Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@hoprik/mongoose
Advanced tools
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Mongoose supports Node.js and Deno (alpha).
The official documentation website is mongoosejs.com.
Mongoose 8.0.0 was released on October 31, 2023. You can find more details on backwards breaking changes in 8.0.0 on our docs site.
Check out the plugins search site to see hundreds of related modules from the community. Next, learn how to write your own plugin from the docs or this blog post.
Pull requests are always welcome! Please base pull requests against the master
branch and follow the contributing guide.
If your pull requests makes documentation changes, please do not
modify any .html
files. The .html
files are compiled code, so please make
your changes in docs/*.pug
, lib/*.js
, or test/docs/*.js
.
View all 400+ contributors.
First install Node.js and MongoDB. Then:
npm install mongoose
Mongoose 6.8.0 also includes alpha support for Deno.
// Using Node.js `require()`
const mongoose = require('mongoose');
// Using ES6 imports
import mongoose from 'mongoose';
Or, using Deno's createRequire()
for CommonJS support as follows.
import { createRequire } from 'https://deno.land/std@0.177.0/node/module.ts';
const require = createRequire(import.meta.url);
const mongoose = require('mongoose');
mongoose.connect('mongodb://127.0.0.1:27017/test')
.then(() => console.log('Connected!'));
You can then run the above script using the following.
deno run --allow-net --allow-read --allow-sys --allow-env mongoose-test.js
Available as part of the Tidelift Subscription
The maintainers of mongoose and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
First, we need to define a connection. If your app uses only one database, you should use mongoose.connect
. If you need to create additional connections, use mongoose.createConnection
.
Both connect
and createConnection
take a mongodb://
URI, or the parameters host, database, port, options
.
await mongoose.connect('mongodb://127.0.0.1/my_database');
Once connected, the open
event is fired on the Connection
instance. If you're using mongoose.connect
, the Connection
is mongoose.connection
. Otherwise, mongoose.createConnection
return value is a Connection
.
Note: If the local connection fails then try using 127.0.0.1 instead of localhost. Sometimes issues may arise when the local hostname has been changed.
Important! Mongoose buffers all the commands until it's connected to the database. This means that you don't have to wait until it connects to MongoDB in order to define models, run queries, etc.
Models are defined through the Schema
interface.
const Schema = mongoose.Schema;
const ObjectId = Schema.ObjectId;
const BlogPost = new Schema({
author: ObjectId,
title: String,
body: String,
date: Date
});
Aside from defining the structure of your documents and the types of data you're storing, a Schema handles the definition of:
The following example shows some of these features:
const Comment = new Schema({
name: { type: String, default: 'hahaha' },
age: { type: Number, min: 18, index: true },
bio: { type: String, match: /[a-z]/ },
date: { type: Date, default: Date.now },
buff: Buffer
});
// a setter
Comment.path('name').set(function(v) {
return capitalize(v);
});
// middleware
Comment.pre('save', function(next) {
notify(this.get('email'));
next();
});
Take a look at the example in examples/schema/schema.js
for an end-to-end example of a typical setup.
Once we define a model through mongoose.model('ModelName', mySchema)
, we can access it through the same function
const MyModel = mongoose.model('ModelName');
Or just do it all at once
const MyModel = mongoose.model('ModelName', mySchema);
The first argument is the singular name of the collection your model is for. Mongoose automatically looks for the plural version of your model name. For example, if you use
const MyModel = mongoose.model('Ticket', mySchema);
Then MyModel
will use the tickets collection, not the ticket collection. For more details read the model docs.
Once we have our model, we can then instantiate it, and save it:
const instance = new MyModel();
instance.my.key = 'hello';
await instance.save();
Or we can find documents from the same collection
await MyModel.find({});
You can also findOne
, findById
, update
, etc.
const instance = await MyModel.findOne({ /* ... */ });
console.log(instance.my.key); // 'hello'
For more details check out the docs.
Important! If you opened a separate connection using mongoose.createConnection()
but attempt to access the model through mongoose.model('ModelName')
it will not work as expected since it is not hooked up to an active db connection. In this case access your model through the connection you created:
const conn = mongoose.createConnection('your connection string');
const MyModel = conn.model('ModelName', schema);
const m = new MyModel();
await m.save(); // works
vs
const conn = mongoose.createConnection('your connection string');
const MyModel = mongoose.model('ModelName', schema);
const m = new MyModel();
await m.save(); // does not work b/c the default connection object was never connected
In the first example snippet, we defined a key in the Schema that looks like:
comments: [Comment]
Where Comment
is a Schema
we created. This means that creating embedded documents is as simple as:
// retrieve my model
const BlogPost = mongoose.model('BlogPost');
// create a blog post
const post = new BlogPost();
// create a comment
post.comments.push({ title: 'My comment' });
await post.save();
The same goes for removing them:
const post = await BlogPost.findById(myId);
post.comments[0].deleteOne();
await post.save();
Embedded documents enjoy all the same features as your models. Defaults, validators, middleware.
See the docs page.
You can intercept method arguments via middleware.
For example, this would allow you to broadcast changes about your Documents every time someone set
s a path in your Document to a new value:
schema.pre('set', function(next, path, val, typel) {
// `this` is the current Document
this.emit('set', path, val);
// Pass control to the next pre
next();
});
Moreover, you can mutate the incoming method
arguments so that subsequent middleware see different values for those arguments. To do so, just pass the new values to next
:
schema.pre(method, function firstPre(next, methodArg1, methodArg2) {
// Mutate methodArg1
next('altered-' + methodArg1.toString(), methodArg2);
});
// pre declaration is chainable
schema.pre(method, function secondPre(next, methodArg1, methodArg2) {
console.log(methodArg1);
// => 'altered-originalValOfMethodArg1'
console.log(methodArg2);
// => 'originalValOfMethodArg2'
// Passing no arguments to `next` automatically passes along the current argument values
// i.e., the following `next()` is equivalent to `next(methodArg1, methodArg2)`
// and also equivalent to, with the example method arg
// values, `next('altered-originalValOfMethodArg1', 'originalValOfMethodArg2')`
next();
});
type
, when used in a schema has special meaning within Mongoose. If your schema requires using type
as a nested property you must use object notation:
new Schema({
broken: { type: Boolean },
asset: {
name: String,
type: String // uh oh, it broke. asset will be interpreted as String
}
});
new Schema({
works: { type: Boolean },
asset: {
name: String,
type: { type: String } // works. asset is an object with a type property
}
});
Mongoose is built on top of the official MongoDB Node.js driver. Each mongoose model keeps a reference to a native MongoDB driver collection. The collection object can be accessed using YourModel.collection
. However, using the collection object directly bypasses all mongoose features, including hooks, validation, etc. The one
notable exception that YourModel.collection
still buffers
commands. As such, YourModel.collection.find()
will not
return a cursor.
Find the API docs here, generated using dox and acquit.
Copyright (c) 2010 LearnBoost <dev@learnboost.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Mongoose MongoDB ODM
The npm package @hoprik/mongoose receives a total of 0 weekly downloads. As such, @hoprik/mongoose popularity was classified as not popular.
We found that @hoprik/mongoose demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.