
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
@capacitor-community/sqlite
Advanced tools
@capacitor-community/sqlite
CAPACITOR 5
Capacitor community plugin for Native and Electron SQLite Databases. In Native databases could be encrypted with SQLCipher
Maintainer | GitHub | Social |
---|---|---|
Quéau Jean Pierre | jepiqueau |
To install:
npm install --save @capacitor-community/sqlite
npx cap sync
yarn add @capacitor-community/sqlite
npx cap sync
pnpm install --save @capacitor-community/sqlite
pnpm install --save @jeep-sqlite
pnpm install --save sql.js
npx cap sync
then add plugin to main capacitor.config.json
file:
import { CapacitorConfig } from '@capacitor/cli';
const config: CapacitorConfig = {
appId: 'com.jeep.app.ionic7.angular.sqlite',
appName: 'ionic7-angular-sqlite-starter',
webDir: 'www',
server: {
androidScheme: 'https'
},
plugins: {
CapacitorSQLite: {
iosDatabaseLocation: 'Library/CapacitorDatabase',
iosIsEncryption: true,
iosKeychainPrefix: 'angular-sqlite-app-starter',
iosBiometric: {
biometricAuth: false,
biometricTitle : "Biometric login for capacitor sqlite"
},
androidIsEncryption: true,
androidBiometric: {
biometricAuth : false,
biometricTitle : "Biometric login for capacitor sqlite",
biometricSubTitle : "Log in using your biometric"
},
electronWindowsLocation: "C:\\ProgramData\\CapacitorDatabases",
electronMacLocation: "/Volumes/Development_Lacie/Development/Databases",
electronLinuxLocation: "Databases"
}
}
};
export default config;
The plugin follows the guidelines from the Capacitor Team
,
Meaning that it will not work in IE11 without additional JavaScript transformations, e.g. with Babel. You'll need the usual capacitor/android/react npm script to build and copy the assets folder.
sql-wasm.wasm
from node_modules/sql.js/dist/sql-wasm.wasm
to the src/assets
folder of YOUR_APPsql-wasm.wasm
from node_modules/sql.js/dist/sql-wasm.wasm
to the public/assets
folder of YOUR_APPx files found with path 'build-data.properties'.
You can you add the following code to app/build.gradle
: packagingOptions {
exclude 'build-data.properties'
}
See #301 and SO question for more information.
Check/Add the following: Gradle JDK version 17 Android Gradle Plugin Version 8.0.0 In variables.gradle
minSdkVersion = 22
compileSdkVersion = 33
targetSdkVersion = 33
In AndroidManifest.xml
<application
android:allowBackup="false"
android:fullBackupContent="false"
android:dataExtractionRules="@xml/data_extraction_rules"
In res/xml create a file data_extraction_rules.xml
containing:
<?xml version="1.0" encoding="utf-8"?>
<data-extraction-rules>
<cloud-backup>
<exclude domain="root" />
<exclude domain="database" />
<exclude domain="sharedpref" />
<exclude domain="external" />
</cloud-backup>
<device-transfer>
<exclude domain="root" />
<exclude domain="database" />
<exclude domain="sharedpref" />
<exclude domain="external" />
</device-transfer>
</data-extraction-rules>
cd electron
npm install --save @journeyapps/sqlcipher
npm install --save jszip
npm install --save node-fetch@2.6.7
node-fetch
version must be <=2.6.7
; otherwise you'll get an error running the app.Name | Android | iOS | Electron | Web |
---|---|---|---|---|
createConnection (ReadWrite) | ✅ | ✅ | ✅ | ✅ |
createConnection (ReadOnly) | ✅ | ✅ | ✅ | ❌ |
closeConnection (ReadWrite) | ✅ | ✅ | ✅ | ✅ |
closeConnection (ReadOnly) | ✅ | ✅ | ✅ | ❌ |
isConnection (ReadWrite) | ✅ | ✅ | ✅ | ✅ |
isConnection (ReadOnly) | ✅ | ✅ | ✅ | ❌ |
open (non-encrypted DB) | ✅ | ✅ | ✅ | ✅ |
open (encrypted DB) | ✅ | ✅ | ✅ | ❌ |
close | ✅ | ✅ | ✅ | ✅ |
getUrl | ✅ | ✅ | ❌ | ❌ |
getVersion | ✅ | ✅ | ✅ | ✅ |
execute | ✅ | ✅ | ✅ | ✅ |
executeSet | ✅ | ✅ | ✅ | ✅ |
run | ✅ | ✅ | ✅ | ✅ |
query | ✅ | ✅ | ✅ | ✅ |
deleteDatabase | ✅ | ✅ | ✅ | ✅ |
importFromJson | ✅ | ✅ | ✅ | ✅ |
exportToJson | ✅ | ✅ | ✅ | ✅ |
deleteExportedRows | ✅ | ✅ | ✅ | ✅ |
createSyncTable | ✅ | ✅ | ✅ | ✅ |
setSyncDate | ✅ | ✅ | ✅ | ✅ |
getSyncDate | ✅ | ✅ | ✅ | ✅ |
isJsonValid | ✅ | ✅ | ✅ | ✅ |
isDBExists | ✅ | ✅ | ✅ | ✅ |
addUpgradeStatement | ✅ | ✅ | ✅ | ✅ |
copyFromAssets | ✅ | ✅ | ✅ | ✅ |
isDBOpen | ✅ | ✅ | ✅ | ✅ |
isDatabase | ✅ | ✅ | ✅ | ✅ |
isTableExists | ✅ | ✅ | ✅ | ✅ |
getTableList | ✅ | ✅ | ✅ | ✅ |
getDatabaseList | ✅ | ✅ | ✅ | ✅ |
getMigratableDbList | ✅ | ✅ | ❌ | ❌ |
addSQLiteSuffix | ✅ | ✅ | ❌ | ❌ |
deleteOldDatabases | ✅ | ✅ | ❌ | ❌ |
moveDatabasesAndAddSuffix | ✅ | ✅ | ❌ | ❌ |
checkConnectionsConsistency | ✅ | ✅ | ✅ | ✅ |
isSecretStored | ✅ | ✅ | ✅ | ❌ |
setEncryptionSecret | ✅ | ✅ | ✅ | ❌ |
changeEncryptionSecret | ✅ | ✅ | ✅ | ❌ |
clearEncryptionSecret | ✅ | ✅ | ✅ | ❌ |
checkEncryptionSecret | ✅ | ✅ | ❌ | ❌ |
initWebStore | ❌ | ❌ | ❌ | ✅ |
saveToStore | ❌ | ❌ | ❌ | ✅ |
getNCDatabasePath | ✅ | ✅ | ❌ | ❌ |
createNCConnection | ✅ | ✅ | ❌ | ❌ |
closeNCConnection | ✅ | ✅ | ❌ | ❌ |
isNCDatabase | ✅ | ✅ | ❌ | ❌ |
transaction | ✅ | ✅ | ✅ | ✅ |
getFromHTTPRequest | ✅ | ✅ | ✅ | ✅ |
isDatabaseEncrypted | ✅ | ✅ | ❌ | ❌ |
isInConfigEncryption | ✅ | ✅ | ❌ | ❌ |
isInConfigBiometricAuth | ✅ | ✅ | ❌ | ❌ |
getFromLocalDiskToStore | ❌ | ❌ | ❌ | ✅ |
saveToLocalDisk | ❌ | ❌ | ❌ | ✅ |
ionic7-angular-sqlite-starter Ionic 7 Angular 16 Capacitor 5 SQLite CRUD operations.
angular-sqlite-app-starter This one is now more for testing the issues.
The iOS and Android codes are using SQLCipher
allowing for database encryption.
The iOS codes is using ZIPFoundation
for unzipping assets files
The Electron code is using @journeyapps/sqlcipher
and node-fetch
from 4.2.0.
The Web code is using the Stencil component jeep-sqlite
based on sql.js
, localforage
. and jszip
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
5.0.3-1 (2023-06-13)
FAQs
Community plugin for native & electron SQLite databases
The npm package @capacitor-community/sqlite receives a total of 12,784 weekly downloads. As such, @capacitor-community/sqlite popularity was classified as popular.
We found that @capacitor-community/sqlite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 42 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.