
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@mastra/libsql
Advanced tools
Affected versions:
Libsql provider for Mastra - includes both vector and db storage capabilities
SQLite implementation for Mastra, providing both vector similarity search and general storage capabilities with connection pooling and transaction support.
npm install @mastra/libsql
import { LibSQLVector } from '@mastra/libsql';
const vectorStore = new LibSQLVector({
url: 'file:./my-db.db'
});
// Create a new table with vector support
await vectorStore.createIndex({
indexName: 'my_vectors',
dimension: 1536,
metric: 'cosine',
});
// Add vectors
const ids = await vectorStore.upsert({
indexName: 'my_vectors',
vectors: [[0.1, 0.2, ...], [0.3, 0.4, ...]],
metadata: [{ text: 'doc1' }, { text: 'doc2' }],
});
// Query vectors
const results = await vectorStore.query({
indexName: 'my_vectors',
queryVector: [0.1, 0.2, ...],
topK: 10, // topK
filter: { text: 'doc1' }, // filter
includeVector: false, // includeVector
minScore: 0.5, // minScore
});
import { LibSQLStore } from '@mastra/libsql';
const store = new LibSQLStore({
id: 'libsql-storage',
url: 'file:./my-db.db',
});
// Create a thread
await store.saveThread({
thread: {
id: 'thread-123',
resourceId: 'resource-456',
title: 'My Thread',
metadata: { key: 'value' },
createdAt: new Date(),
},
});
// Add messages to thread
await store.saveMessages({
messages: [
{
id: 'msg-789',
threadId: 'thread-123',
role: 'user',
content: { content: 'Hello' },
resourceId: 'resource-456',
createdAt: new Date(),
},
],
});
// Query threads and messages
const savedThread = await store.getThreadById({ threadId: 'thread-123' });
const messages = await store.listMessages({ threadId: 'thread-123' });
The LibSQLStore store can be initialized with:
The following filter operators are supported for metadata queries:
$eq, $ne, $gt, $gte, $lt, $lte$and, $or$in, $nin$regex, $likeExample filter:
{
$and: [{ age: { $gt: 25 } }, { tags: { $in: ['tag1', 'tag2'] } }];
}
createIndex({indexName, dimension, metric?, indexConfig?, defineIndex?}): Create a new table with vector supportupsert({indexName, vectors, metadata?, ids?}): Add or update vectorsquery({indexName, queryVector, topK?, filter?, includeVector?, minScore?}): Search for similar vectorsupdateVector({ indexName, id?, filter?, update }): Update a single vector by ID or metadata filterdeleteVector({ indexName, id }): Delete a single vector by IDdeleteVectors({ indexName, ids?, filter? }): Delete multiple vectors by IDs or metadata filterdefineIndex({indexName, metric?, indexConfig?}): Define an indexlistIndexes(): List all vector-enabled tablesdescribeIndex(indexName): Get table statisticsdeleteIndex(indexName): Delete a tabletruncateIndex(indexName): Remove all data from a tablesaveThread({ thread }): Create or update a threadgetThreadById({ threadId }): Get a thread by IDdeleteThread({ threadId }): Delete a thread and its messagessaveMessages({ messages }): Save multiple messages in a transactionlistMessages({ threadId, perPage?, page? }): Get messages for a thread with paginationdeleteMessages(messageIds): Delete specific messagesFAQs
Libsql provider for Mastra - includes both vector and db storage capabilities
The npm package @mastra/libsql receives a total of 261,225 weekly downloads. As such, @mastra/libsql popularity was classified as popular.
We found that @mastra/libsql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.