Gathering detailed insights and metrics for cacache
Gathering detailed insights and metrics for cacache
Gathering detailed insights and metrics for cacache
Gathering detailed insights and metrics for cacache
@types/cacache
TypeScript definitions for cacache
lazy-cacache
a wrap class of cacache
minipass
minimal implementation of a PassThrough stream
glob-cache
Best and fastest file globbing solution for Node.js - can use **any** glob library like `glob`, `globby` or `fast-glob`! Streaming, Promise and Hook APIs, with built in caching layer using `cacache`. Makes you Instant Fast™.
npm install cacache
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
279 Stars
748 Commits
31 Forks
13 Watching
2 Branches
93 Contributors
Updated on 16 Oct 2024
JavaScript (100%)
Cumulative downloads
Total Downloads
Last day
-1.8%
5,742,310
Compared to previous day
Last week
3.8%
30,602,905
Compared to previous week
Last month
13.3%
124,798,475
Compared to previous month
Last year
-6.9%
1,420,013,472
Compared to previous year
cacache
is a Node.js library for managing
local key and content address caches. It's really fast, really good at
concurrency, and it will never give you corrupted data, even if cache files
get corrupted or manipulated.
On systems that support user and group settings on files, cacache will
match the uid
and gid
values to the folder where the cache lives, even
when running as root
.
It was written to be used as npm's local cache, but can just as easily be used on its own.
$ npm install --save cacache
1const cacache = require('cacache') 2const fs = require('fs') 3 4const cachePath = '/tmp/my-toy-cache' 5const key = 'my-unique-key-1234' 6 7// Cache it! Use `cachePath` as the root of the content cache 8cacache.put(cachePath, key, '10293801983029384').then(integrity => { 9 console.log(`Saved content to ${cachePath}.`) 10}) 11 12const destination = '/tmp/mytar.tgz' 13 14// Copy the contents out of the cache and into their destination! 15// But this time, use stream instead! 16cacache.get.stream( 17 cachePath, key 18).pipe( 19 fs.createWriteStream(destination) 20).on('finish', () => { 21 console.log('done extracting!') 22}) 23 24// The same thing, but skip the key index. 25cacache.get.byDigest(cachePath, integrityHash).then(data => { 26 fs.writeFile(destination, data, err => { 27 console.log('tarball data fetched based on its sha512sum and written out!') 28 }) 29})
The cacache team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
All participants and maintainers in this project are expected to follow Code of Conduct, and just generally be excellent to each other.
Please refer to the Changelog for project history details, too.
Happy hacking!
> cacache.ls(cache) -> Promise<Object>
Lists info for all entries currently in the cache as a single large object. Each
entry in the object will be keyed by the unique index key, with corresponding
get.info
objects as the values.
1cacache.ls(cachePath).then(console.log) 2// Output 3{ 4 'my-thing': { 5 key: 'my-thing', 6 integrity: 'sha512-BaSe64/EnCoDED+HAsh==' 7 path: '.testcache/content/deadbeef', // joined with `cachePath` 8 time: 12345698490, 9 size: 4023948, 10 metadata: { 11 name: 'blah', 12 version: '1.2.3', 13 description: 'this was once a package but now it is my-thing' 14 } 15 }, 16 'other-thing': { 17 key: 'other-thing', 18 integrity: 'sha1-ANothER+hasH=', 19 path: '.testcache/content/bada55', 20 time: 11992309289, 21 size: 111112 22 } 23}
> cacache.ls.stream(cache) -> Readable
Lists info for all entries currently in the cache as a single large object.
This works just like ls
, except get.info
entries are
returned as 'data'
events on the returned stream.
1cacache.ls.stream(cachePath).on('data', console.log) 2// Output 3{ 4 key: 'my-thing', 5 integrity: 'sha512-BaSe64HaSh', 6 path: '.testcache/content/deadbeef', // joined with `cachePath` 7 time: 12345698490, 8 size: 13423, 9 metadata: { 10 name: 'blah', 11 version: '1.2.3', 12 description: 'this was once a package but now it is my-thing' 13 } 14} 15 16{ 17 key: 'other-thing', 18 integrity: 'whirlpool-WoWSoMuchSupport', 19 path: '.testcache/content/bada55', 20 time: 11992309289, 21 size: 498023984029 22} 23 24{ 25 ... 26}
> cacache.get(cache, key, [opts]) -> Promise({data, metadata, integrity})
Returns an object with the cached data, digest, and metadata identified by
key
. The data
property of this object will be a Buffer
instance that
presumably holds some data that means something to you. I'm sure you know what
to do with it! cacache just won't care.
integrity
is a Subresource
Integrity
string. That is, a string that can be used to verify data
, which looks like
<hash-algorithm>-<base64-integrity-hash>
.
If there is no content identified by key
, or if the locally-stored data does
not pass the validity checksum, the promise will be rejected.
A sub-function, get.byDigest
may be used for identical behavior, except lookup
will happen by integrity hash, bypassing the index entirely. This version of the
function only returns data
itself, without any wrapper.
See: options
This function loads the entire cache entry into memory before returning it. If
you're dealing with Very Large data, consider using get.stream
instead.
1// Look up by key 2cache.get(cachePath, 'my-thing').then(console.log) 3// Output: 4{ 5 metadata: { 6 thingName: 'my' 7 }, 8 integrity: 'sha512-BaSe64HaSh', 9 data: Buffer#<deadbeef>, 10 size: 9320 11} 12 13// Look up by digest 14cache.get.byDigest(cachePath, 'sha512-BaSe64HaSh').then(console.log) 15// Output: 16Buffer#<deadbeef>
> cacache.get.stream(cache, key, [opts]) -> Readable
Returns a Readable Stream of the cached data identified by key
.
If there is no content identified by key
, or if the locally-stored data does
not pass the validity checksum, an error will be emitted.
metadata
and integrity
events will be emitted before the stream closes, if
you need to collect that extra data about the cached entry.
A sub-function, get.stream.byDigest
may be used for identical behavior,
except lookup will happen by integrity hash, bypassing the index entirely. This
version does not emit the metadata
and integrity
events at all.
See: options
1// Look up by key 2cache.get.stream( 3 cachePath, 'my-thing' 4).on('metadata', metadata => { 5 console.log('metadata:', metadata) 6}).on('integrity', integrity => { 7 console.log('integrity:', integrity) 8}).pipe( 9 fs.createWriteStream('./x.tgz') 10) 11// Outputs: 12metadata: { ... } 13integrity: 'sha512-SoMeDIGest+64==' 14 15// Look up by digest 16cache.get.stream.byDigest( 17 cachePath, 'sha512-SoMeDIGest+64==' 18).pipe( 19 fs.createWriteStream('./x.tgz') 20)
> cacache.get.info(cache, key) -> Promise
Looks up key
in the cache index, returning information about the entry if
one exists.
key
- Key the entry was looked up under. Matches the key
argument.integrity
- Subresource Integrity hash for the content this entry refers to.path
- Filesystem path where content is stored, joined with cache
argument.time
- Timestamp the entry was first added on.metadata
- User-assigned metadata associated with the entry/content.1cacache.get.info(cachePath, 'my-thing').then(console.log) 2 3// Output 4{ 5 key: 'my-thing', 6 integrity: 'sha256-MUSTVERIFY+ALL/THINGS==' 7 path: '.testcache/content/deadbeef', 8 time: 12345698490, 9 size: 849234, 10 metadata: { 11 name: 'blah', 12 version: '1.2.3', 13 description: 'this was once a package but now it is my-thing' 14 } 15}
> cacache.get.hasContent(cache, integrity) -> Promise
Looks up a Subresource Integrity hash in the cache. If content
exists for this integrity
, it will return an object, with the specific single integrity hash
that was found in sri
key, and the size of the found content as size
. If no content exists for this integrity, it will return false
.
1cacache.get.hasContent(cachePath, 'sha256-MUSTVERIFY+ALL/THINGS==').then(console.log) 2 3// Output 4{ 5 sri: { 6 source: 'sha256-MUSTVERIFY+ALL/THINGS==', 7 algorithm: 'sha256', 8 digest: 'MUSTVERIFY+ALL/THINGS==', 9 options: [] 10 }, 11 size: 9001 12} 13 14cacache.get.hasContent(cachePath, 'sha521-NOT+IN/CACHE==').then(console.log) 15 16// Output 17false
opts.integrity
If present, the pre-calculated digest for the inserted content. If this option
is provided and does not match the post-insertion digest, insertion will fail
with an EINTEGRITY
error.
opts.memoize
Default: null
If explicitly truthy, cacache will read from memory and memoize data on bulk read. If false
, cacache will read from disk data. Reader functions by default read from in-memory cache.
opts.size
If provided, the data stream will be verified to check that enough data was
passed through. If there's more or less data than expected, insertion will fail
with an EBADSIZE
error.
> cacache.put(cache, key, data, [opts]) -> Promise
Inserts data passed to it into the cache. The returned Promise resolves with a
digest (generated according to opts.algorithms
) after the
cache entry has been successfully written.
See: options
1fetch( 2 'https://registry.npmjs.org/cacache/-/cacache-1.0.0.tgz' 3).then(data => { 4 return cacache.put(cachePath, 'registry.npmjs.org|cacache@1.0.0', data) 5}).then(integrity => { 6 console.log('integrity hash is', integrity) 7})
> cacache.put.stream(cache, key, [opts]) -> Writable
Returns a Writable
Stream that inserts
data written to it into the cache. Emits an integrity
event with the digest of
written contents when it succeeds.
See: options
1request.get( 2 'https://registry.npmjs.org/cacache/-/cacache-1.0.0.tgz' 3).pipe( 4 cacache.put.stream( 5 cachePath, 'registry.npmjs.org|cacache@1.0.0' 6 ).on('integrity', d => console.log(`integrity digest is ${d}`)) 7)
opts.metadata
Arbitrary metadata to be attached to the inserted key.
opts.size
If provided, the data stream will be verified to check that enough data was
passed through. If there's more or less data than expected, insertion will fail
with an EBADSIZE
error.
opts.integrity
If present, the pre-calculated digest for the inserted content. If this option
is provided and does not match the post-insertion digest, insertion will fail
with an EINTEGRITY
error.
algorithms
has no effect if this option is present.
opts.integrityEmitter
Streaming only If present, uses the provided event emitter as a source of truth for both integrity and size. This allows use cases where integrity is already being calculated outside of cacache to reuse that data instead of calculating it a second time.
The emitter must emit both the 'integrity'
and 'size'
events.
NOTE: If this option is provided, you must verify that you receive the correct
integrity value yourself and emit an 'error'
event if there is a mismatch.
ssri Integrity Streams do this for you when given an expected integrity.
opts.algorithms
Default: ['sha512']
Hashing algorithms to use when calculating the subresource integrity
digest
for inserted data. Can use any algorithm listed in crypto.getHashes()
or
'omakase'
/'お任せします'
to pick a random hash algorithm on each insertion. You
may also use any anagram of 'modnar'
to use this feature.
Currently only supports one algorithm at a time (i.e., an array length of
exactly 1
). Has no effect if opts.integrity
is present.
opts.memoize
Default: null
If provided, cacache will memoize the given cache insertion in memory, bypassing any filesystem checks for that key or digest in future cache fetches. Nothing will be written to the in-memory cache unless this option is explicitly truthy.
If opts.memoize
is an object or a Map
-like (that is, an object with get
and set
methods), it will be written to instead of the global memoization
cache.
Reading from disk data can be forced by explicitly passing memoize: false
to
the reader functions, but their default will be to read from memory.
opts.tmpPrefix
Default: null
Prefix to append on the temporary directory name inside the cache's tmp dir.
> cacache.rm.all(cache) -> Promise
Clears the entire cache. Mainly by blowing away the cache directory itself.
1cacache.rm.all(cachePath).then(() => { 2 console.log('THE APOCALYPSE IS UPON US 😱') 3})
> cacache.rm.entry(cache, key, [opts]) -> Promise
Alias: cacache.rm
Removes the index entry for key
. Content will still be accessible if
requested directly by content address (get.stream.byDigest
).
By default, this appends a new entry to the index with an integrity of null
.
If opts.removeFully
is set to true
then the index file itself will be
physically deleted rather than appending a null
.
To remove the content itself (which might still be used by other entries), use
rm.content
. Or, to safely vacuum any unused content, use
verify
.
1cacache.rm.entry(cachePath, 'my-thing').then(() => { 2 console.log('I did not like it anyway') 3})
> cacache.rm.content(cache, integrity) -> Promise
Removes the content identified by integrity
. Any index entries referring to it
will not be usable again until the content is re-added to the cache with an
identical digest.
1cacache.rm.content(cachePath, 'sha512-SoMeDIGest/IN+BaSE64==').then(() => { 2 console.log('data for my-thing is gone!') 3})
> cacache.index.compact(cache, key, matchFn, [opts]) -> Promise
Uses matchFn
, which must be a synchronous function that accepts two entries
and returns a boolean indicating whether or not the two entries match, to
deduplicate all entries in the cache for the given key
.
If opts.validateEntry
is provided, it will be called as a function with the
only parameter being a single index entry. The function must return a Boolean,
if it returns true
the entry is considered valid and will be kept in the index,
if it returns false
the entry will be removed from the index.
If opts.validateEntry
is not provided, however, every entry in the index will
be deduplicated and kept until the first null
integrity is reached, removing
all entries that were written before the null
.
The deduplicated list of entries is both written to the index, replacing the existing content, and returned in the Promise.
> cacache.index.insert(cache, key, integrity, opts) -> Promise
Writes an index entry to the cache for the given key
without writing content.
It is assumed if you are using this method, you have already stored the content
some other way and you only wish to add a new index to that content. The metadata
and size
properties are read from opts
and used as part of the index entry.
Returns a Promise resolving to the newly added entry.
> cacache.clearMemoized()
Completely resets the in-memory entry cache.
> tmp.mkdir(cache, opts) -> Promise<Path>
Returns a unique temporary directory inside the cache's tmp
dir. This
directory will use the same safe user assignment that all the other stuff use.
Once the directory is made, it's the user's responsibility that all files
within are given the appropriate gid
/uid
ownership settings to match
the rest of the cache. If not, you can ask cacache to do it for you by
calling tmp.fix()
, which will fix all tmp directory
permissions.
If you want automatic cleanup of this directory, use
tmp.withTmp()
See: options
1cacache.tmp.mkdir(cache).then(dir => { 2 fs.writeFile(path.join(dir, 'blablabla'), Buffer#<1234>, ...) 3})
> tmp.fix(cache) -> Promise
Sets the uid
and gid
properties on all files and folders within the tmp
folder to match the rest of the cache.
Use this after manually writing files into tmp.mkdir
or
tmp.withTmp
.
1cacache.tmp.mkdir(cache).then(dir => { 2 writeFile(path.join(dir, 'file'), someData).then(() => { 3 // make sure we didn't just put a root-owned file in the cache 4 cacache.tmp.fix().then(() => { 5 // all uids and gids match now 6 }) 7 }) 8})
> tmp.withTmp(cache, opts, cb) -> Promise
Creates a temporary directory with tmp.mkdir()
and calls cb
with it. The created temporary directory will be removed when the return value
of cb()
resolves, the tmp directory will be automatically deleted once that
promise completes.
The same caveats apply when it comes to managing permissions for the tmp dir's contents.
See: options
1cacache.tmp.withTmp(cache, dir => { 2 return fs.writeFile(path.join(dir, 'blablabla'), 'blabla contents', { encoding: 'utf8' }) 3}).then(() => { 4 // `dir` no longer exists 5})
opts.tmpPrefix
Default: null
Prefix to append on the temporary directory name inside the cache's tmp dir.
For content verification and addressing, cacache uses strings following the
Subresource
Integrity spec.
That is, any time cacache expects an integrity
argument or option, it
should be in the format <hashAlgorithm>-<base64-hash>
.
One deviation from the current spec is that cacache will support any hash
algorithms supported by the underlying Node.js process. You can use
crypto.getHashes()
to see which ones you can use.
If you have an existing content shasum, they are generally formatted as a
hexadecimal string (that is, a sha1 would look like:
5f5513f8822fdbe5145af33b64d8d970dcf95c6e
). In order to be compatible with
cacache, you'll need to convert this to an equivalent subresource integrity
string. For this example, the corresponding hash would be:
sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4=
.
If you want to generate an integrity string yourself for existing data, you can use something like this:
1const crypto = require('crypto') 2const hashAlgorithm = 'sha512' 3const data = 'foobarbaz' 4 5const integrity = ( 6 hashAlgorithm + 7 '-' + 8 crypto.createHash(hashAlgorithm).update(data).digest('base64') 9)
You can also use ssri
to have a richer set of functionality
around SRI strings, including generation, parsing, and translating from existing
hex-formatted strings.
> cacache.verify(cache, opts) -> Promise
Checks out and fixes up your cache:
tmp
directory in the cache and all its contents.When it's done, it'll return an object with various stats about the verification process, including amount of storage reclaimed, number of valid entries, number of entries removed, etc.
opts.concurrency
Default: 20
Number of concurrently read files in the filesystem while doing clean up.
opts.filter
Receives a formatted entry. Return false to remove it. Note: might be called more than once on the same entry.
opts.log
Custom logger function:
log: { silly () {} }
log.silly('verify', 'verifying cache at', cache)
1echo somegarbage >> $CACHEPATH/content/deadbeef
1cacache.verify(cachePath).then(stats => { 2 // deadbeef collected, because of invalid checksum. 3 console.log('cache is much nicer now! stats:', stats) 4})
> cacache.verify.lastRun(cache) -> Promise
Returns a Date
representing the last time cacache.verify
was run on cache
.
1cacache.verify(cachePath).then(() => { 2 cacache.verify.lastRun(cachePath).then(lastTime => { 3 console.log('cacache.verify was last called on' + lastTime) 4 }) 5})
No vulnerabilities found.
Reason
all changesets reviewed
Reason
14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
security policy file detected
Details
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
SAST tool detected but not run on all commits
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More