Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@noreajs/mongoose
Advanced tools
NoreaJs Mongoose is a package which contains a set of tools intended to facilitate the use of mongoose.
The package already has his type definitions.
npm install @noreajs/mongoose --save
For typescript developers, make sure you install those type definitions packages:
To use MongoDB in your application, initialization is required. To do so with this little baby package, here's how:
Import the MongoDB context:
import { MongodbContext } from "@noreajs/mongoose";
Then use this line of code to initialize:
MongodbContext.init({
connectionUrl: `MONGODB_CONNECTION_URL`,
options: {}, // optional
onConnect: () => {}, // optional
onError: () => {}, // optional
});
Mongoose is the ideal tool when working with MongoDB. Very often to create a model, there is a set of information to take into account and the organization of the different elements constituting a model can become complicated. This package offers you a relatively simple way to proceed to create a model.
Full example of model declaration: Task.ts file (or Task.js):
import { mongooseModel, Document, Schema } from "@noreajs/mongoose";
interface ITask extends Document {
name: string;
description?: string;
createdAt: Date;
updatedAt: Date;
}
export default mongooseModel<ITask>({
name: "Task",
collection: "tasks",
schema: new Schema(
{
name: {
type: Schema.Types.String,
required: [true, "Task's name is required"],
},
description: {
type: Schema.Types.String,
},
},
{
timestamps: true, // createdAt and UpdatedAt are created and managed by mongoose
}
),
// + other properties
});
After creating the model, you can import it anywhere and use it.
The generic method used is mongooseModel, Where T is the interface which describes the model, and which must extend the mongoose Document interface.
The parameter of method mongooseModel is of the generic type MoongooseModelParams;
type MoongooseModelParams<T extends Document> = {
name: string;
collection?: string;
skipInit?: boolean;
paginate?: boolean;
aggregatePaginate?: boolean;
autopopulate?: boolean;
leanVirtuals?: boolean;
uniqueValidator?: boolean;
uniqueValidatorMessage?: string;
virtuals?: [
{
fieldName: string;
options?: any;
get: Function;
set?: Function;
}
];
methods: {
[K in keyof Partial<T>]: Function;
};
plugins?: (schema: Schema) => void;
schema: Schema<T>;
externalConfig?: (schema: Schema) => void;
};
MoongooseModelParams descriptions:
Attribute | Type | Optional | Default | Description |
---|---|---|---|---|
name | string | false | Model name | |
collection | string | true | Collection name (optional, induced from model name) | |
skipInit | boolean | true | false | Whether to skip initialization or not |
paginate | boolean | true | true | The plugin automatically added when true is Mongoose Paginate |
aggregatePaginate | boolean | true | true | The plugin automatically added when true is Mongoose Aggregate Paginate V2 |
autopopulate | boolean | true | true | Always populate() certain fields in your Mongoose schemas. Only apply this plugin to top-level schemas. Don't apply this plugin to child schemas. |
leanVirtuals | boolean | true | true | Attach virtuals to the results of Mongoose queries when using .lean(). |
uniqueValidator | boolean | true | true | Catch unique validation error like normal validation error |
uniqueValidatorMessage | string | true | Expected {PATH} to be unique. | Unique validator message You can pass through a custom error message as part of the optional options argument: You have access to all of the standard Mongoose error message templating: :{PATH}, {VALUE}, {TYPE} |
plugins | function | true | Add globaly a plugin to a mongoose schema | |
schema | mongoose.Schema | true | Mongoose schema defining the model | |
virtuals | array | true | Define the virtual attributes of the model | |
methods | object | true | Define the methods associated with the models | |
externalConfig | function | true | Configure the schema created by adding methods, middlewares, virtuals and many other things provided by Mongoose - Methods - https://mongoosejs\.com/docs/guide\.html\#methods - Middlewares - https://mongoosejs\.com/docs/middleware\.html - Virtuals - https://mongoosejs\.com/docs/guide\.html\#virtuals |
Table made with Table Convert
Linearize Mongoose errors when you catch them. The method used is linearizeErrors.
Mongoose validation errors normaly looks like this:
{
"message": "Validation Error: First error, second error and many other (maybe) unnecessary",
"errors": {
"fieldA": {
"message": "The field A is required",
"...": "..."
},
"fieldB": {
"message": "Th field B is not required (lol)",
"...": "..."
}
}
}
While using linearizeErrors method, the error data become:
{
"message": "This field A is required; Th field B is not required (lol)"
}
Example:
try {
const task = new Task({
name: "Install it",
description: "",
});
await task.save();
} catch (e) {
// linearize here
linearizeErrors(e);
// or
// linearizeErrors(e, {debug: true}); // to keep the original 'errors' attribute
// return the response
return res.status(500).json(e);
}
MIT
FAQs
Mongoose helpers
The npm package @noreajs/mongoose receives a total of 2 weekly downloads. As such, @noreajs/mongoose popularity was classified as not popular.
We found that @noreajs/mongoose demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.