Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
redis-evalsha
Advanced tools
Readme
This library provides a convenient wrapper for sending Lua scripts to a Redis server via EVALSHA
.
It works in tandem with mranney/node-redis. Note that node-redis already tries to use evalsha if you use eval. This library merely prevents your code from computing a SHA1 every time you execute a script.
EVALSHA
allows you to send Lua scripts to a Redis server by sending the SHA-1 hashes instead of actual script content. As long as the body of your script was previously sent to Redis via EVAL
or SCRIPT LOAD
, you can use EVALSHA
to avoid the overhead of sending your entire Lua script over the network.
A Shavaluator
object wraps a Redis client for executing Lua scripts. When executing Lua scripts, a shavaluator will always attempt EVALSHA
first, falling back on EVAL
if the script has not yet been cached by the Redis server.
This project was forked from jeffomatic/shavaluator-js for these reasons:
sendCommand
instead of eval
method as it tries to be too
smart and check the sha that we already computed.var Shavaluator = require('redis-evalsha')
// 1. Initialize a shavaluator with a Redis client
var shavaluator = new Shavaluator(redis);
// 2. Add a series of named Lua scripts to the shavaluator.
shavaluator.add('delequal',
"if redis.call('GET', KEYS[1]) == ARGV[1] then\n" +
" return redis.call('DEL', KEYS[i])\n" +
"end\n" +
"return 0\n");
// 3. The 'delequal' script is now available to call using `exec`. When you
// call this, first EVALSHA is attempted, and then it falls back to EVAL.
shavaluator.exec('delequal', ['someKey'], ['deleteMe'], function(err, result) {
console.log(err, result);
});
Before you can run Lua scripts, you should give each one a name and add them to a shavaluator.
scripts = {
delequal:
" \
if redis.call('GET', KEYS[1]) == ARGV[1] then \
return redis.call('DEL', KEYS[i]) \
end \
return 0 \
"
zmembers:
" \
local key = KEYS[1] \
local results = {} \
if redis.call('ZCARD', key) == 0 then \
return {} \
end \
for i = 1, #ARGV, 1 do \
local memberName = ARGV[i] \
if redis.call('ZSCORE', key, memberName) then \
table.insert(results, memberName) \
end \
end \
return results;
"
};
for (var name in scripts) {
shavaluator.add(name, scripts[name]);
}
Adding a script only generates the SHA-1 of the script body; it does not perform any network operations.
Adds a Lua script to the shavaluator.
Executes the script named scriptName
.
The callback
parameter is standard asynchronous callback, taking two arguments:
FAQs
Convenience wrapper for Redis EVAL/EVALSHA
The npm package redis-evalsha receives a total of 6,330 weekly downloads. As such, redis-evalsha popularity was classified as popular.
We found that redis-evalsha demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.