Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
workbox-expiration
Advanced tools
A service worker helper library that expires cached responses based on age or maximum number of entries.
The workbox-expiration package is part of the Workbox suite of libraries, which are designed to make it easier to build offline-first, service worker-powered web applications. The workbox-expiration plugin specifically manages the cache expiration and limits the number of entries in a cache.
Cache Expiration
This feature allows you to set expiration parameters for cached responses. In the code sample, a cache-first strategy is used for requests to 'https://example.com', with a maximum of 60 entries and a maximum age of 30 days before the cached entries are purged.
workbox.routing.registerRoute(
({url}) => url.origin === 'https://example.com',
new workbox.strategies.CacheFirst({
cacheName: 'images',
plugins: [
new workbox.expiration.ExpirationPlugin({
maxEntries: 60,
maxAgeSeconds: 30 * 24 * 60 * 60, // 30 Days
}),
],
}),
);
Cache Entry Limit
This feature limits the number of entries in a cache. In the code sample, a stale-while-revalidate strategy is used for requests to 'https://example.com', with a maximum of 50 entries in the 'articles' cache.
workbox.routing.registerRoute(
({url}) => url.origin === 'https://example.com',
new workbox.strategies.StaleWhileRevalidate({
cacheName: 'articles',
plugins: [
new workbox.expiration.ExpirationPlugin({
maxEntries: 50,
}),
],
}),
);
Purge on Quota Error
This feature automatically purges caches if the browser's storage quota is exceeded. In the code sample, a network-first strategy is used for requests to 'https://example.com', with the 'purgeOnQuotaError' option set to true.
workbox.routing.registerRoute(
({url}) => url.origin === 'https://example.com',
new workbox.strategies.NetworkFirst({
cacheName: 'documents',
plugins: [
new workbox.expiration.ExpirationPlugin({
purgeOnQuotaError: true, // Automatically delete caches if quota is exceeded
}),
],
}),
);
sw-toolbox is a legacy library for service worker caching strategies and was a precursor to Workbox. It offers similar functionalities for caching and managing cache expiration. However, Workbox is recommended over sw-toolbox as it is more modern and actively maintained.
sw-precache is another legacy Google library that generates a service worker script that precaches resources. It includes some cache management features but is less flexible and modular compared to workbox-expiration. Workbox has since superseded sw-precache.
sw-cache-expiration is a standalone library for managing cache expiration in service workers. It provides similar functionality to workbox-expiration but is not as widely adopted or supported as Workbox, which is a comprehensive suite of tools for offline caching.
This module's documentation can be found at https://developers.google.com/web/tools/workbox/modules/workbox-expiration
FAQs
A service worker helper library that expires cached responses based on age or maximum number of entries.
The npm package workbox-expiration receives a total of 3,338,442 weekly downloads. As such, workbox-expiration popularity was classified as popular.
We found that workbox-expiration demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.