Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@descript/sqlite3
Advanced tools
Asynchronous, non-blocking SQLite3 bindings for Node.js.
The sqlite3
module works with:
Binaries for most Node versions and platforms are provided by default via node-pre-gyp.
The sqlite3
module also works with node-webkit if node-webkit contains a supported version of Node.js engine. (See below.)
SQLite's SQLCipher extension is also supported. (See below.)
Note: the module must be installed before use.
var sqlite3 = require('sqlite3').verbose();
var db = new sqlite3.Database(':memory:');
db.serialize(function() {
db.run("CREATE TABLE lorem (info TEXT)");
var stmt = db.prepare("INSERT INTO lorem VALUES (?)");
for (var i = 0; i < 10; i++) {
stmt.run("Ipsum " + i);
}
stmt.finalize();
db.each("SELECT rowid AS id, info FROM lorem", function(err, row) {
console.log(row.id + ": " + row.info);
});
});
db.close();
See the API documentation in the wiki.
You can use npm
to download and install:
The latest sqlite3
package: npm install sqlite3
GitHub's master
branch: npm install https://github.com/mapbox/node-sqlite3/tarball/master
The module uses node-pre-gyp to download a pre-compiled binary for your platform, if it exists. Otherwise, it uses node-gyp
to build the extension.
It is also possible to make your own build of sqlite3
from its source instead of its npm package (see below).
It is possible to use the installed package in node-webkit instead of the vanilla Node.js. See Building for node-webkit for details.
To skip searching for pre-compiled binaries, and force a build from source, use
npm install --build-from-source
The sqlite3 module depends only on libsqlite3. However, by default, an internal/bundled copy of sqlite will be built and statically linked, so an externally installed sqlite3 is not required.
If you wish to install against an external sqlite then you need to pass the --sqlite
argument to npm
wrapper:
npm install --build-from-source --sqlite=/usr/local
If building against an external sqlite3 make sure to have the development headers available. Mac OS X ships with these by default. If you don't have them installed, install the -dev
package with your package manager, e.g. apt-get install libsqlite3-dev
for Debian/Ubuntu. Make sure that you have at least libsqlite3
>= 3.6.
Note, if building against homebrew-installed sqlite on OS X you can do:
npm install --build-from-source --sqlite=/usr/local/opt/sqlite/
By default the node-gyp install will use python
as part of the installation. A
different python executable can be specified on the command line.
npm install --build-from-source --python=/usr/bin/python2
This uses the npm_config_python config, so values in .npmrc will be honoured:
python=/usr/bin/python2
The default sqlite file header is "SQLite format 3".
You can specify a different magic, though this will make standard tools and libraries unable to work with your files.
npm install --build-from-source --sqlite_magic="MyCustomMagic15"
Note that the magic must be exactly 15 characters long (16 bytes including null terminator).
Because of ABI differences, sqlite3
must be built in a custom to be used with node-webkit.
To build node-sqlite3 for node-webkit:
Install nw-gyp
globally: npm install nw-gyp -g
(unless already installed)
Build the module with the custom flags of --runtime
, --target_arch
, and --target
:
NODE_WEBKIT_VERSION="0.8.6" # see latest version at https://github.com/rogerwang/node-webkit#downloads
npm install sqlite3 --build-from-source --runtime=node-webkit --target_arch=ia32 --target=$(NODE_WEBKIT_VERSION)
This command internally calls out to node-pre-gyp
which itself calls out to nw-gyp
when the --runtime=node-webkit
option is passed.
You can also run this command from within a node-sqlite3
checkout:
npm install --build-from-source --runtime=node-webkit --target_arch=ia32 --target=$(NODE_WEBKIT_VERSION)
Remember the following:
You must provide the right --target_arch
flag. ia32
is needed to target 32bit node-webkit builds, while x64
will target 64bit node-webkit builds (if available for your platform).
After the sqlite3
package is built for node-webkit it cannot run in the vanilla Node.js (and vice versa).
npm test
of the node-webkit's package would fail.Visit the “Using Node modules” article in the node-webkit's wiki for more details.
For instructions for building sqlcipher see Building SQLCipher for node.js
To run node-sqlite3 against sqlcipher you need to compile from source by passing build options like:
npm install sqlite3 --build-from-source --sqlite_libname=sqlcipher --sqlite=/usr/
node -e 'require("sqlite3")'
If your sqlcipher is installed in a custom location (if you compiled and installed it yourself), you'll also need to to set some environment variables:
Set the location where brew
installed it:
export LDFLAGS="-L`brew --prefix`/opt/sqlcipher/lib"
export CPPFLAGS="-I`brew --prefix`/opt/sqlcipher/include"
npm install sqlite3 --build-from-source --sqlite_libname=sqlcipher --sqlite=`brew --prefix`
node -e 'require("sqlite3")'
Set the location where make
installed it:
export LDFLAGS="-L/usr/local/lib"
export CPPFLAGS="-I/usr/local/include -I/usr/local/include/sqlcipher"
export CXXFLAGS="$CPPFLAGS"
npm install sqlite3 --build-from-source --sqlite_libname=sqlcipher --sqlite=/usr/local --verbose
node -e 'require("sqlite3")'
Running sqlite3 through electron-rebuild does not preserve the sqlcipher extension, so some additional flags are needed to make this build Electron compatible. Your npm install sqlite3 --build-from-source
command needs these additional flags (be sure to replace the target version with the current Electron version you are working with):
--runtime=electron --target=1.7.6 --dist-url=https://electronjs.org/headers
In the case of MacOS with Homebrew, the command should look like the following:
npm install sqlite3 --build-from-source --sqlite_libname=sqlcipher --sqlite=`brew --prefix` --runtime=electron --target=1.7.6 --dist-url=https://electronjs.org/headers
mocha is required to run unit tests.
In sqlite3's directory (where its package.json
resides) run the following:
npm install mocha
npm test
Thanks to Orlando Vazquez, Eric Fredricksen and Ryan Dahl for their SQLite bindings for node, and to mraleph on Freenode's #v8 for answering questions.
Development of this module is sponsored by MapBox.
node-sqlite3
is BSD licensed.
FAQs
Asynchronous, non-blocking SQLite3 bindings
The npm package @descript/sqlite3 receives a total of 1 weekly downloads. As such, @descript/sqlite3 popularity was classified as not popular.
We found that @descript/sqlite3 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.