Transport classes and utilities shared among Node.js Elastic client libraries
Installations
npm install @elastic/transportDeveloper Guide
Typescript
Yes
Module System
CommonJS, ESM
Min. Node Version
>=18
Node Version
20.18.1
NPM Version
11.0.0
Score
96.8
Supply Chain
85.4
Quality
96.5
Maintenance
100
Vulnerability
100
License
Releases
Contributors
Languages
TypeScript (99.62%)
JavaScript (0.38%)
Developer
elastic
Download Statistics
Total Downloads
43,555,968
Last Day
102,253
Last Week
461,958
Last Month
2,042,326
Last Year
25,464,446
GitHub Statistics
6 Stars
320 Commits
26 Forks
239 Watching
9 Branches
2,044 Contributors
Maintainers
Package Meta Information
Latest Version
8.9.4
Package Id
@elastic/transport@8.9.4
Unpacked Size
651.48 kB
Size
60.32 kB
File Count
75
NPM Version
11.0.0
Node Version
20.18.1
Publised On
21 Jan 2025
Total Downloads
Cumulative downloads
Total Downloads
43,555,968
Last day
-8.9%
102,253
Compared to previous day
Last week
-11.9%
461,958
Compared to previous week
Last month
-6%
2,042,326
Compared to previous month
Last year
82.5%
25,464,446
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Elastic Node.js Transport
This is a HTTP transport Node.js library for communicate with Elastic products, like Elasticsearch.
Install
npm install @elastic/transport
Node.js support
NOTE: The minimum supported version of Node.js is v18.
The client versioning follows the Elastic Stack versioning, this means that major, minor, and patch releases are done following a precise schedule that often does not coincide with the Node.js release times.
To avoid support insecure and unsupported versions of Node.js, the client will drop the support of EOL versions of Node.js between minor releases. Typically, as soon as a Node.js version goes into EOL, the client will continue to support that version for at least another minor release.
Unless you are always using a supported version of Node.js,
we recommend defining the client dependency in your
package.json with the ~ instead of ^. In this way, you will lock the
dependency on the minor release and not the major. (for example, ~7.10.0 instead
of ^7.10.0).
| Node.js Version | Node.js EOL date | End of support |
|---|---|---|
8.x | December 2019 | 7.11 (early 2021) |
10.x | April 2021 | 7.12 (mid 2021) |
12.x | April 2022 | 8.2 (early 2022) |
14.x | April 2023 | 8.8 (early 2023) |
16.x | October 2023 | 8.14 (early 2024) |
API
Usage
License
This software is licensed under the Apache 2 license.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/elastic/.github/SECURITY.md:1
- Info: Found linked content: github.com/elastic/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/elastic/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/elastic/.github/SECURITY.md:1
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/npm-publish.yml:9
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:33
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:77
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:87
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:88
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:111
- Warn: npmCommand not pinned by hash: .github/workflows/npm-publish.yml:24
- Warn: npmCommand not pinned by hash: .github/workflows/npm-publish.yml:25
- Info: 10 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 7 npmCommand dependencies pinned
Reason
Found 1/12 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/npm-publish.yml:12
- Warn: no topLevel permission defined: .github/workflows/backport.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm-publish.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More