Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/vladimiroff/kivik
Package kivik provides a generic interface to CouchDB or CouchDB-like databases.
The kivik package must be used in conjunction with a database driver.
The kivik driver system is modeled after the standard library's sql and sql/driver packages, although the client API is completely different due to the different database models implemented by SQL and NoSQL databases such as CouchDB.
Install Kivik as you normally would for any Go package:
go get -u github.com/flimzy/kivik
This will install the main Kivik package, as well as the CouchDB and PouchDB drivers. See the list of Kivik database drivers for a complete list of available drivers.
Please consult the the package documentation for all available API methods, and a complete usage documentation. And for additional usage examples, consult the wiki.
package main
import (
"context"
"fmt"
"github.com/flimzy/kivik"
_ "github.com/go-kivik/couchdb" // The CouchDB driver
)
func main() {
client, err := kivik.New(context.TODO(), "couch", "http://localhost:5984/")
if err != nil {
panic(err)
}
db, err := client.DB(context.TODO(), "animals")
if err != nil {
panic(err)
}
doc := map[string]interface{}{
"_id": "cow",
"feet": 4,
"greeting": "moo",
}
rev, err := db.Put(context.TODO(), "cow", doc)
if err != nil {
panic(err)
}
fmt.Printf("Cow inserted with revision %s\n", rev)
}
Nobody has ever asked me any of these questions, so they're probably better called "Never Asked Questions" or possibly "Imagined Questions."
Read the design goals for the general design goals.
Specifically, I was motivated to write Kivik for a few reasons:
I was unhappy with any of the existing CouchDB drivers for Go. The best one had a number of shortcomings:
I wanted a single client API that worked with both CouchDB and
PouchDB. I had previously written
go-pouchdb, a GopherJS wrapper around
the PouchDB library with a public API modeled after fjl/go-couchdb
, but I
still wanted a unified driver infrastructure.
I want an unambiguous, open source license. This software is released under the Apache 2.0 license. See the included LICENSE.md file for details.
I wanted the ability to mock CouchDB connections for testing. This is possible
with the sql
/ sql/driver
approach by implementing a mock driver, but was
not possible with any existing CouchDB client libraries. This library makes that
possible for CouchDB apps, too.
I wanted a simple, mock CouchDB server I could use for testing. It doesn't
need to be efficient, or support all CouchDB servers, but it should be enough
to test the basic functionality of a PouchDB app, for instance. Kivik aims to
do this with the kivik serve
command, in the near future.
I wanted a toolkit that would make it easy to build a proxy to sit in front of CouchDB to handle custom authentication or other logic that CouchDB cannot support natively. Kivik aims to accomplish this in the future.
Kivik's test suite is automatically run on Linux and OSX for every pull request, but should work on all supported Go platforms.
Below are the compatibility targets for specific runtime and database versions. If you discover a bug affecting any of these supported environments, please let me know by submitting a bug report via GitHub.
Kivik comes with a complete client API client and backend drivers for CouchDB and PouchDB.
My next priorities are to work on fleshing out the Memory driver, which will make automated testing without a real CouchDB server easier. Then I will work on completing the 'serve' mode.
You can see a complete overview of the current status on the Compatibility chart
Kivik is a line of sofas (couches) from IKEA. And in the spirit of IKEA, and build-your-own furniture, Kivik aims to allow you to "build your own" CouchDB client, server, and proxy applications.
This software is released under the terms of the Apache 2.0 license. See LICENCE.md, or read the full license.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.