Gathering detailed insights and metrics for @keyv/valkey
Gathering detailed insights and metrics for @keyv/valkey
Simple key-value storage with support for multiple backends
Installations
npm install @keyv/valkeyDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>= 18
Node Version
20.17.0
NPM Version
11.4.1
Score
98.3
Supply Chain
99.1
Quality
87.7
Maintenance
100
Vulnerability
99.3
License
Releases
79
Languages
4
TypeScript
Shell
CSS
JavaScript
TypeScript (99.16%)
Shell (0.38%)
CSS (0.32%)
JavaScript (0.14%)
Developer
Download Statistics
Total Downloads
224,649
Last Day
2,045
Last Week
52,676
Last Month
117,567
Last Year
224,649
GitHub Statistics
MIT License
2,919 Stars
1,632 Commits
178 Forks
20 Watchers
3 Branches
75 Contributors
Updated on Jul 03, 2025
Bundle Size
130.83 kB
Minified
35.10 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.0.6
Package Id
@keyv/valkey@1.0.6
Unpacked Size
64.64 kB
Size
10.87 kB
File Count
7
NPM Version
11.4.1
Node Version
20.17.0
Published on
Jun 21, 2025
Total Downloads
Cumulative downloads
Total Downloads
224,649
Last Day
21.1%
2,045
Compared to previous day
Last Week
48.1%
52,676
Compared to previous week
Last Month
170%
117,567
Compared to previous month
Last Year
0%
224,649
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
8
@keyv/valkey 
Valkey storage adapter for Keyv
Valkey storage adapter for Keyv.
Valkey is the open source replacement to Redis which decided to do a dual license approach moving forward. Valkey is a drop-in replacement for Redis and is fully compatible with the Redis protocol.
We are using the iovalkey which is a Node.js client for Valkey based on the ioredis client.
Install
1npm install --save keyv @keyv/valkey
Usage
This is using the helper createKeyv function to create a Keyv instance with the Valkey storage adapter:
1import {createKeyv} from '@keyv/valkey'; 2 3const keyv = createKeyv('redis://localhost:6379'); 4keyv.on('error', handleConnectionError); 5await keyv.set('foo', 'bar'); 6console.log(await keyv.get('foo')); // 'bar'
If you want to specify the KeyvValkey class directly, you can do so:
1import Keyv from 'keyv'; 2import KeyvValkey from '@keyv/valkey'; 3 4const keyv = new Keyv(new KeyvValkey('redis://user:pass@localhost:6379', { disable_resubscribing: true }));
Or you can manually create a storage adapter instance and pass it to Keyv:
1import Keyv from 'keyv'; 2import KeyvValkey from '@keyv/valkey'; 3 4const KeyvValkey = new KeyvValkey('redis://user:pass@localhost:6379'); 5const keyv = new Keyv({ store: KeyvValkey });
Or reuse a previous Redis instance:
1import Keyv from 'keyv'; 2import Redis from 'iovalkey'; 3import KeyvValkey from '@keyv/valkey'; 4 5const redis = new Redis('redis://user:pass@localhost:6379'); 6const KeyvValkey = new KeyvValkey(redis); 7const keyv = new Keyv({ store: KeyvValkey });
Or reuse a previous Redis cluster:
1import Keyv from 'keyv'; 2import Redis from 'iovalkey'; 3import KeyvValkey from '@keyv/valkey'; 4 5const redis = new Redis.Cluster('redis://user:pass@localhost:6379'); 6const KeyvValkey = new KeyvValkey(redis); 7const keyv = new Keyv({ store: KeyvValkey });
Options
useRedisSets
The useRedisSets option lets you decide whether to use Redis sets for key management. By default, this option is set to true.
When useRedisSets is enabled (true):
- A namespace for the Redis sets is created, and all created keys are added to this. This allows for group management of keys.
- When a key is deleted, it's removed not only from the main storage but also from the Redis set.
- When clearing all keys (using the
clearfunction), all keys in the Redis set are looked up for deletion. The set itself is also deleted.
Note: In high-performance scenarios, enabling useRedisSets might lead to memory leaks. If you're running a high-performance application or service, it is recommended to set useRedisSets to false.
If you decide to set useRedisSets as false, keys will be handled individually and Redis sets won't be utilized.
However, please note that setting useRedisSets to false could lead to performance issues in production when using the clear function, as it will need to iterate over all keys to delete them.
Example
Here's how you can use the useRedisSets option:
1import Keyv from 'keyv';
2
3const keyv = new Keyv(new KeyvValkey('redis://user:pass@localhost:6379', { useRedisSets: false }));License
No vulnerabilities found.
Reason
30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (18) are checked with a SAST tool
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/codecov.yaml:10
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/deploy-website.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/tests.yaml:10
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codecov.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codecov.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codecov.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/deploy-website.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/deploy-website.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/deploy-website.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/tests.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/tests.yaml/main?enable=pin
- Warn: containerImage not pinned by hash: packages/postgres/Dockerfile.ssl:1: pin your Docker image by updating postgres:latest to postgres:latest@sha256:3962158596daaef3682838cc8eb0e719ad1ce520f88e34596ce8d5de1b6330a1
- Warn: npmCommand not pinned by hash: .github/workflows/codecov.yaml:25
- Warn: npmCommand not pinned by hash: .github/workflows/deploy-website.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/tests.yaml:28
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Score
5.6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More