Gathering detailed insights and metrics for @elastic/elasticsearch
Gathering detailed insights and metrics for @elastic/elasticsearch
Official Elasticsearch client library for Node.js
Installations
npm install @elastic/elasticsearchScore
64.9
Supply Chain
97.9
Quality
98.6
Maintenance
100
Vulnerability
85.6
License
Developer
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
>=18
Typescript Support
Yes
Node Version
22.11.0
NPM Version
10.9.0
Statistics
29 Stars
2,267 Commits
731 Forks
179 Watching
66 Branches
2,122 Contributors
Updated on 22 Nov 2024
Languages
TypeScript (93.89%)
JavaScript (5.59%)
Shell (0.51%)
Dockerfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
161,576,477
Last day
-0.6%
215,145
Compared to previous day
Last week
2.8%
1,165,760
Compared to previous week
Last month
20.5%
4,953,003
Compared to previous month
Last year
23.7%
53,359,581
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
32
@elastic/request-converter@sinonjs/fake-timers@types/debug@types/ms@types/node@types/sinonjs__fake-timers@types/split2@types/stoppable@types/tapchaicross-zipdesminto-streamjs-yamllicense-checkerminimistmsnode-abort-controllernode-fetchoraproxyrimrafsemversplit2stoppabletapts-nodets-standardtypescriptworkqxmlbuilder2zx
Versions
Elasticsearch Node.js client
Download the latest version of Elasticsearch or sign-up for a free trial of Elastic Cloud.
The official Node.js client for Elasticsearch.
Installation
Refer to the Installation section of the getting started documentation.
Connecting
Refer to the Connecting section of the getting started documentation.
Compatibility
The Elasticsearch client is compatible with currently maintained JS versions.
Language clients are forward compatible; meaning that clients support communicating with greater or equal minor versions of Elasticsearch without breaking. It does not mean that the client automatically supports new features of newer Elasticsearch versions; it is only possible after a release of a new client version. For example, a 8.12 client version won't automatically support the new features of the 8.13 version of Elasticsearch, the 8.13 client version is required for that. Elasticsearch language clients are only backwards compatible with default distributions and without guarantees made.
| Elasticsearch Version | Elasticsearch-JS Branch | Supported |
|---|---|---|
| main | main | |
| 8.x | 8.x | 8.x |
| 7.x | 7.x | 7.17 |
Usage
- Creating an index
- Indexing a document
- Getting documents
- Searching documents
- Updating documents
- Deleting documents
- Deleting an index
Node.js support
NOTE: The minimum supported version of Node.js is v18.
The client versioning follows the Elastic Stack versioning, this means that major, minor, and patch releases are done following a precise schedule that often does not coincide with the Node.js release times.
To avoid support insecure and unsupported versions of Node.js, the client will drop the support of EOL versions of Node.js between minor releases. Typically, as soon as a Node.js version goes into EOL, the client will continue to support that version for at least another minor release. If you are using the client with a version of Node.js that will be unsupported soon, you will see a warning in your logs (the client will start logging the warning with two minors in advance).
Unless you are always using a supported version of Node.js,
we recommend defining the client dependency in your
package.json with the ~ instead of ^. In this way, you will lock the
dependency on the minor release and not the major. (for example, ~7.10.0 instead
of ^7.10.0).
| Node.js Version | Node.js EOL date | End of support |
|---|---|---|
8.x | December 2019 | 7.11 (early 2021) |
10.x | April 2021 | 7.12 (mid 2021) |
12.x | April 2022 | 8.2 (early 2022) |
14.x | April 2023 | 8.8 (early 2023) |
16.x | September 2023 | 8.11 (late 2023) |
Compatibility
Language clients are forward compatible; meaning that clients support communicating with greater or equal minor versions of Elasticsearch. Elasticsearch language clients are only backwards compatible with default distributions and without guarantees made.
| Elasticsearch Version | Client Version |
|---|---|
8.x | 8.x |
7.x | 7.x |
6.x | 6.x |
5.x | 5.x |
To install a specific major of the client, run the following command:
npm install @elastic/elasticsearch@<major>
Browser
[!WARNING] There is no official support for the browser environment. It exposes your Elasticsearch instance to everyone, which could lead to security issues. We recommend that you write a lightweight proxy that uses this client instead, you can see a proxy example here.
Documentation
- Introduction
- Usage
- Client configuration
- API reference
- Authentication
- Observability
- Creating a child client
- Client helpers
- Typescript support
- Testing
- Examples
Install multiple versions
If you are using multiple versions of Elasticsearch, you need to use multiple versions of the client. In the past, install multiple versions of the same package was not possible, but with npm v6.9, you can do that via aliasing.
The command you must run to install different version of the client is:
1npm install <alias>@npm:@elastic/elasticsearch@<version>
So for example if you need to install 7.x and 6.x, you will run:
1npm install es6@npm:@elastic/elasticsearch@6 2npm install es7@npm:@elastic/elasticsearch@7
And your package.json will look like the following:
1"dependencies": { 2 "es6": "npm:@elastic/elasticsearch@^6.7.0", 3 "es7": "npm:@elastic/elasticsearch@^7.0.0" 4}
You will require the packages from your code by using the alias you have defined.
1const { Client: Client6 } = require('es6') 2const { Client: Client7 } = require('es7') 3 4const client6 = new Client6({ 5 cloud: { id: '<cloud-id>' }, 6 auth: { apiKey: 'base64EncodedKey' } 7}) 8const client7 = new Client7({ 9 cloud: { id: '<cloud-id>' }, 10 auth: { apiKey: 'base64EncodedKey' } 11}) 12 13client6.info().then(console.log, console.log) 14client7.info().then(console.log, console.log)
Finally, if you want to install the client for the next version of Elasticsearch (the one that lives in Elasticsearch’s main branch), you can use the following command:
1npm install esmain@github:elastic/elasticsearch-js
License
This software is licensed under the Apache License 2.0.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/npm-publish.yml:9
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/elastic/.github/SECURITY.md:1
- Info: Found linked content: github.com/elastic/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/elastic/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/elastic/.github/SECURITY.md:1
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: containerImage not pinned by hash: .buildkite/Dockerfile:2
- Warn: containerImage not pinned by hash: .buildkite/Dockerfile-make:2
- Warn: npmCommand not pinned by hash: .buildkite/Dockerfile:14
- Warn: npmCommand not pinned by hash: .buildkite/Dockerfile-make:27
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:50
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:80
- Warn: npmCommand not pinned by hash: .github/workflows/npm-publish.yml:24
- Warn: npmCommand not pinned by hash: .github/workflows/npm-publish.yml:25
- Info: 11 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 4 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 6 npmCommand dependencies pinned
Reason
Found 6/20 approved changesets -- score normalized to 3
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/npm-publish.yml:12
- Warn: no topLevel permission defined: .github/workflows/backport.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm-publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/serverless-patch.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6.4
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More