node-cache - fix: ttl was not defaulting to 0

[jaredwray]

Please check if the PR fulfills these requirements

• Followed the Contributing guidelines and Code of Conduct
• Tests for the changes have been added (for bug fixes/features) with 100% code coverage.

What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
node-cache - fix: ttl was not defaulting to 0

[gemini-code-assist]

Summary of Changes

Hello @jaredwray, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a bug in the node-cache library where the ttl (time-to-live) parameter in the set method did not correctly default to 0 for indefinite caching, especially when a stdTTL was configured. The changes refactor the set method's internal logic to ensure that an explicit ttl of 0 correctly results in an indefinitely cached item, while an omitted ttl properly falls back to the stdTTL option. Additionally, this PR introduces robust validation to prevent the use of negative ttl values in both the set and ttl methods, enhancing the cache's reliability and preventing unintended behavior.

Highlights

• Updated set method signature: The ttl parameter in the set method no longer defaults to 0 in its signature, allowing undefined to correctly trigger stdTTL fallback behavior.
• Corrected TTL logic: The internal logic for calculating expirationTimestamp in the set method was refactored to properly distinguish between an explicit ttl of 0 (cache indefinitely), an omitted ttl (fall back to stdTTL), and positive ttl values.
• Negative TTL rejection: Both the set and ttl methods now explicitly reject negative ttl values, returning false and preventing invalid cache entries or updates.
• New test cases: Comprehensive tests were added to validate the correct behavior for ttl=0 with stdTTL, and the rejection of negative ttl values in both set and ttl methods.

Changelog

• packages/node-cache/src/index.ts
  • Modified the set method signature to make the ttl parameter optional (ttl?: number | string) instead of defaulting to 0.
  • Updated the ttl type check to include ttl !== undefined.
  • Added a check to reject negative ttl values in the set method, returning false.
  • Rewrote the expirationTimestamp calculation logic to correctly handle explicit ttl=0 (indefinite), positive ttl, and fallback to this.options.stdTTL when ttl is undefined.
  • Changed the emit event for "set" to pass expirationTimestamp instead of ttlValue.
  • Added a check to reject negative ttl values in the ttl method, returning false.
• packages/node-cache/test/index.test.ts
  • Added a test to confirm that an item with ttl: 0 is cached indefinitely, even when stdTTL is set.
  • Added a test to verify that set with a negative ttl returns false and does not store the item.
  • Added a test to verify that ttl() with a negative ttl returns false and does not modify the item's TTL.

Activity

• No human activity has been recorded on this pull request yet. The author has provided a description and checked the contribution guidelines.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly fixes an issue in the set method where a ttl of 0 was not being handled as 'never expire', especially when a stdTTL was configured. The logic is now much clearer and more robust, and the addition of tests for this case is great. However, a critical vulnerability exists where the ttl() method introduces or leaves a similar logic flaw: a ttl of 0 is treated as an immediate expiration rather than an unlimited one. This inconsistency can lead to unexpected cache evictions, potentially affecting the availability or security of applications using the library for sensitive data management. For consistency and to prevent bugs, the ttl() method should be updated to handle ttl values in the same way as the set() method, and a test case for ttl(key, 0) should be added.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c071cdbc8e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (649b534) to head (59857e6).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main     #1591   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           26        26           
  Lines         2447      2473   +26     
  Branches       545       556   +11     
=========================================
+ Hits          2447      2473   +26     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.