layercache 1.3.0 → 1.3.1

package/packages/nestjs/dist/index.cjs

@@ -741,15 +741,14 @@ function createInstanceId() {
   if (globalThis.crypto?.randomUUID) {
     return globalThis.crypto.randomUUID();
   }
-  const bytes = new Uint8Array(16);
   if (globalThis.crypto?.getRandomValues) {
+    const bytes = new Uint8Array(16);
     globalThis.crypto.getRandomValues(bytes);
-  } else {
-    for (let i = 0; i < bytes.length; i += 1) {
-      bytes[i] = Math.floor(Math.random() * 256);
-    }
+    return `layercache-${Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("")}`;
   }
-  return `layercache-${Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("")}`;
+  throw new Error(
+    "layercache requires a cryptographic random source. Neither crypto.randomUUID nor crypto.getRandomValues is available in this runtime."
+  );
 }
 
 // ../../src/internal/CacheStackGeneration.ts
@@ -1728,7 +1727,8 @@ var CircuitBreakerManager = class {
     }
     const remainingMs = state.openUntil - now;
     const remainingSecs = Math.ceil(remainingMs / 1e3);
-    throw new Error(`Circuit breaker is open for key "${key}" (resets in ${remainingSecs}s).`);
+    const displayKey = key.length > 64 ? `${key.slice(0, 64)}...` : key;
+    throw new Error(`Circuit breaker is open for key "${displayKey}" (resets in ${remainingSecs}s).`);
   }
   recordFailure(key, options) {
     if (!options) {
@@ -2493,7 +2493,14 @@ var JsonSerializer = class {
   }
   deserialize(payload) {
     const normalized = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
-    return sanitizeStructuredData(JSON.parse(normalized), {
+    let parsed;
+    try {
+      parsed = JSON.parse(normalized);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(`JsonSerializer: failed to parse JSON payload: ${message}`);
+    }
+    return sanitizeStructuredData(parsed, {
       label: "JSON payload",
       maxDepth: 200,
       maxNodes: 1e4
@@ -2504,6 +2511,12 @@ var JsonSerializer = class {
 // ../../src/stampede/StampedeGuard.ts
 var StampedeGuard = class {
   inFlight = /* @__PURE__ */ new Map();
+  maxInFlight;
+  entryTimeoutMs;
+  constructor(options = {}) {
+    this.maxInFlight = options.maxInFlight ?? 1e4;
+    this.entryTimeoutMs = options.entryTimeoutMs;
+  }
   async execute(key, task) {
     const existing = this.inFlight.get(key);
     if (existing) {
@@ -2514,8 +2527,15 @@ var StampedeGuard = class {
         this.releaseEntry(key, existing);
       }
     }
+    if (this.inFlight.size >= this.maxInFlight) {
+      throw new Error(
+        `StampedeGuard: in-flight limit of ${this.maxInFlight} exceeded. Rejecting new key to prevent memory exhaustion.`
+      );
+    }
+    const taskPromise = Promise.resolve().then(task);
+    const guardedPromise = this.entryTimeoutMs ? this.withTimeout(key, taskPromise, this.entryTimeoutMs) : taskPromise;
     const entry = {
-      promise: Promise.resolve().then(task),
+      promise: guardedPromise,
       references: 1
     };
     this.inFlight.set(key, entry);
@@ -2525,6 +2545,27 @@ var StampedeGuard = class {
       this.releaseEntry(key, entry);
     }
   }
+  withTimeout(key, promise, timeoutMs) {
+    return new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        reject(
+          new Error(
+            `StampedeGuard: task for key "${key.slice(0, 64)}${key.length > 64 ? "..." : ""}" timed out after ${timeoutMs}ms.`
+          )
+        );
+      }, timeoutMs);
+      promise.then(
+        (value) => {
+          clearTimeout(timer);
+          resolve(value);
+        },
+        (error) => {
+          clearTimeout(timer);
+          reject(error);
+        }
+      );
+    });
+  }
   releaseEntry(key, entry) {
     entry.references -= 1;
     const current = this.inFlight.get(key);
@@ -2590,6 +2631,10 @@ var CacheStack = class extends import_node_events.EventEmitter {
     const maxProfileEntries = options.maxProfileEntries ?? DEFAULT_MAX_PROFILE_ENTRIES;
     this.ttlResolver = new TtlResolver({ maxProfileEntries });
     this.circuitBreakerManager = new CircuitBreakerManager({ maxEntries: maxProfileEntries });
+    this.stampedeGuard = new StampedeGuard({
+      maxInFlight: options.stampedeMaxInFlight,
+      entryTimeoutMs: options.stampedeEntryTimeoutMs
+    });
     this.currentGeneration = options.generation;
     if (options.publishSetInvalidation !== void 0) {
       console.warn(
@@ -2668,7 +2713,7 @@ var CacheStack = class extends import_node_events.EventEmitter {
   }
   layers;
   options;
-  stampedeGuard = new StampedeGuard();
+  stampedeGuard;
   metricsCollector = new MetricsCollector();
   instanceId = createInstanceId();
   startup;
@@ -2906,7 +2951,8 @@ var CacheStack = class extends import_node_events.EventEmitter {
               return promise;
             }
             if (existing.fetch !== entry.fetch || existing.optionsSignature !== optionsSignature) {
-              throw new Error(`mget received conflicting entries for key "${entry.key}".`);
+              const displayKey = entry.key.length > 64 ? `${entry.key.slice(0, 64)}...` : entry.key;
+              throw new Error(`mget received conflicting entries for key "${displayKey}".`);
             }
             return existing.promise;
           })

package/packages/nestjs/dist/index.d.cts

@@ -169,6 +169,8 @@ interface CacheStackOptions {
     logger?: CacheLogger | boolean;
     metrics?: boolean;
     stampedePrevention?: boolean;
+    stampedeMaxInFlight?: number;
+    stampedeEntryTimeoutMs?: number;
     invalidationBus?: InvalidationBus;
     tagIndex?: CacheTagIndex;
     generation?: number;

package/packages/nestjs/dist/index.d.ts

@@ -169,6 +169,8 @@ interface CacheStackOptions {
     logger?: CacheLogger | boolean;
     metrics?: boolean;
     stampedePrevention?: boolean;
+    stampedeMaxInFlight?: number;
+    stampedeEntryTimeoutMs?: number;
     invalidationBus?: InvalidationBus;
     tagIndex?: CacheTagIndex;
     generation?: number;

package/packages/nestjs/dist/index.js

@@ -705,15 +705,14 @@ function createInstanceId() {
   if (globalThis.crypto?.randomUUID) {
     return globalThis.crypto.randomUUID();
   }
-  const bytes = new Uint8Array(16);
   if (globalThis.crypto?.getRandomValues) {
+    const bytes = new Uint8Array(16);
     globalThis.crypto.getRandomValues(bytes);
-  } else {
-    for (let i = 0; i < bytes.length; i += 1) {
-      bytes[i] = Math.floor(Math.random() * 256);
-    }
+    return `layercache-${Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("")}`;
   }
-  return `layercache-${Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("")}`;
+  throw new Error(
+    "layercache requires a cryptographic random source. Neither crypto.randomUUID nor crypto.getRandomValues is available in this runtime."
+  );
 }
 
 // ../../src/internal/CacheStackGeneration.ts
@@ -1692,7 +1691,8 @@ var CircuitBreakerManager = class {
     }
     const remainingMs = state.openUntil - now;
     const remainingSecs = Math.ceil(remainingMs / 1e3);
-    throw new Error(`Circuit breaker is open for key "${key}" (resets in ${remainingSecs}s).`);
+    const displayKey = key.length > 64 ? `${key.slice(0, 64)}...` : key;
+    throw new Error(`Circuit breaker is open for key "${displayKey}" (resets in ${remainingSecs}s).`);
   }
   recordFailure(key, options) {
     if (!options) {
@@ -2457,7 +2457,14 @@ var JsonSerializer = class {
   }
   deserialize(payload) {
     const normalized = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
-    return sanitizeStructuredData(JSON.parse(normalized), {
+    let parsed;
+    try {
+      parsed = JSON.parse(normalized);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(`JsonSerializer: failed to parse JSON payload: ${message}`);
+    }
+    return sanitizeStructuredData(parsed, {
       label: "JSON payload",
       maxDepth: 200,
       maxNodes: 1e4
@@ -2468,6 +2475,12 @@ var JsonSerializer = class {
 // ../../src/stampede/StampedeGuard.ts
 var StampedeGuard = class {
   inFlight = /* @__PURE__ */ new Map();
+  maxInFlight;
+  entryTimeoutMs;
+  constructor(options = {}) {
+    this.maxInFlight = options.maxInFlight ?? 1e4;
+    this.entryTimeoutMs = options.entryTimeoutMs;
+  }
   async execute(key, task) {
     const existing = this.inFlight.get(key);
     if (existing) {
@@ -2478,8 +2491,15 @@ var StampedeGuard = class {
         this.releaseEntry(key, existing);
       }
     }
+    if (this.inFlight.size >= this.maxInFlight) {
+      throw new Error(
+        `StampedeGuard: in-flight limit of ${this.maxInFlight} exceeded. Rejecting new key to prevent memory exhaustion.`
+      );
+    }
+    const taskPromise = Promise.resolve().then(task);
+    const guardedPromise = this.entryTimeoutMs ? this.withTimeout(key, taskPromise, this.entryTimeoutMs) : taskPromise;
     const entry = {
-      promise: Promise.resolve().then(task),
+      promise: guardedPromise,
       references: 1
     };
     this.inFlight.set(key, entry);
@@ -2489,6 +2509,27 @@ var StampedeGuard = class {
       this.releaseEntry(key, entry);
     }
   }
+  withTimeout(key, promise, timeoutMs) {
+    return new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        reject(
+          new Error(
+            `StampedeGuard: task for key "${key.slice(0, 64)}${key.length > 64 ? "..." : ""}" timed out after ${timeoutMs}ms.`
+          )
+        );
+      }, timeoutMs);
+      promise.then(
+        (value) => {
+          clearTimeout(timer);
+          resolve(value);
+        },
+        (error) => {
+          clearTimeout(timer);
+          reject(error);
+        }
+      );
+    });
+  }
   releaseEntry(key, entry) {
     entry.references -= 1;
     const current = this.inFlight.get(key);
@@ -2554,6 +2595,10 @@ var CacheStack = class extends EventEmitter {
     const maxProfileEntries = options.maxProfileEntries ?? DEFAULT_MAX_PROFILE_ENTRIES;
     this.ttlResolver = new TtlResolver({ maxProfileEntries });
     this.circuitBreakerManager = new CircuitBreakerManager({ maxEntries: maxProfileEntries });
+    this.stampedeGuard = new StampedeGuard({
+      maxInFlight: options.stampedeMaxInFlight,
+      entryTimeoutMs: options.stampedeEntryTimeoutMs
+    });
     this.currentGeneration = options.generation;
     if (options.publishSetInvalidation !== void 0) {
       console.warn(
@@ -2632,7 +2677,7 @@ var CacheStack = class extends EventEmitter {
   }
   layers;
   options;
-  stampedeGuard = new StampedeGuard();
+  stampedeGuard;
   metricsCollector = new MetricsCollector();
   instanceId = createInstanceId();
   startup;
@@ -2870,7 +2915,8 @@ var CacheStack = class extends EventEmitter {
               return promise;
             }
             if (existing.fetch !== entry.fetch || existing.optionsSignature !== optionsSignature) {
-              throw new Error(`mget received conflicting entries for key "${entry.key}".`);
+              const displayKey = entry.key.length > 64 ? `${entry.key.slice(0, 64)}...` : entry.key;
+              throw new Error(`mget received conflicting entries for key "${displayKey}".`);
             }
             return existing.promise;
           })