![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@capacitor-community/sqlite
Advanced tools
Changelog
2.3.0-2 (2020-07-25)
Readme
@capacitor-community/sqlite
Capacitor community plugin for Native and Electron SQLite Databases. In Native databases could be encrypted with SQLCipher
Maintainer | GitHub | Social |
---|---|---|
Quéau Jean Pierre | jepiqueau |
npm install @capacitor-community/sqlite
npx cap sync
On iOS, no further steps are needed.
On Android, register the plugin in your main activity:
import com.getcapacitor.community.database.sqlite.CapacitorSQLite;
public class MainActivity extends BridgeActivity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
// Initializes the Bridge
this.init(
savedInstanceState,
new ArrayList<Class<? extends Plugin>>() {
{
// Additional plugins you've installed go here
// Ex: add(TotallyAwesomePlugin.class);
add(CapacitorSQLite.class);
}
}
);
}
}
On Electron, go to the Electron folder of YOUR_APPLICATION
npm install --save sqlite3
npm install --save-dev @types/sqlite3
npm install --save-dev electron-rebuild
Modify the Electron package.json file by adding a script "postinstall"
"scripts": {
"electron:start": "electron ./",
"postinstall": "electron-rebuild -f -w sqlite3"
},
Execute the postinstall script
npm run postinstall
Go back in the main folder of your application Add a script in the index.html file of your application in the body tag
YourApplication/Electron/
<body>
<app-root></app-root>
<script>
try {
if (
process &&
typeof process.versions.electron === 'string' &&
process.versions.hasOwnProperty('electron')
) {
const sqlite3 = require('sqlite3');
const fs = require('fs');
const path = require('path');
window.sqlite3 = sqlite3;
window.fs = fs;
window.path = path;
}
} catch {
console.log("process doesn't exists");
}
</script>
</body>
User/Databases/APP_NAME/
<body>
<app-root></app-root>
<script>
try {
if (
process &&
typeof process.versions.electron === 'string' &&
process.versions.hasOwnProperty('electron')
) {
const sqlite3 = require('sqlite3');
const fs = require('fs');
const path = require('path');
const homeDir = require('os').homedir();
window.sqlite3 = sqlite3;
window.fs = fs;
window.path = path;
window.appName = 'YOUR_APP_NAME';
window.homeDir = homeDir;
}
} catch {
console.log("process doesn't exists");
}
</script>
</body>
Then build YOUR_APPLICATION
npm run build
npx cap copy
npx cap copy web
npx cap open android
npx cap open ios
npx cap open electron
No configuration required for this plugin
Name | Android | iOS | Electron | Web |
---|---|---|---|---|
open (non-encrypted DB) | ✅ | ✅ | ✅ | ❌ |
open (encrypted DB) | ✅ | ✅ | ❌ | ❌ |
close | ✅ | ✅ | ✅ | ❌ |
execute | ✅ | ✅ | ✅ | ❌ |
executeSet | ✅ | ✅ | ✅ | ❌ |
run | ✅ | ✅ | ✅ | ❌ |
query | ✅ | ✅ | ✅ | ❌ |
deleteDatabase | ✅ | ✅ | ✅ | ❌ |
importFromJson | ✅ | ✅ | ✅ | ❌ |
exportToJson | ✅ | ✅ | ✅ | ❌ |
createSyncTable | ✅ | ✅ | ✅ | ❌ |
setSyncDate | ✅ | ✅ | ✅ | ❌ |
isJsonValid | ✅ | ✅ | ✅ | ❌ |
isDBExists | ✅ | ✅ | ✅ | ❌ |
ImportExportJson_Documentation
In your code
import { Plugins } from '@capacitor/core';
import * as CapacitorSQLPlugin from '@capacitor-community/sqlite';
const { CapacitorSQLite,Device } = Plugins;
@Component( ... )
export class MyPage {
_sqlite: any;
...
async ngAfterViewInit()() {
const info = await Device.getInfo();
if (info.platform === "ios" || info.platform === "android") {
this._sqlite = CapacitorSQLite;
} else if(info.platform === "electron") {
this._sqlite = CapacitorSQLPlugin.CapacitorSQLiteElectron;
} else {
this._sqlite = CapacitorSQLPlugin.CapacitorSQLite;
}
}
async testSQLitePlugin() {
let result:any = await this._sqlite.open({database:"testsqlite"});
retOpenDB = result.result;
if(retOpenDB) {
// Create Tables if not exist
let sqlcmd: string = `
BEGIN TRANSACTION;
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY NOT NULL,
email TEXT UNIQUE NOT NULL,
name TEXT,
FirstName TEXT,
age INTEGER,
MobileNumber TEXT
);
PRAGMA user_version = 1;
COMMIT TRANSACTION;
`;
var retExe: any = await this._sqlite.execute({statements:sqlcmd});
console.log('retExe ',retExe.changes.changes);
// Insert some Users
sqlcmd = `
BEGIN TRANSACTION;
DELETE FROM users;
INSERT INTO users (name,email,age) VALUES ("Whiteley","Whiteley.com",30);
INSERT INTO users (name,email,age) VALUES ("Jones","Jones.com",44);
COMMIT TRANSACTION;
`;
retExe = await this._sqlite.execute({statements:sqlcmd});
// will print the changes 2 in that case
console.log('retExe ',retExe.changes.changes);
// Select all Users
sqlcmd = "SELECT * FROM users";
const retSelect: any = await this._sqlite.query({statement:sqlcmd,values:[]});
console.log('retSelect.values.length ',retSelect.values.length);
const row1: any = retSelect.values[0];
console.log("row1 users ",JSON.stringify(row1))
const row2: any = retSelect.values[1];
console.log("row2 users ",JSON.stringify(row2))
// Insert a new User with SQL and Values
sqlcmd = "INSERT INTO users (name,email,age) VALUES (?,?,?)";
let values: Array<any> = ["Simpson","Simpson@example.com",69];
var retRun: any = await this._sqlite.run({statement:sqlcmd,values:values});
console.log('retRun ',retRun.changes.changes,retRun.changes.lastId);
// Select Users with age > 35
sqlcmd = "SELECT name,email,age FROM users WHERE age > ?";
retSelect = await this._sqlite.query({statement:sqlcmd,values:["35"]});
console.log('retSelect ',retSelect.values.length);
// Execute a Set of raw SQL Statements
let set: Array<any> = [
{ statement:"INSERT INTO users (name,FirstName,email,age,MobileNumber) VALUES (?,?,?,?,?);",
values:["Blackberry","Peter","Blackberry@example.com",69,"4405060708"]
},
{ statement:"INSERT INTO users (name,FirstName,email,age,MobileNumber) VALUES (?,?,?,?,?);",
values:["Jones","Helen","HelenJones@example.com",42,"4404030201"]
},
{ statement:"INSERT INTO users (name,FirstName,email,age,MobileNumber) VALUES (?,?,?,?,?);",
values:["Davison","Bill","Davison@example.com",45,"4405162732"]
},
{ statement:"INSERT INTO users (name,FirstName,email,age,MobileNumber) VALUES (?,?,?,?,?);",
values:["Brown","John","Brown@example.com",35,"4405243853"]
},
{ statement:"UPDATE users SET age = ? , MobileNumber = ? WHERE id = ?;",
values:[51,"4404030237",2]
}
];
result = await this._sqlite.executeSet({set:set});
console.log("result.changes.changes ",result.changes.changes)
if(result.changes.changes != 5) resolve(false);
...
}
}
...
}
The IOS and Android codes are using SQLCipher allowing for database encryption The Electron code use sqlite3
FAQs
Unknown package
We found that @capacitor-community/sqlite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 43 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.