Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Redlock is a distributed lock manager for Node.js using Redis. It implements the Redlock algorithm, which is a method for achieving distributed mutual exclusion. This is useful for ensuring that only one process can access a shared resource at a time, even in a distributed system.
Acquiring a Lock
This feature allows you to acquire a lock on a resource. The lock is held for a specified duration (2000 ms in this example). If the lock is successfully acquired, you can perform your operations and then release the lock.
const Redlock = require('redlock');
const redis = require('redis');
const client = redis.createClient();
const redlock = new Redlock([client]);
redlock.lock('locks:resource', 2000).then(function(lock) {
// Do something with the lock
console.log('Lock acquired');
// Release the lock
return lock.unlock();
}).catch(function(err) {
console.error('Failed to acquire lock', err);
});
Extending a Lock
This feature allows you to extend the duration of an existing lock. This is useful if you need more time to complete your operations while holding the lock.
const Redlock = require('redlock');
const redis = require('redis');
const client = redis.createClient();
const redlock = new Redlock([client]);
redlock.lock('locks:resource', 2000).then(function(lock) {
// Extend the lock
return lock.extend(2000);
}).then(function(lock) {
console.log('Lock extended');
// Release the lock
return lock.unlock();
}).catch(function(err) {
console.error('Failed to extend lock', err);
});
Handling Lock Failures
This feature demonstrates how to handle failures when acquiring or maintaining a lock. If an error occurs, it is caught and handled appropriately.
const Redlock = require('redlock');
const redis = require('redis');
const client = redis.createClient();
const redlock = new Redlock([client]);
redlock.lock('locks:resource', 2000).then(function(lock) {
// Do something with the lock
console.log('Lock acquired');
// Simulate a failure
throw new Error('Something went wrong');
}).catch(function(err) {
console.error('Failed to acquire or maintain lock', err);
});
node-redlock is another implementation of the Redlock algorithm for Node.js. It provides similar functionality to the redlock package, allowing you to acquire, extend, and release distributed locks using Redis. The main difference is in the API design and some additional features like automatic retry mechanisms.
redis-lock is a simpler package for distributed locking using Redis. It provides basic lock and unlock functionality but does not implement the full Redlock algorithm. It is easier to use but may not be as robust in a highly distributed environment.
redlock-js is another package that implements the Redlock algorithm. It offers similar features to the redlock package, including acquiring, extending, and releasing locks. It also provides additional configuration options for customizing the lock behavior.
This is a node.js implementation of the redlock algorithm for distributed redis locks. It provides strong guarantees in both single-redis and multi-redis environments, and provides fault tolerance through use of multiple independent redis instances or clusters.
###High-Availability Recommendations
npm install --save redlock
Redlock can use node redis, ioredis or any other compatible redis library to keep its client connections.
A redlock object is instantiated with an array of at least one redis client and an optionaloptions
object. Properties of the Redlock object should NOT be changed after it is firstused, as doing so could have unintended consequences for live locks.
var client1 = require('redis').createClient(6379, 'redis1.example.com');
var client2 = require('redis').createClient(6379, 'redis2.example.com');
var client3 = require('redis').createClient(6379, 'redis3.example.com');
var Redlock = require('redlock');
var redlock = new Redlock(
// you should have one client for each redis node
// in your cluster
[client1, client2, client3],
{
// the expected clock drift; for more details
// see http://redis.io/topics/distlock
driftFactor: 0.01,
// the max number of times Redlock will attempt
// to lock a resource before erroring
retryCount: 3,
// the time in ms between attempts
retryDelay: 200
}
);
###Locking & Unocking
// the string identifier for the resource you want to lock
var resource = 'locks:account:322456';
// the maximum amount of time you want the resource locked,
// keeping in mind that you can extend the lock up until
// the point when it expires
var ttl = 1000;
redlock.lock(resource, ttl).then(function(lock) {
// ...do something here...
// unlock your resource when you are done
return lock.unlock();
});
###Locking and Extending
redlock.lock('locks:account:322456', 1000).then(function(lock) {
// ...do something here...
// if you need more time, you can continue to extend
// the lock as long as you never let it expire
return lock.extend(1000).then(function(lock){
// ...do something here...
// unlock your resource when you are done
return lock.unlock();
});
});
###Locking & Unocking
var using = require('bluebird').using;
// the string identifier for the resource you want to lock
var resource = 'locks:account:322456';
// the maximum amount of time you want the resource locked,
// keeping in mind that you can extend the lock up until
// the point when it expires
var ttl = 1000;
using(redlock.disposer(resource, ttl), function(lock) {
// ...do something here...
}); // <-- unlock is automatically handled by bluebird
###Locking and Extending
using(redlock.disposer('locks:account:322456', 1000), function(lock) {
// ...do something here...
// if you need more time, you can continue to extend
// the lock until it expires
return lock.extend(1000).then(function(extended){
// Note that redlock modifies the original lock,
// so the vars `lock` and `extended` point to the
// exact same object
// ...do something here...
});
}); // <-- unlock is automatically handled by bluebird
###Locking & Unocking
// the string identifier for the resource you want to lock
var resource = 'locks:account:322456';
// the maximum amount of time you want the resource locked,
// keeping in mind that you can extend the lock up until
// the point when it expires
var ttl = 1000;
redlock.lock(resource, ttl, function(err, lock) {
// we failed to lock the resource
if(err) {
// ...
}
// we have the lock
else {
// ...do something here...
// unlock your resource when you are done
lock.unlock();
}
});
###Locking and Extending
redlock.lock('locks:account:322456', 1000, function(err, lock) {
// we failed to lock the resource
if(err) {
// ...
}
// we have the lock
else {
// ...do something here...
// if you need more time, you can continue to extend
// the lock until it expires
lock.extend(1000, function(err, lock){
// we failed to extend the lock on the resource
if(err) {
// ...
}
// ...do something here...
// unlock your resource when you are done
lock.unlock();
}
}
});
###Redlock.lock(resource, ttl, callback)
resource (string)
resource to be lockedttl (number)
time in ms until the lock expirescallback (function)
callback returning:
err (Error)
lock (Lock)
###Redlock.unlock(lock, callback)
lock (Lock)
lock to be releasedcallback (function)
callback with no returning arguments###Redlock.extend(lock, ttl, callback)
lock (Lock)
lock to be extendedttl (number)
time in ms to extend the lock's expirationcallback (function)
callback returning:
err (Error)
lock (Lock)
###Lock.unlock(callback)
callback (function)
callback with no returning arguments###Lock.extend(ttl, callback)
ttl (number)
time in ms to extend the lock's expirationcallback (function)
callback returning:
err (Error)
lock (Lock)
FAQs
A node.js redlock implementation for distributed redis locks
The npm package redlock receives a total of 350,031 weekly downloads. As such, redlock popularity was classified as popular.
We found that redlock demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.