Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@acuris/eventstore-postgresql
Advanced tools
Eventstore implementation storing events in Postgresql
Eventstore implementation to store events in Postgresql
The tests expect a local Postgresql to be running. It uses the standard libpq environment variables to find it. You will need permissions to create schemas (namespaces) in the database that is connected to.
In a terminal window, run:
docker run --rm -it -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust postgres:14-alpine
This runs a PostgreSQL on port 5432 (the default), with password authentication disabled (which is reasonable for local testing). The database is created with a default "postgres" user and database, so you still need to specify this when running tests:
PGUSER=postgres yarn test
The most important variables:
Name | Description |
---|---|
PGUSER | User name |
PGPASSWORD | Password |
PGHOST | Server host |
PGPORT | Server port |
PGDATABASE | Database within server to connect to (defaults to same as user name) |
The full list is at https://www.postgresql.org/docs/current/libpq-envars.html
The library includes a helper for connecting to an AWS RDS instance with IAM auth. In order to run the test for this, you need to set two additional environment variables:
Name | Description |
---|---|
AWS_REGION | AWS region of an RDS database for testing |
AWS_URL | URL of RDS database: pg://user@hostname/database |
By contrast, these tests are not run if the environment variables are not set.
yarn version --patch
git push --tags origin main
FAQs
Eventstore implementation storing events in Postgresql
We found that @acuris/eventstore-postgresql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.