Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@factorialco/tentaclesql
Advanced tools
Query your HTTP endpoints data using SQL
docker run -p 8080 -ti factorialco/tentaclesql
npm i -g @factorialco/tentaclesql
To be able to start TentacleSQL you need to provide even SCHEMA_URL
or
SCHEMA_FILE
environment variable specifying the route to retrieve the schema
from.
Alternativelly you can provide your own schema into same POST request you run the query.
Examples:
SCHEMA_URL='https://example.com/api/schema'
SCHEMA_FILE='example.yaml' # Note that should be placed into `schemas` folder
This schema stucture is an array of all the table definitions available in your schema. Something like:
[
{
"name": "applications",
"url": "https://example.com/api/schema/tables/applications",
"fields": [
{
"key": "id",
"type": "number"
},
{
"key": "first_name",
"type": "text"
},
{
"key": "last_name",
"type": "text"
}
]
},
{
"name": "goals",
"url": "https://example.com/api/schema/tables/goals",
"fields": [
{
"key": "id",
"type": "number"
},
{
"key": "progress",
"type": "text"
},
{
"key": "application_id",
"type": "number",
"table": "applications",
"foreign_key": "id"
}
]
}
]
To see yaml example check schemas/example.yaml
.
The schema definition needs to respond with an array of table definitions:
Table:
name
: Name of the tableurl
: URL to retrieve the data fromautodiscover
: If you want to autodiscover fields from url responseresult_key
: Which key should be readed for array of resultsfields
: List of fields / foreign keys of this tableEach table will have an array of fields that can be raw fields or foreign key to denote relations between tables.
Field:
key
: Name of the column / fieldtype
: Type of the field. Available types: text
, number
, data
and boolean
Foreign key:
key
: Name of the foreign keytype
: Type of the field. Available types: text
, number
, data
and boolean
table
: Target table of the foreign keyforeign_key
: Referenced column by the foreign keyOnce you have your tentaclesql server up and running you can use it by sending
POST requests against /
.
Example:
curl -H "Content-type: application/json" -X POST -d '{"query": "SELECT 1;"}' http://localhost:3000/
The expected payload contains the following parameters:
Note that you must configure your schema first. You can pass an environment variable:
Example
SCHEMA_FILE=example.yaml tentaclesql interactive
yarn cli interactive
# or installed global
tentaclesql interactive
yarn cli query "SELECT 1;"
# or installed global
tentaclesql query "SELECT 1;"
By default Tentacle sends one HTTP request for each table data, however you can change this and fetch all table data in one HTTP request. To enable this you need to pass following paramaters:
BULK_FETCH=true
BULK_FETCH_URL=url
FAQs
SQL engine from multiple sources
The npm package @factorialco/tentaclesql receives a total of 1 weekly downloads. As such, @factorialco/tentaclesql popularity was classified as not popular.
We found that @factorialco/tentaclesql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.