Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The less-opinionated Node.js database abstraction layer
Establish a connection:
// Takes an optional callback
var conn = anyDB.createConnection('driver://user:pass@hostname/database')
Make queries:
var sql = 'SELECT * FROM questions'
// query() returns a readable stream
conn.query(sql).on('data', function (row) {})
// pass a callback to collect results
conn.query(sql, function (error, result) {})
Use bound parameters:
sql += ' WHERE answer = ?'
conn.query(sql, [42], function (err, res) {})
Manage database transactions with any-db-transaction:
var begin = require('any-db-transaction')
var tx = begin(conn) // Can also take a callback
tx.on('error', function (err) {}) // Emitted for unhandled query errors
tx.query(...) // same interface as connections, plus...
tx.rollback() // this too
tx.commit() // takes an optional callback for errors
Create a connection pool that maintains 2-20 connections:
var pool = anyDB.createPool(dbURL, {min: 2, max: 20})
pool.query(...) // perform a single query, same API as connection
var tx = begin(pool) // create a transaction with the first available connection
pool.close() // close the pool (call when your app should exit)
The purpose of this library is to provide a consistent API for the commonly used functionality of SQL database drivers, while avoiding altering driver behaviour as much as possible.
npm install --save any-db-{postgres,mysql,sqlite3,mssql}
All of the adapter libraries have any-db
as a peerDependency, which means
that require('any-db')
will work even though you don't install it directly or
add it to your package.json.
Add any-db
to peerDependencies
in package.json. This allows users of your
library to satisfy the any-db dependency by installing the adapter of their
choice.
module.exports := {
createConnection: (Url, Continuation<Connection>?) => Connection
createPool: (Url, PoolConfig) => ConnectionPool
}
Url := String | { adapter: String }
PoolConfig := {
min: Number,
max: Number,
onConnect: (Connection, ((Error) => void) => void
reset: (Connection, ((Error) => void) => void
}
Continuation := (Maybe<Error>, Any) => void
The API of Connection and Query objects is fully described in the
adapter-spec, while Transaction and ConnectionPool objects have
their own documentation. Connections, transactions and pools all have a query
method that behaves consistently between drivers.
Both exported functions require an Url
as their first parameter. This can
either be a string of the form adapter://user:password@host/database
(which
will be parsed by parse-db-url) or an object. When an object is used, it
must have an adapter
property, and any other properties required by the
specified adapters createConnection method.
See also: README for your chosen adapter (MS SQL, MySQL, Postgres, and SQLite3)
MIT
FAQs
Database-agnostic connection pooling, querying, and result sets
The npm package any-db receives a total of 1,362 weekly downloads. As such, any-db popularity was classified as popular.
We found that any-db demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.