Mem versions 1.0.0 and 1.1.0, both by Sindre Sorhus, are focused on providing function memoization, a powerful optimization technique improving performance by caching results of function calls based on input. Both versions share the same core functionality and dependencies, including mimic-fn for function mimicking and development dependencies like ava for testing, delay for asynchronous operations, and xo for code linting. They are released under the MIT license and hosted on GitHub, indicating an open-source and community-friendly project.
The key difference lies in the release date, with version 1.1.0 being published shortly after version 1.0.0. While both versions likely offer identical API and core memoization logic, the quick succession of releases could indicate a minor bug fix, documentation update, or very targeted optimization present in version 1.1.0. For developers considering mem, this close release history suggests stability and active maintenance, although examining the commit history between these versions on the GitHub repository would give a clearer picture of the exact changes implemented. Using either version should be safe, but opting for 1.1.0 might be worthwhile due to the potential for incremental improvements delivered in that release. The tarball URLs provide a direct download link for each version, useful in reproducible builds.
All the vulnerabilities related to the version 1.1.0 of the package
Denial of Service in mem
Versions of mem prior to 4.0.0 are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging.
Upgrade to version 4.0.0 or later.
