Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@evidence-dev/sdk
Advanced tools
This documentation has not been updated for the latest versions of the SDK
The Evidence SDK contains all the tools needed to build interactive data apps, all the way from the database to the browser.
npm create svelte
)npm i @evidence-dev/sdk@preview
npx evidence-sdk add
npx evidence-sdk plugins install
if you did not install a plugin during add
evidence.config.yaml
manually.npx evidence-sdk connections edit
sources/[connection]
directory, for most connectors, you will need to create some source queries.npx evidence-sdk sources
See the wiki
There are 2 methods for executing queries using the Evidence SDK; using <code/>
elements, and calling runQuery
directly.
<code/>
elements automatically make their results available to child components (or pages, if used in a layout), while
runQuery
keeps the query scoped to the current page.
<code/>
To add a query to your page, use a <code/>
element with an evidence-query-name
attribute (lang=sql
is optional but recommended).
Wrapping this in a <pre>
tag will prevent formatters from changing your SQL.
Example:
<pre><code evidence-query-name="myFirstQuery" lang="sql">
SELECT * FROM my_first_table
</code></pre>
When using <code/>
, you can interpolate variables from the page using template string syntax, Svelte syntax is not supported.
Working Example:
<pre><code evidence-query-name="myFirstQuery" lang="sql">
SELECT * FROM my_first_table WHERE user_id = '${selectedUserId}'
</code></pre>
Broken Example:
<pre><code evidence-query-name="myFirstQuery" lang="sql">
SELECT * FROM my_first_table WHERE user_id = '{selectedUserId}'
</code></pre>
To load queries that are placed on the page, create a reference to the queries store from $evidence/queries
<script>
import { getQueries } from '$evidence/queries';
const queries = getQueries();
/** @type {import("@evidence-dev/query-store").QueryStore} */
let { myFirstQuery } = $queries;
$: ({ myFirstQuery } = $queries);
</script>
$queries
is a set of QueryStore
based on what is provided on the page.
<script>
import { getQueries } from '$evidence/queries';
const queries = getQueries();
/** @type {import("@evidence-dev/query-store").QueryStore} */
let { myFirstQuery } = $queries;
$: ({ myFirstQuery } = $queries);
</script>
<pre><code evidence-query-name="myFirstQuery" lang="sql">
SELECT * FROM my_first_table
</code></pre>
{#if !$myFirstQuery.loaded}
<!--
The query has not yet loaded.
$myFirstQuery.loading is also available,
but will be false if the store has not yet started to load.
QueryStore should begin loading automatically when attempting to access data,
but can be induced with .fetch()
-->
Loading...
{:else if $myFirstQuery.error}
<!-- An error has been encountered -->
Error: {$myFirstQuery.error.message}
{:else}
<!-- Results have been loaded -->
{#each $myFirstQuery as row (row.id)}
Row ID: {row.id}
{:else}
No resuls available
{/each}
{/if}
runQuery
<script>
import { runQuery } from '$evidence/queries';
const myFirstQuery = runQuery('myFirstQuery', 'SELECT 1');
myFirstQuery.fetch(); // This is not done for you when using runQuery
// Queries can by dynamic
let x = 0;
// declare here to ensure it is defined
let dynamicQuery = runQuery('dynamicQuery', `SELECT ${x}`);
// react to updates in the query string
$: dynamicQuery = runQuery('dynamicQuery', `SELECT ${x}`);
$: dynamicQuery.fetch();
</script>
<!-- Usage is the exact same as above -->
{#if !$myFirstQuery.loaded}
<!--
The query has not yet loaded.
$myFirstQuery.loading is also available,
but will be false if the store has not yet started to load.
QueryStore should begin loading automatically when attempting to access data,
but can be induced with .fetch()
-->
Loading...
{:else if $myFirstQuery.error}
<!-- An error has been encountered -->
Error: {$myFirstQuery.error.message}
{:else}
<!-- Results have been loaded -->
{#each $myFirstQuery as row (row.id)}
Row ID: {row.id}
{:else}
No resuls available
{/each}
{/if}
If you are using the <code/>
method, all you need to do is make sure the server hook is installed.
If you are using the runQuery
method, you will need to use the <QuerySSR/>
component.
Ensure that you have a ./src/hooks.server.[js|ts]
file
Create or update the handle
function to match:
import { ssrHook } from '$evidence/ssrHook.svelte.js';
/** @type {import('@sveltejs/kit').Handle} */
export async function handle({ event, resolve }) {
/** @type {{ name: string, queryString: string}[]} */
const presentQueries = [];
const response = await resolve(event, {
transformPageChunk: ssrHook(presentQueries)
});
return response;
}
resolve
and transformPageChunk
, you can chain the functions like so:import { ssrHook } from '$evidence/ssrHook.svelte.js';
/** @type {import('@sveltejs/kit').Handle} */
export async function handle({ event, resolve }) {
/** @type {{ name: string, queryString: string}[]} */
const presentQueries = []
const evidenceChunkTransform = ssrHook(presentQueries)
const response = await resolve(event, {
transformPageChunk: ({html, done}) => {
// ... Do something to html
html = await evidenceChunkTransform({ html, done })
// ... Do other things to html
return html
});
return response;
}
<QuerySSR/>
<QuerySSR/>
registers your queries with the Evidence Preprocessor, which enables correct rehydration of your queries.
<script>
import { runQuery } from '$evidence/queries';
import QuerySSR from '$evidence/QuerySSR.svelte';
let manualQuery = runQuery('x', `SELECT * FROM users`);
$: manualQuery = runQuery('x', `SELECT * FROM users`);
</script>
<QuerySSR queries={[manualQuery]} />
FAQs
Unknown package
We found that @evidence-dev/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.