Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
better-sqlite3-schema
Advanced tools
Migrate (nested and multi-dimensional) json data to/from sqlite database with better-sqlite3-helper
Migrate (nested and multi-dimensional) json data to/from sqlite database with better-sqlite3-helper
Sample json data type:
interface Thread {
tid: number
subject: string
uid: string
author: string
posts: Post[]
tags: string[]
}
interface Post {
pid: number
uid: string
author: string
content: string
imgs: string[]
}
Sample table schema:
import { TableSchema } from '.'
const threadSchema: TableSchema = {
table: 'thread',
fields: {
tid: 'integer',
subject: 'text',
uid: 'integer',
},
refFields: ['type'],
}
const threadTagSchema: TableSchema = {
table: 'thread_tag',
fields: {
tid: 'integer',
},
refFields: ['tag'],
}
const postSchema: TableSchema = {
table: 'post',
fields: {
pid: 'integer',
tid: 'integer',
uid: 'integer',
content: 'text',
},
}
const postImgSchema: TableSchema = {
table: 'post_img',
fields: {
pid: 'integer',
},
refFields: ['img'],
}
The functional approach allows one to compose customizable helper functions at runtime.
Explore the dataset and auto built schema with
makeSchemaScanner()
Compose insert functions with
makeInsertRowFnFromSchema()
makeDeduplicatedInsertRowFnFromSchema()
Compose select functions with
makeSelectRowFnFromSchema()
makeSelectRefFieldArray()
makeGetRefValueFnFromSchema()
Detail example see makePredefinedInsertRowFn()
and makeGeneralInsertRowFn()
in functional-test.ts
The code generation approach allows one to compose customizable helper functions at build-time. Which can archive ~50% speed up compared to the runtime composing.
8GiB of HTTP proxy server log. Each line is a compact json text.
Sample text:
{"timestamp":1600713130016,"type":"request","userAgent":"Mozilla/5.0 (Linux; Android 10; LIO-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Mobile Safari/537.36","referer":"https://www.example.net/sw.js","protocol":"https","host":"www.example.net","method":"GET","url":"/build/p-7794655c.js"}
When stored into sqlite3, the data are normalized into multiple tables to avoid duplication, e.g. only storing the full text of each type of user agent and url once.
File size in varies format:
storage | size | size compared with plain text | Remark |
---|---|---|---|
plain text | 8256M | - | |
sqlite without index | 920M | 11.1% | |
zip of non-indexed sqlite file | 220M | 2.7% | 23.9% of sqlite3 file |
sqlite with indices | 1147M | 13.9% | +24% of sqlite file |
zip of indexed sqlite file | 268M | 3.2% | 23.4% of indexed sqlite3 file |
Time used to import:
Optimization used:
PRAGMA synchronous = OFF
PRAGMA journal_mode = MEMORY
PRAGMA cache_size = ${(200 * 1000 ** 2) / 4}
(default page size is 4K, we largely increase the cache_size to avoid massive tedious disk write)Remark:
Using index increases the file size by 1/4, but hugely speeds up the import process.
To archive the best of both aspects, create indices during import; and remove indices (then VACUUM) for archive file.
It takes 4.9s to build the indices; and 16.3s to vacuum the database after removal of indices.
291119 sample json data crawled from online forum (threads and posts)
Total size: 843M
The objects have consistent shape.
Some data are duplicated, e.g. user name, and some common comments.
Same as the dataset used in binary-object
File size in varies format:
storage | size |
---|---|
json text | 843M |
sqlite3 with index | 669M |
sqlite3 without index | 628M |
zip of sqlite3 without index | 171M |
Remark: The data in sqlite3 are normalized to avoid duplication
FAQs
Migrate (nested and multi-dimensional) json data to/from sqlite database with better-sqlite3-helper
The npm package better-sqlite3-schema receives a total of 35 weekly downloads. As such, better-sqlite3-schema popularity was classified as not popular.
We found that better-sqlite3-schema demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.