
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@neondatabase/toolkit
Advanced tools
This is a toolkit that Bundles Neon's API Client as well as Neon's Serverless Driver.
You can use it to simplify the process of creating a Neon project and running SQL queries. This is ideal for test environments, where you don't want to set up a Neon project manually.
Furthermore, it's also a great choice for AI agents which need to interact with Neon.
[!CAUTION] This is in very early development and API stability is not guaranteed.
import { NeonToolkit } from "@neondatabase/toolkit";
const toolkit = new NeonToolkit(process.env.NEON_API_KEY!);
const project = await toolkit.createProject();
await toolkit.sql(
project,
`
CREATE TABLE IF NOT EXISTS users (
id UUID PRIMARY KEY,
name VARCHAR(255) NOT NULL
);
`,
);
await toolkit.sql(
project,
`INSERT INTO users (id, name) VALUES (gen_random_uuid(), 'Sam Smith')`,
);
console.log(
await toolkit.sql(
project,
`SELECT name FROM users`,
),
);
await toolkit.deleteProject(project);
To run this:
NEON_API_KEY=<YOUR_NEON_API_KEY> node index.js # bun also works
import { NeonToolkit } from "@neondatabase/toolkit";
const toolkit = new NeonToolkit(process.env.NEON_API_KEY!);
const project = await toolkit.createProject();
const apiClient = toolkit.apiClient;
// Now, you have the underlying API client which lets you interact with Neon's API.
Neon adheres to the securitytxt.org standard for transparent and efficient security reporting. For details on how to report potential vulnerabilities, please visit our Security reporting page or refer to our security.txt file.
If you have any questions about our security protocols or would like a deeper dive into any aspect, our team is here to help. You can reach us at security@neon.tech.
FAQs
Unknown package
We found that @neondatabase/toolkit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.