Gathering detailed insights and metrics for fresh
Gathering detailed insights and metrics for fresh
Installations
npm install freshReleases
Unable to fetch releases
Developer
jshttp
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
>= 0.6
Typescript Support
No
Node Version
6.11.1
NPM Version
3.10.10
Statistics
161 Stars
217 Commits
29 Forks
14 Watching
3 Branches
37 Contributors
Updated on 17 Sept 2024
Bundle Size
835.00 B
Minified
507.00 B
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
6,561,293,053
Last day
-5.8%
5,907,807
Compared to previous day
Last week
2.2%
34,546,615
Compared to previous week
Last month
8.2%
143,040,486
Compared to previous month
Last year
5.8%
1,488,362,665
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
fresh
HTTP response freshness testing
Installation
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
$ npm install fresh
API
1var fresh = require('fresh')
fresh(reqHeaders, resHeaders)
Check freshness of the response using request and response headers.
When the response is still "fresh" in the client's cache true is
returned, otherwise false is returned to indicate that the client
cache is now stale and the full response should be sent.
When a client sends the Cache-Control: no-cache request header to
indicate an end-to-end reload request, this module will return false
to make handling these requests transparent.
Known Issues
This module is designed to only follow the HTTP specifications, not to work-around all kinda of client bugs (especially since this module typically does not receive enough information to understand what the client actually is).
There is a known issue that in certain versions of Safari, Safari will incorrectly make a request that allows this module to validate freshness of the resource even when Safari does not have a representation of the resource in the cache. The module jumanji can be used in an Express application to work-around this issue and also provides links to further reading on this Safari bug.
Example
API usage
1var reqHeaders = { 'if-none-match': '"foo"' } 2var resHeaders = { etag: '"bar"' } 3fresh(reqHeaders, resHeaders) 4// => false 5 6var reqHeaders = { 'if-none-match': '"foo"' } 7var resHeaders = { etag: '"foo"' } 8fresh(reqHeaders, resHeaders) 9// => true
Using with Node.js http server
1var fresh = require('fresh') 2var http = require('http') 3 4var server = http.createServer(function (req, res) { 5 // perform server logic 6 // ... including adding ETag / Last-Modified response headers 7 8 if (isFresh(req, res)) { 9 // client has a fresh copy of resource 10 res.statusCode = 304 11 res.end() 12 return 13 } 14 15 // send the resource 16 res.statusCode = 200 17 res.end('hello, world!') 18}) 19 20function isFresh (req, res) { 21 return fresh(req.headers, { 22 etag: res.getHeader('ETag'), 23 'last-modified': res.getHeader('Last-Modified') 24 }) 25} 26 27server.listen(3000)
License
Stable Version
The latest stable version of the package.
Stable Version
0.5.2
HIGH
1
HIGH
7.5/10
Summary
Regular Expression Denial of Service in fresh
Affected Versions
< 0.5.2
Patched Versions
0.5.2
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/jshttp/.github/SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/jshttp/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/jshttp/.github/SECURITY.md:1
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/fresh/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/fresh/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/fresh/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:53
- Info: 3 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
Found 3/25 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Score
4.4
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More