Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@libsql/client
Advanced tools
This is the source repository of the JavaScript & TypeScript SDK for libSQL. You can use it to interact with the following types of databases:
npm install @libsql/client
This step is not required if using the Deno style import shown below.
There are multiple ways to import the module. For Node.js and other environments where you need to use a local SQLite file URL, as well as network access to sqld
:
import { createClient } from "@libsql/client";
For environments that don't have a local filesystem, but support HTTP or WebSockets, including:
import { createClient } from "@libsql/client/web";
For environments that only support HTTP, including Vercel Edge Functions:
import { createClient } from "@libsql/client/http";
For Deno:
// replace [version] with the client version
import { createClient } from "https://esm.sh/@libsql/client@[version]/web";
To connect to a local SQLite database file using a local file URL:
const config = {
url: "file:local.db"
};
const db = createClient(config);
const rs = await db.execute("SELECT * FROM users");
console.log(rs);
To connect to a libSQL sqld instance using a libsql: URL:
import { createClient } from "@libsql/client"
const config = {
url: "libsql://[your-sqld-host]",
authToken: "[your-token]"
};
const db = createClient(config);
const rs = await db.execute("SELECT * FROM users");
console.log(rs);
If you are querying a sqld
instance on your local machine, add ?tls=0
to the URL to disable TLS.
authToken
in the config object is a token that your sqld instance recognizes to allow client access. For Turso databases, a token is obtained using the Turso CLI. No token is required by default when running sqld
on its own.
The client can connect to the database using different methods depending on the scheme (protocol) of the passed URL:
A file:
URL connects to a local SQLite database (using better-sqlite3).
file:/absolute/path
or file:///absolute/path
is an absolute path on local filesystem.file:relative/path
is a relative path on local filesystem.file://path
is not a valid URL.The client can connect to sqld
using HTTP or WebSockets. Internally, it uses the Hrana protocol implemented by hrana-client-ts.
libsql:
URL leaves the choice of protocol to the client. We are now using HTTP by default, but this may change in the future.
libsql:
URL uses TLS (i.e. https:
or wss:
).?tls=0
. You will also need to specify the port.http:
or https:
URLs connect to sqld
using HTTP.
ws:
or wss:
URLs use a stateful WebSocket to connect to sqld
.
You can find more examples of how to use this library using the Turso docs for JS&TS.
This project is licensed under the MIT license.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in @libsql/client
by you, shall be licensed as MIT, without any additional terms or conditions.
0.3.1 -- 2023-07-20
ResultSet.toJSON()
to provide better JSON serialization. (#61)package.json
that redirect the default import of @libsql/client
to @libsql/client/web
on a few supported edge platforms. (#65)Config.fetch
to support overriding the fetch
implementation from @libsql/isomorphic-fetch
. (#66)FAQs
libSQL driver for TypeScript and JavaScript
The npm package @libsql/client receives a total of 67,632 weekly downloads. As such, @libsql/client popularity was classified as popular.
We found that @libsql/client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.