Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@sqlite.org/sqlite-wasm
Advanced tools
SQLite Wasm conveniently wrapped as an ES Module.
Warning
This project wraps the code of SQLite Wasm with no changes, apart from added TypeScript types. Please do not file issues or feature requests regarding the underlying SQLite Wasm code here. Instead, please follow the SQLite bug filing instructions. Filing TypeScript type related issues and feature requests is fine.
npm install @sqlite.org/sqlite-wasm
There are three ways to use SQLite Wasm:
Only the worker versions allow you to use the origin private file system (OPFS) storage back-end.
Warning
For this to work, you need to set the following headers on your server:
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
import { sqlite3Worker1Promiser } from '@sqlite.org/sqlite-wasm';
const log = (...args) => console.log(...args);
const error = (...args) => console.error(...args);
(async () => {
try {
log('Loading and initializing SQLite3 module...');
const promiser = await new Promise((resolve) => {
const _promiser = sqlite3Worker1Promiser({
onready: () => {
resolve(_promiser);
},
});
});
log('Done initializing. Running demo...');
let response;
response = await promiser('config-get', {});
log('Running SQLite3 version', response.result.version.libVersion);
response = await promiser('open', {
filename: 'file:mydb.sqlite3?vfs=opfs',
});
const { dbId } = response;
log(
'OPFS is available, created persisted database at',
response.result.filename.replace(/^file:(.*?)\?vfs=opfs/, '$1'),
);
// Your SQLite code here.
} catch (err) {
if (!(err instanceof Error)) {
err = new Error(err.result.message);
}
error(err.name, err.message);
}
})();
Warning
For this to work, you need to set the following headers on your server:
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
// In `main.js`.
const worker = new Worker('worker.js', { type: 'module' });
// In `worker.js`.
import sqlite3InitModule from '@sqlite.org/sqlite-wasm';
const log = (...args) => console.log(...args);
const error = (...args) => console.error(...args);
const start = function (sqlite3) {
log('Running SQLite3 version', sqlite3.version.libVersion);
let db;
if ('opfs' in sqlite3) {
db = new sqlite3.oo1.OpfsDb('/mydb.sqlite3');
log('OPFS is available, created persisted database at', db.filename);
} else {
db = new sqlite3.oo1.DB('/mydb.sqlite3', 'ct');
log('OPFS is not available, created transient database', db.filename);
}
// Your SQLite code here.
};
log('Loading and initializing SQLite3 module...');
sqlite3InitModule({
print: log,
printErr: error,
}).then((sqlite3) => {
log('Done initializing. Running demo...');
try {
start(sqlite3);
} catch (err) {
error(err.name, err.message);
}
});
import sqlite3InitModule from '@sqlite.org/sqlite-wasm';
const log = (...args) => console.log(...args);
const error = (...args) => console.error(...args);
const start = function (sqlite3) {
log('Running SQLite3 version', sqlite3.version.libVersion);
const db = new sqlite3.oo1.DB('/mydb.sqlite3', 'ct');
// Your SQLite code here.
};
log('Loading and initializing SQLite3 module...');
sqlite3InitModule({
print: log,
printErr: error,
}).then((sqlite3) => {
try {
log('Done initializing. Running demo...');
start(sqlite3);
} catch (err) {
error(err.name, err.message);
}
});
The db
object above implements the
Object Oriented API #1.
If you are using vite, you need to add the following
config option in vite.config.js
:
import { defineConfig } from 'vite';
export default defineConfig({
server: {
headers: {
'Cross-Origin-Opener-Policy': 'same-origin',
'Cross-Origin-Embedder-Policy': 'require-corp',
},
},
optimizeDeps: {
exclude: ['@sqlite.org/sqlite-wasm'],
},
});
Check out a sample project that shows this in action.
See the demo folder for examples of how to use this in the main thread and in a worker. (Note that the worker variant requires special HTTP headers, so it can't be hosted on GitHub Pages.) An example that shows how to use this with vite is available on StackBlitz.
See the list of npm dependents for this package.
(These steps can only be executed by maintainers.)
package.json
reflecting the current
SQLite version number and add a build
identifier suffix like -build1
. The complete version number should read
something like 3.41.2-build1
.npm run build
to build the ES Module. This downloads the latest SQLite
Wasm binary and builds the ES Module.npm run deploy
to commit the changes, push to GitHub, and publish the
new version to npm.Apache 2.0.
This project is based on SQLite Wasm, which it
conveniently wraps as an ES Module and publishes to npm as
@sqlite.org/sqlite-wasm
.
FAQs
SQLite Wasm conveniently wrapped as an ES Module.
The npm package @sqlite.org/sqlite-wasm receives a total of 4,423 weekly downloads. As such, @sqlite.org/sqlite-wasm popularity was classified as popular.
We found that @sqlite.org/sqlite-wasm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.