Security News
Socket Security Analysis Is Now One Click Away on npm
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.
By Sarah Gooding - Feb 19, 2026
New: Introducing PHP and Composer Support.Read the Announcement →
scurry
A leveldb-backed consistent hash ring, for your toy caching needs. Seriously unfinished; do not put data in this. No really, don't.
One part each
Rod Vagg's levelup leveldb bindings for node + sublevel to create buckets.
Dominic Tarr's crtd, which uses his scuttlebutt implementation to keep a document in sync.
light-cycle, a lightweight consistent hash ring structure that can be mixed into most anything.
restify to provide a simple RESTful api to data in the buckets.
Shake with ice
Run a server:
node index.js --id=node-one -s -p 3333 -g 4114 -d ./db | ./node_modules/.bin/bunyan -o short
Run a client or five:
node index.js --id=node-two -p 3334 -g 4114 -h 10.0.0.5 -d ./db2 | ./node_modules/.bin/bunyan -o short
node index.js --id=node-three -p 3335 -g 4114 -h 10.0.0.5 -d ./db3 | ./node_modules/.bin/bunyan -o short`
node index.js --id=node-four -p 3336 -g 4114 -h 10.0.0.5 -d ./db4 | ./node_modules/.bin/bunyan -o short
Replace 10.0.0.5 with the IP address of your server.
Strain into a chilled glass
Then stuff some data in:
http -f PUT 10.0.0.5:3334/vodkas/1 name="Sobieski" rating=5
http -f PUT 10.0.0.5:3335/vodkas/2 name="Tito's Handmade" rating=5
Get it back out: http GET 10.0.0.5:3336/vodkas/2
(Human-friendly shell commands courtesy of httpie.)
TODO
- The RESTful server is a mess.
- Need to pay attention to content encodings & store them with the documents as metadata.
- Implement key streaming from multiple nodes. See notes in endpoints.handleGetBucket().
- Reconnect on errors.
- Clean up configuration & options.
- Create directories for dbs if they don't exist.
- Error handling.
- Better logging.
- Light-cycle is rickety; bullet-proof it.
- Stretch goal: replication?
Keywords
FAQs
A leveldb-backed consistent hash ring, for your toy caching needs.
The npm package scurry receives a total of 4 weekly downloads. As such, scurry popularity was classified as not popular.
We found that scurry demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 14 Jul 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack
A compromised npm publish token was used to push a malicious postinstall script in cline@2.3.0, affecting the popular AI coding agent CLI with 90k weekly downloads.
By Sarah Gooding - Feb 18, 2026
Product
Socket Brings Supply Chain Security to skills.sh
Socket is now scanning AI agent skills across multiple languages and ecosystems, detecting malicious behavior before developers install, starting with skills.sh's 60,000+ skills.
By Wenxin Jiang, Alexandros Kapravelos - Feb 17, 2026