New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

void

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

void

A NodeJS module that intelligently invalidates your CloudFront Cache.

latest
Source
npmnpm
Version
0.1.6
Version published
Maintainers
1
Created
Source

Void Build Status

Void is a NodeJS module that intelligently invalidates your CloudFront Cache. It respects the following limitations:

  • Hard limit of 1000 paths per invalidation
  • Only 3 invalidations can run at the same time (and other processes may be creating them too)
  • There is no callback for the native AWS SDK, so the API must be polled

Installation

$ npm install void

Void relies on the AWS-SDK, which requires that you set two environment variables:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

You can export them in the shell for local testing or permanent use. You can also load them into your environment using a tool like supervisor or foreman to load an .env file.

Follow your hosting provider's instructions for setting environment variables in production:

Void requires a third environment variable that contains the CloudFront distribution id:

DISTRIBUTION_ID

WARNING: Do not place your AWS credentials or CloudFront Distribution ID in source control!

Usage

Require void at the top of your script.

var Void = require('void');

Call the constructor with the new keyword.

var v = new Void();

Note: Use a capital "V" for the constructor and a single, lowercase "v" to avoid collision with the reserved word "void".

Arguments

  • name: will default to a 5 character string for logging
  • distribution: will default to process.env.DISTRIBUTION_ID
  • paths: Array of path strings to be cleared
  • dirs: Array of directories to be scanned and added to paths
  • poison: Array of path strings to be removed from paths
  • maxPaths: Max number of paths per invalidation (defaults to 1000)
  • maxJobs: Max number of simultaneous invalidations (defaults to 3)

Properties

  • queue: Queue of invalidations
  • cloudfront: The AWS-SDK object

Example

We can change the default maxPaths method to see some complex behavior:

var v = new Void({
	paths : [
		'/index.html',
		'/index2.html',
		'/foo/bar.html',
		'/foo2/bar2.html'
	],
	maxPaths : 1
});

This will result in the the following console output:

[Void:IWZ33] Created 4 item(s) in the queue
[Void:IWZ33][Job:H27NL] Invalidation "IVBLZ2PCXZL5Q" created. Checking in 10 minute(s)...
[Void:IWZ33][Job:JD9ZU] Invalidation "I35PDGSFYBCA1X" created. Checking in 10 minute(s)...
[Void:IWZ33][Job:H1C3R] Too many invalidations, retrying in 2 minute(s)
[Void:IWZ33][Job:H1C3R] Too many invalidations, retrying in 2 minute(s)
[Void:IWZ33][Job:H1C3R] Too many invalidations, retrying in 2 minute(s)
[Void:IWZ33][Job:H1C3R] Too many invalidations, retrying in 2 minute(s)
[Void:IWZ33][Job:H1C3R] Too many invalidations, retrying in 2 minute(s)
[Void:IWZ33][Job:H27NL] In progress, re-checking in 2 minute(s)...
[Void:IWZ33][Job:JD9ZU] In progress, re-checking in 2 minute(s)...
[Void:IWZ33][Job:H1C3R] Too many invalidations, retrying in 2 minute(s)
[Void:IWZ33][Job:H27NL] In progress, re-checking in 2 minute(s)...
[Void:IWZ33][Job:JD9ZU] In progress, re-checking in 2 minute(s)...
[Void:IWZ33][Job:H1C3R] Invalidation "I13B9HSQI6RO7J" created. Checking in 10 minute(s)...
[Void:IWZ33][Job:JD9ZU] Invalidation "I35PDGSFYBCA1X" completed!
[Void:IWZ33][Job:H27NL] Invalidation "IVBLZ2PCXZL5Q" completed!
[Void:IWZ33][Job:7BTD7] Invalidation "I3HRQCLJU7OSZ7" created. Checking in 10 minute(s)...
[Void:IWZ33][Job:H1C3R] Invalidation "I13B9HSQI6RO7J" completed!
[Void:IWZ33][Job:7BTD7] In progress, re-checking in 2 minute(s)...
[Void:IWZ33][Job:7BTD7] Invalidation "I3HRQCLJU7OSZ7" completed!
[Void:IWZ23] All jobs complete!

Tests

Install the global dependancies with sudo permissions.

$ sudo npm install -g mocha
$ sudo npm install -g should

Run mocha directly to see the test results.

$ cd void
$ mocha

WARNING: Tests will fail unless you have the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and DISTRIBUTION_ID variables configured in your environment!

Notes

  • You may incur charges if you invalidate your CloudFront cache frequently. PLease see their documentation and pricing.
  • Again… do NOT put your AWS credentials of CloudFront distribution id in source control

To do

  • More tests
  • Surface granual Job properties in Void constructor for more flexibility
  • Void event callbacks
  • Document Job object

Keywords

AWS
CloudFront
invalidate
cache
clear
request

FAQs

Package last updated on 13 May 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

Security News

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.

By Sarah Gooding  -  Apr 11, 2026
Don't Kill the Goose That Lays the Golden Eggs

Security News

Don't Kill the Goose That Lays the Golden Eggs

Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.

By Sarah Gooding  -  Apr 10, 2026
Feross on TBPN: How North Korea Hijacked Axios

Security News

Feross on TBPN: How North Korea Hijacked Axios

Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.

By Sarah Gooding  -  Apr 08, 2026