Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
bodybuilder
Advanced tools
bodybuilder
An elasticsearch query body builder. Easily build complex queries for elasticsearch with a simple, predictable api.
Documentation
Check out the API documentation for details and examples.
Use https://bodybuilder.js.org/ to test your constructions.
Elasticsearch compatibility
Currently aims to support the full elasticsearch query DSL for all versions.
The elasticsearch 1.x query DSL is supported by providing a v1 argument
when calling the build function.
Install
npm install bodybuilder --save
Usage
var bodybuilder = require('bodybuilder')
var body = bodybuilder().query('match', 'message', 'this is a test')
body.build() // Build 2.x or greater DSL (default)
body.build('v1') // Build 1.x DSL
For each elasticsearch query body, create an instance of bodybuilder, apply
the desired query/filter/aggregation clauses, and call build to retrieve the
built query body.
REPL
Try it out on the command line using the node REPL:
# Start the repl
node ./node_modules/bodybuilder/repl.js
# The builder is available in the context variable bodybuilder
bodybuilder > bodybuilder().query('match', 'message', 'this is a test').build()
Queries
bodybuilder().query([arguments])
Creates a query of type queryType.
Arguments
The specific arguments depend on the type of query, but typically follow this pattern:
queryType- The name of the query, such as'term'or'prefix'.fieldToQuery- The name of the field in your index to query over.searchTerm- The string to search for.
var body = bodybuilder().query('match', 'message', 'this is a test').build()
// body == {
// query: {
// match: {
// message: 'this is a test'
// }
// }
// }
Filters
bodybuilder().filter([arguments])
Creates a filtered query using filter of type filterType.
Arguments
The specific arguments depend on the type of filter, but typically follow this pattern:
filterType- The name of the query, such as'regexp'or'exists'.fieldToQuery- The name of the field in your index to filter on.searchTerm- The string to search for.
bodybuilder().filter('term', 'message', 'test').build()
// body == {
// query: {
// bool: {
// filter: {
// term: {
// message: 'test'
// }
// }
// }
// }
// }
Aggregations
bodybuilder().aggregation([arguments])
Creates an aggregation of type aggregationType.
Arguments
The specific arguments depend on the type of aggregation, but typically follow this pattern:
aggregationType- The name of the aggregation, such as'sum'or'terms'.fieldToAggregate- The name of the field in your index to aggregate over.aggregationName- (optional) A custom name for the aggregation. Defaults toagg_<aggregationType>_<fieldToAggregate>.aggregationOptions- (optional) Additional key-value pairs to include in the aggregation object.nestingFunction- (optional) A function used to define aggregations as children of the one being created. This must be the last parameter set.
var body = bodybuilder().aggregation('terms', 'user').build()
// body == {
// aggregations: {
// agg_terms_user: {
// terms: {
// field: 'user'
// }
// }
// }
// }
Nested aggregations
To nest aggregations, pass a function as the last parameter in [arguments].
The function receives the recently built aggregation instance and is expected
to return an Object which will be assigned to .aggs on the current
aggregation. Aggregations in this scope behave like builders and you can call
the chainable method .aggregation([arguments]) on them just as you would on
the main bodybuilder.
var body = bodybuilder().aggregation('terms', 'code', {
order: { _term: 'desc' },
size: 1
}, agg => agg.aggregation('terms', 'name')).build()
// body == {
// "aggregations": {
// "agg_terms_code": {
// "terms": {
// "field": "code",
// "order": {
// "_term": "desc"
// },
// "size": 1
// },
// "aggs": {
// "agg_terms_name": {
// "terms": {
// "field": "name"
// }
// }
// }
// }
// }
//}
Suggestions
bodybuilder().suggest([arguments])
Creates a phrase or term suggestion.
Arguments
The specific arguments depend on the type of aggregation, but typically follow this pattern:
suggestionType- This can be eitherphraseorterm.fieldToAggregate- The name of the field in your index to suggest on.options- An object of fields to include in the suggestions.text- The query to run on our suggest field.name- A custom name for the suggest clause.analyzer- The name of an analyzer to run on a suggestion.- ... other suggest specific options, see typings or the ElasticSearch suggest docs for more info
var body = bodybuilder().suggest('term', 'user', { text: 'kimchy', 'name': 'user_suggest'}).build()
// body == {
// aggregations: {
// user_suggest: {
// text: 'kimchy',
// term: {
// field: 'user'
// }
// }
// }
// }
Combining queries, filters, aggregations, and suggestions
Multiple queries and filters are merged using the boolean query or filter (see Combining Filters).
var body = bodybuilder()
.query('match', 'message', 'this is a test')
.filter('term', 'user', 'kimchy')
.filter('term', 'user', 'herald')
.orFilter('term', 'user', 'johnny')
.notFilter('term', 'user', 'cassie')
.aggregation('terms', 'user')
.suggest('term', 'user', { text: 'kimchy' })
.build()
// body == {
// query: {
// bool: {
// must: {
// match: {
// message: 'this is a test'
// }
// },
// filter: {
// bool: {
// must: [
// {term: {user: 'kimchy'}},
// {term: {user: 'herald'}}
// ],
// should: [
// {term: {user: 'johnny'}}
// ],
// must_not: [
// {term: {user: 'cassie'}}
// ]
// }
// }
// },
// },
// aggs: {
// agg_terms_user: {
// terms: {
// field: 'user'
// }
// }
// }
// suggest_term_user: {
// text: 'kimchy',
// term: {
// field: 'user'
// }
// }
// }
Nesting Filters and Queries
It is even possible to nest filters, e.g. when some should and must filters have to be combined.
var body = bodybuilder()
.orFilter('term', 'author', 'kimchy')
.orFilter('bool', b => b
.filter('match', 'message', 'this is a test')
.filter('term', 'type', 'comment')
)
.build()
// body == {
// query: {
// bool: {
// filter: {
// bool: {
// should: [
// { term: { author: 'kimchy' } },
// { bool: { must: [
// { match: { message: 'this is a test' } },
// { term: { type: 'comment' } }
// ] } }
// ]
// }
// }
// }
// }
// }
Sort
Set a sort direction using sort(field, direction), where direction defaults to
ascending.
var body = bodybuilder()
.filter('term', 'message', 'test')
.sort('timestamp', 'desc')
.sort([{
"channel": {
"order": "desc"
}
}])
.sort([
{"categories": "desc"},
{"content": "asc"}
])
.build()
// body == {
// sort: [{
// "timestamp": {
// "order": "desc"
// }
// },
// {
// "channel": {
// "order": "desc"
// }
// },
// {
// "categories": {
// "order": "desc"
// }
// },
// {
// "content": {
// "order": "asc"
// }
// }
// ],
// query: {
// bool: {
// filter: {
// term: {
// message: 'test'
// }
// }
// }
// }
// }
Advanced usage: Set a sort configuration object for the given sort field with additional sort properties.
sort(field, { sort: 'asc', mode: 'min', ...})
From / Size
Set from and size parameters to configure the offset and maximum hits to be
returned.
var body = bodybuilder()
.filter('term', 'message', 'test')
.size(5)
.from(10)
.build()
// body == {
// size: 5,
// from: 10,
// query: {
// bool: {
// filter: {
// term: {
// message: 'test'
// }
// }
// }
// }
// }
Other Options
Set any other search request option using rawOption passing in the key-value
pair to include in the body.
var body = bodybuilder()
.filter('term', 'message', 'test')
.rawOption('_sourceExclude', 'verybigfield')
.build()
// body == {
// _sourceExclude: 'verybigfield',
// query: {
// bool: {
// filter: {
// term: {
// message: 'test'
// }
// }
// }
// }
// }
Test
Run unit tests:
npm test
Contributors
Thanks goes to these wonderful people (emoji key):
 Daniel Paz-Soldan 💻 📖 🚇 🤔 |  Nicolás Fantone 💻 ⚠️ |  Nauval Atmaja 💻 |  Ferron H 💻 ⚠️ 🐛 📖 |  Dave Cranwell 💻 |  Johannes Scharlach 💻 📖 🤔 |  Anton Samper Rivaya 💻 📖 |
|---|---|---|---|---|---|---|
 Suhas Karanth 💬 |  Jacob Gillespie 💻 |
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
An elasticsearch query body builder.
The npm package bodybuilder receives a total of 56,843 weekly downloads. As such, bodybuilder popularity was classified as popular.
We found that bodybuilder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 19 Jul 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025