
Security News
/Research
Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
@mastra/libsql
Advanced tools
Affected versions:
Libsql provider for Mastra - includes both vector and db storage capabilities
SQLite implementation for Mastra, providing both vector similarity search and general storage capabilities with connection pooling and transaction support.
npm install @mastra/libsql
import { LibSQLVector } from '@mastra/libsql';
const vectorStore = new LibSQLVector({
url: 'file:./my-db.db'
});
// Create a new table with vector support
await vectorStore.createIndex({
indexName: 'my_vectors',
dimension: 1536,
metric: 'cosine',
});
// Add vectors
const ids = await vectorStore.upsert({
indexName: 'my_vectors',
vectors: [[0.1, 0.2, ...], [0.3, 0.4, ...]],
metadata: [{ text: 'doc1' }, { text: 'doc2' }],
});
// Query vectors
const results = await vectorStore.query({
indexName: 'my_vectors',
queryVector: [0.1, 0.2, ...],
topK: 10, // topK
filter: { text: 'doc1' }, // filter
includeVector: false, // includeVector
minScore: 0.5, // minScore
});
import { LibSQLStore } from '@mastra/pg';
const store = new LibSQLStore({
url: 'file:./my-db.db',
});
// Create a thread
await store.saveThread({
id: 'thread-123',
resourceId: 'resource-456',
title: 'My Thread',
metadata: { key: 'value' },
});
// Add messages to thread
await store.saveMessages([
{
id: 'msg-789',
threadId: 'thread-123',
role: 'user',
type: 'text',
content: [{ type: 'text', text: 'Hello' }],
},
]);
// Query threads and messages
const savedThread = await store.getThread('thread-123');
const messages = await store.getMessages('thread-123');
The LibSQLStore store can be initialized with:
The following filter operators are supported for metadata queries:
$eq, $ne, $gt, $gte, $lt, $lte$and, $or$in, $nin$regex, $likeExample filter:
{
$and: [{ age: { $gt: 25 } }, { tags: { $in: ['tag1', 'tag2'] } }];
}
createIndex({indexName, dimension, metric?, indexConfig?, defineIndex?}): Create a new table with vector supportupsert({indexName, vectors, metadata?, ids?}): Add or update vectorsquery({indexName, queryVector, topK?, filter?, includeVector?, minScore?}): Search for similar vectorsdefineIndex({indexName, metric?, indexConfig?}): Define an indexlistIndexes(): List all vector-enabled tablesdescribeIndex(indexName): Get table statisticsdeleteIndex(indexName): Delete a tabletruncateIndex(indexName): Remove all data from a tablesaveThread(thread): Create or update a threadgetThread(threadId): Get a thread by IDdeleteThread(threadId): Delete a thread and its messagessaveMessages(messages): Save multiple messages in a transactiongetMessages(threadId): Get all messages for a threaddeleteMessages(messageIds): Delete specific messagesFAQs
Libsql provider for Mastra - includes both vector and db storage capabilities
The npm package @mastra/libsql receives a total of 146,595 weekly downloads. As such, @mastra/libsql popularity was classified as popular.
We found that @mastra/libsql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.