Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@ucast/mongo2js
Advanced tools
@ucast/mongo2js is a utility library that converts MongoDB query objects into JavaScript functions. This can be particularly useful for filtering data in JavaScript applications using the same query syntax as MongoDB.
Convert MongoDB Query to JavaScript Function
This feature allows you to convert a MongoDB query object into a JavaScript function that can be used to filter arrays of objects. In this example, the query filters out objects where the age is greater than 18.
const { compile } = require('@ucast/mongo2js');
const query = { age: { $gt: 18 } };
const filterFunction = compile(query);
const data = [
{ name: 'Alice', age: 17 },
{ name: 'Bob', age: 20 },
{ name: 'Charlie', age: 22 }
];
const filteredData = data.filter(filterFunction);
console.log(filteredData); // Output: [{ name: 'Bob', age: 20 }, { name: 'Charlie', age: 22 }]
Support for Complex Queries
This feature supports complex MongoDB queries, including logical operators like $and. In this example, the query filters out objects where the age is greater than 18 and the name contains the letter 'B'.
const { compile } = require('@ucast/mongo2js');
const query = { $and: [ { age: { $gt: 18 } }, { name: { $regex: 'B' } } ] };
const filterFunction = compile(query);
const data = [
{ name: 'Alice', age: 17 },
{ name: 'Bob', age: 20 },
{ name: 'Charlie', age: 22 }
];
const filteredData = data.filter(filterFunction);
console.log(filteredData); // Output: [{ name: 'Bob', age: 20 }]
mongo-parse is a library that parses MongoDB queries and provides a way to manipulate and analyze them. Unlike @ucast/mongo2js, which converts queries into JavaScript functions, mongo-parse is more focused on query analysis and manipulation.
json-query is a library for querying JSON objects using a simple query language. While it provides a way to filter JSON data, it does not use MongoDB query syntax and is not specifically designed to convert MongoDB queries into JavaScript functions like @ucast/mongo2js.
This package is a part of ucast ecosystem. It combines @ucast/mongo and @ucast/js into a package that allows to evaluate MongoDB query conditions in JavaScript runtime.
npm i @ucast/mongo2js
# or
yarn add @ucast/mongo2js
# or
pnpm add @ucast/mongo2js
To check that POJO can be matched by Mongo Query:
import { guard } from '@ucast/mongo2js';
const test = guard({
lastName: 'Doe',
age: { $gt: 18 }
});
console.log(test({
firstName: 'John',
lastName: 'Doe',
age: 19
})); // true
You can also get access to parsed Mongo Query AST:
console.log(test.ast); /*
{
operator: 'and',
value: [
{ operator: 'eq', field: 'lastName', value: 'Doe' },
{ operator: 'gt', field: 'age', value: 18 }
]
}
*/
For cases, when you need to test primitive elements, you can use squire
function:
import { squire } from '@ucast/mongo2js';
const test = squire({
$lt: 10,
$gt: 18
});
test(11) // true
test(9) // false
In order to implement a custom operator, you need to create a custom parsing instruction for MongoQueryParser
and custom JsInterpreter
to interpret this operator in JavaScript runtime.
This package re-exports all symbols from @ucast/mongo
and @ucast/js
, so you don't need to install them separately. For example, to add support for json-schema operator:
import { createFilter } from '@ucast/mongo2js';
import Ajv from 'ajv';
const $jsonSchema = {
type: 'document',
validate(instruction, value) {
if (!value || typeof value !== 'object') {
throw new Error(`"${instruction.name}" expects to receive an object`)
}
},
parse(instruction, schema) {
const ajv = new Ajv();
return new DocumentCondition(instruction.name, ajv.compile(schema));
}
};
const jsonSchema = (condition, object) => condition.value(object);
const customGuard = createFilter({
$jsonSchema,
}, {
jsonSchema
});
const test = customGuard({
$jsonSchema: {
type: 'object',
properties: {
firstName: { type: 'string' },
lastName: { type: 'string' },
},
}
});
console.log(test({ firstName: 'John' })); // false, `lastName` is not defined
This package is written in TypeScript and supports type inference for MongoQuery:
import { guard } from '@ucast/mongo2js';
interface Person {
firstName: string
lastName: string
age: number
}
const test = guard<Person>({ lastName: 'Doe' });
You can also use dot notation to set conditions on deeply nested fields:
import { guard } from '@ucast/mongo2js';
interface Person {
firstName: string
lastName: string
age: number
address: {
city: string
country: string
}
}
type ExtendedPerson = Person & {
'address.city': Person['address']['city']
}
const test = guard<ExtendedPerson>({ lastName: 'Doe' });
Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on guidelines for contributing
FAQs
git@github.com:stalniy/ucast.git
We found that @ucast/mongo2js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.