a memory leak due to it haven't a suitable way to make them expire.
The sessions are still stored in memory, so they're not shared with other processes or services.
$ npm install express-session memorystore
Pass the express-session
store into memorystore
to create a MemoryStore
constructor.
const session = require('express-session')
const MemoryStore = require('memorystore')(session)
app.use(session({
cookie: { maxAge: 86400000 },
store: new MemoryStore({
checkPeriod: 86400000 // prune expired entries every 24h
}),
resave: false,
secret: 'keyboard cat'
}))
checkPeriod
Define how long MemoryStore will check for expired. The period is in ms. The automatic check is disabled by default! Not setting this is kind of silly, since that's the whole purpose of this lib.max
The maximum size of the cache, checked by applying the length
function to all values in the cache. It defaults to Infinity
.ttl
Session TTL (expiration) in milliseconds. Defaults to session.maxAge (if set), or one day. This may also be set to a function of the form (options, sess, sessionID) => number
.dispose
Function that is called on sessions when they are dropped
from the cache. This can be handy if you want to close file
descriptors or do other cleanup tasks when sessions are no longer
accessible. Called with key, value
. It's called before
actually removing the item from the internal cache, so if you want
to immediately put it back in, you'll have to do that in a
nextTick
or setTimeout
callback or it won't do anything.stale
By default, if you set a maxAge
, it'll only actually pull
stale items out of the cache when you get(key)
. (That is, it's
not pre-emptively doing a setTimeout
or anything.) If you set
stale:true
, it'll return the stale value before deleting it. If
you don't set this, then it'll return undefined
when you try to
get a stale entry, as if it had already been deleted.noDisposeOnSet
By default, if you set a dispose()
method, then it'll be called whenever a set()
operation overwrites an existing key. If you set this option, dispose()
will only be called when a key falls out of the cache, not when it is overwritten.serializer
An object containing stringify
and parse
methods compatible with Javascript's JSON
to override the serializer used.memorystore
implements all the required, recommended and optional methods of the express-session store. Plus a few more:
startInterval()
and stopInterval()
methods to start/clear the automatic check for expired.
prune()
that you can use to manually remove only the expired entries from the store.
To enable debug set the env var DEBUG=memorystore
Rocco Musolino (@roccomuso)
MIT
FAQs
express-session full featured MemoryStore layer without leaks!
The npm package memorystore receives a total of 51,244 weekly downloads. As such, memorystore popularity was classified as popular.
We found that memorystore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.