Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@travetto/model
Advanced tools
Datastore abstraction for CRUD operations with advanced query support.
This module provides a clean interface to data model persistence, modification and retrieval. This module builds heavily upon the Schema
, which is used for data model validation.
The module can be segmented into three main areas: Model declaration, access/storage, and querying
Models are declared via the @Model
decorator, which allows the system to know that this is a class that is compatible with the module.
@Model()
class User extends BaseModel {
name: string;
age: number;
contact?: boolean;
}
The User
model is now ready to be used with the model services.
The ModelService
is the foundation for all access to the storage layer, and provides a comprehensive set of functionality. The service includes support for modifying individual records, bulk update/insert/delete, partial updates, finding records, and more. This should be the expected set of functionality for storage and retrieval.
class UserManager {
private service: ModelService;
async register(user: User) {
const created = await this.service.save(User, user);
... send welcome email ...
return created;
}
async bulkCreate(users: User[]) {
const res = await this.service.bulkProcess(User, {
insert: users
});
... notify administrator of completion ...
return res;
}
}
The ModelService
itself relies upon a ModelSource
which is the driver for the storage layer. Currently the only ModelSource
implementations are for mongodb
and elasticsearch
, with sql support on the roadmap.
During development, ModelSource
supports the ability to respond to model changes in real-time, and to modify the underlying storage mechanism. An example of this would be elasticsearch
schemas being updated as fields are added or removed from the Model
class.
Additionally there is a class ClassModelService
that provides a wrapper around ModelService
that is tied to a specific Model
class. This can be useful if you want to constrain the model access or if you have a high volume of function calls for the same model.
One of the complexities of abstracting multiple storage mechanisms, is providing a consistent query language. The query language the module uses is a derivation of mongodb
's query language, with some restrictions, additions, and caveats. Additionally, given the nature of typescript, all queries are statically typed, and will catch type errors at compile time.
field : { $eq : T }
to determine if a field is equal to a valuefield : { $ne: T }
to determine if a field is not equal to a valuefield : { $exists : boolean }
to determine if a field exists or notfield : T
to see if the field is equal to whatever value is passed infield : { $in : T[] }
to see if a record's value appears in the array provided to $in
field : { $nin: T[] }
to see if a record's value does not appear in the array provided to $in
field : { $lt: T }
checks if value is less thanfield : { $lte: T }
checks if value is less than or equal tofield : { $gt: T }
checks if value is greater thanfield : { $gte : T }
checks if value is greater than or equal tofield : { $all: T[]] }
checks to see if the records value contains everything within $all
field : { $regex: RegExp; }
checks the field against the regular expressionfield : { $geoWithin: Point[] }
determines if the value is within the bounding region of the pointsfield : { $geoIntersects: Point[] }
determines if the value intersects with the bounding region of the points{ $and: [] }
provides a grouping in which all sub clauses are required{ $or: [] }
provides a grouping in which at least one of the sub clauses is required{ $not : {} }
negates a clauseA sample query for User
s might be:
this.service.getAllByQuery(User, {
$and: [
{
$not : {
age : {
$lt : 35
}
}
},
{
contact : {
$exists: true
}
}
]
})
This would find all users who are over 35 and that have the contact
field specified.
Integration with other modules can be supported by extensions. The dependencies are optionalExtensionDependencies
and must be installed directly if you want to use them:
Express
support with the @ModelController
for exposing common RESTful patterns for routes.
@ModelController('/user', User)
class UserController {
source: ModelService;
}
is a shorthand that is equal to:
@Controller('/user')
class UserController {
source: ModelService;
@Get('')
async getAllUser(req:Request) {
return await this.source.getAllByQuery(User, JSON.parse(req.params.q));
}
@Get(':id')
async getUser(req:Request) {
return await this.source.getById(User, req.params.id);
}
@Delete(':id')
async deleteUser(req:Request) {
return await this.source.deleteById(User, req.params.id);
}
@Post('')
@SchemaBody(User)
async saveUser(req:TypedBody<User>) {
return await this.source.save(User, req.body);
}
@Put('')
@SchemaBody(User)
async updateUser(req:TypedBody<User>) {
return await this.source.update(User, req.body);
}
}
FAQs
Datastore abstraction for core operations.
The npm package @travetto/model receives a total of 434 weekly downloads. As such, @travetto/model popularity was classified as not popular.
We found that @travetto/model demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.