Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@google-cloud/connect-datastore
Advanced tools
Google Cloud Datastore session store for Express/Connect
@google-cloud/connect-datastore is a Google Cloud Datastore session store backed by @google-cloud/datastore.
Note: Cloud Datastore is a persistent, distributed, transactional database. Often, it's more appropriate to choose a different storage solution for sessions such as Memcache or Redis as their designs offer much faster operation in this use case.
npm install @google-cloud/connect-datastore
You must have a Google Cloud project and credentials.
See gcloud node's documentation on setting up authentication.
const Datastore = require('@google-cloud/datastore');
const express = require('express');
const session = require('express-session');
const app = express();
const DatastoreStore = require('@google-cloud/connect-datastore')(session);
app.use(session({
store: new DatastoreStore({
dataset: Datastore({
kind: 'express-sessions',
// For convenience, @google-cloud/datastore automatically looks for the
// GCLOUD_PROJECT environment variable. Or you can explicitly pass in a
// project ID here:
projectId: 'YOUR_PROJECT_ID' || process.env.GCLOUD_PROJECT,
// For convenience, @google-cloud/datastore automatically looks for the
// GOOGLE_APPLICATION_CREDENTIALS environment variable. Or you can
// explicitly pass in that path to your key file here:
keyFilename: '/path/to/keyfile.json' || process.env.GOOGLE_APPLICATION_CREDENTIALS
})
}),
secret: 'my-secret'
}));
FAQs
Google Cloud Datastore session store for Express/Connect
The npm package @google-cloud/connect-datastore receives a total of 436 weekly downloads. As such, @google-cloud/connect-datastore popularity was classified as not popular.
We found that @google-cloud/connect-datastore demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.