Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/afxcode/sqlite
- Version published
- Created
Pure-Go SQLite driver for GORM
Pure-go (without cgo) implementation of SQLite driver for GORM
This driver has SQLite embedded, you don't need to install one separately.
Usage
import (
"github.com/glebarez/sqlite"
"gorm.io/gorm"
)
db, err := gorm.Open(sqlite.Open("sqlite.db"), &gorm.Config{})
In-memory DB example
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
Foreign-key constraint activation
Foreign-key constraint is disabled by default in SQLite. To activate it, use connection URL parameter:
db, err := gorm.Open(sqlite.Open(":memory:?_pragma=foreign_keys(1)"), &gorm.Config{})
More info: https://www.sqlite.org/foreignkeys.html
FAQ
How is this better than standard GORM SQLite driver?
The standard GORM driver for SQLite has one major drawback: it is based on a Go-bindings of SQLite C-source (this is called cgo). This fact imposes following restrictions on Go developers:
- to build and run your code, you will need a C compiler installed on a machine
- SQLite has many features that need to be enabled at compile time (e.g. json support). If you plan to use those, you will have to include proper build tags for every
gocommand to work properly (go run,go test, etc.). - Because of C-compiler requirement, you can't build your Go code inside tiny stripped containers like (golang-alpine)
- Building on GCP is not possible because Google Cloud Platform does not allow gcc to be executed.
Instead, this driver is based on pure-Go implementation of SQLite (https://gitlab.com/cznic/sqlite), which is basically an original SQLite C-source AST, translated into Go! So, you may be sure you're using the original SQLite implementation under the hood.
Is this tested good ?
Yes, The CI pipeline of this driver employs whole test base of GORM, which includes more than 12k tests (see badge on the page-top). Testing is run against latest major releases of Go:
- 1.18
- 1.19
In following environments:
- Linux
- Windows
- MacOS
Is it fast?
Well, it's slower than CGo implementation, but not terribly. See the bechmark of underlying pure-Go driver vs CGo implementation.
Included features
- JSON1 (https://www.sqlite.org/json1.html)
- Math functions (https://www.sqlite.org/lang_mathfunc.html)
FAQs
Unknown package
Package last updated on 06 Sep 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024