Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
ci-node-query
Advanced tools
Readme
A node query builder for various SQL databases, based on CodeIgniter's query builder.
mysql2
)pg
)dblite
)npm install ci-node-query
(Versions 3.x and below work differently. Their documentation is here)
// Set the database connection details
const nodeQuery = require('ci-node-query')({
"driver": "mysql",
"connection": {
"host": "localhost",
"user": "test",
"password": "",
"database": "test"
}
});
// Get the query builder
const query = nodeQuery.getQuery();
// As of version 3.1.0, you can also get promises
// Version 5.0.0 removes all callback interfaces
const queryPromise = query.select('foo')
.from('bar')
.where('x', 3)
.orWhere({y: 2})
.join('baz', 'baz.boo = bar.foo', 'left')
.orderBy('x', 'DESC')
.limit(2, 3)
.get();
queryPromise.then(function(res) {
// Handle query results
});
As of version 4, all adapters return a standard result object, which looks similar to this:
// Result object
{
rows: [{
columnName1: value1,
columnName2: value2,
}],
columns: ['column1', 'column2'],
}
In addition to the rows, and columns properties,
the result object has two methods, rowCount
and columnCount
.
These methods return the number of rows and columns columns in the current result.
As of version 2, where
and having
type methods parse the values passed to look for function calls. While values passed are still passed as query parameters, take care to avoid passing these kinds of methods unfiltered input. SQL function arguments are not currently parsed, so they need to be properly escaped for the current database.
FAQs
A query builder for node based on the one in CodeIgniter
The npm package ci-node-query receives a total of 0 weekly downloads. As such, ci-node-query popularity was classified as not popular.
We found that ci-node-query demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.