Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@druid-toolkit/query
Advanced tools
A number of tools to make working with Druid queries a treat. There are a number of use cases for this toolkit and one of the chief use cases can be found in Druid's own web-console.
Search for uses within web-console/src for some examples. Specifically the query view uses these tools a lot.
At a high level there are 4 parts to this toolkit:
There are plenty of examples in the unit tests.
The SQL parser parses and models the whitespace and casing as well as the logical representation of the query allowing the query to be transformed in a very human friendly way.
Here are a few examples of what the SQL parser can do:
Adding a column at the start of the select clause.
import { SqlQuery } from '@druid-toolkit/query';
const sql = SqlQuery.parse(`
SELECT
isAnonymous,
cityName,
flags,
COUNT(*) AS "Count",
SUM(added) AS "sum_added"
FROM wikipedia
GROUP BY 1, 2, 3
ORDER BY 4 DESC
`);
sql.addSelect(`"new_column" AS "New column"`, { insertIndex: 0 }).toString();
/* →
`
SELECT
"new_column" AS "New column",
isAnonymous,
cityName,
flags,
COUNT(*) AS "Count",
SUM(added) AS "sum_added"
FROM wikipedia
GROUP BY 2, 3, 4
ORDER BY 5 DESC
`
*/
sql
.addSelect(`UPPER(city) AS City`, { insertIndex: 'last-grouping', addToGroupBy: 'end' })
.toString();
/* →
`
SELECT
isAnonymous,
cityName,
flags,
UPPER(city) AS City,
COUNT(*) AS "Count",
SUM(added) AS "sum_added"
FROM wikipedia
GROUP BY 1, 2, 3, 4
ORDER BY 5 DESC
`
*/
For more examples check out the unit tests.
Not every valid DruidSQL construct can currently be parsed, the following snippets are not currently supported:
(a, b) IN (subquery)
FROM "wikipedia_k" USING (k)
FAQs
A collection of utilities for working with Druid queries
The npm package @druid-toolkit/query receives a total of 434 weekly downloads. As such, @druid-toolkit/query popularity was classified as not popular.
We found that @druid-toolkit/query demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.