Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
memorystore
Advanced tools
express-session full featured
MemoryStore
module without leaks!
A session store implementation for Express using lru-cache.
Because the default MemoryStore
for express-session will lead to a memory leak due to it haven't a suitable way to make them expire.
The sessions are still stored in memory, so they're not shared with other processes or services.
$ npm install express-session memorystore
Pass the express-session
store into memorystore
to create a MemoryStore
constructor.
const session = require('express-session')
const MemoryStore = require('memorystore')(session)
app.use(session({
cookie: { maxAge: 86400000 },
store: new MemoryStore({
checkPeriod: 86400000 // prune expired entries every 24h
}),
resave: false,
secret: 'keyboard cat'
}))
checkPeriod
Define how long MemoryStore will check for expired. The period is in ms. The automatic check is disabled by default! Not setting this is kind of silly, since that's the whole purpose of this lib.max
The maximum size of the cache, checked by applying the length
function to all values in the cache. It defaults to Infinity
.ttl
Session TTL (expiration) in milliseconds. Defaults to session.maxAge (if set), or one day. This may also be set to a function of the form (options, sess, sessionID) => number
.dispose
Function that is called on sessions when they are dropped
from the cache. This can be handy if you want to close file
descriptors or do other cleanup tasks when sessions are no longer
accessible. Called with key, value
. It's called before
actually removing the item from the internal cache, so if you want
to immediately put it back in, you'll have to do that in a
nextTick
or setTimeout
callback or it won't do anything.stale
By default, if you set a maxAge
, it'll only actually pull
stale items out of the cache when you get(key)
. (That is, it's
not pre-emptively doing a setTimeout
or anything.) If you set
stale:true
, it'll return the stale value before deleting it. If
you don't set this, then it'll return undefined
when you try to
get a stale entry, as if it had already been deleted.noDisposeOnSet
By default, if you set a dispose()
method, then it'll be called whenever a set()
operation overwrites an existing key. If you set this option, dispose()
will only be called when a key falls out of the cache, not when it is overwritten.serializer
An object containing stringify
and parse
methods compatible with Javascript's JSON
to override the serializer used.memorystore
implements all the required, recommended and optional methods of the express-session store. Plus a few more:
startInterval()
and stopInterval()
methods to start/clear the automatic check for expired.
prune()
that you can use to manually remove only the expired entries from the store.
To enable debug set the env var DEBUG=memorystore
Rocco Musolino (@roccomuso)
MIT
FAQs
express-session full featured MemoryStore layer without leaks!
The npm package memorystore receives a total of 45,524 weekly downloads. As such, memorystore popularity was classified as popular.
We found that memorystore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.