Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
couch-admin
Advanced tools
A library to manage users for CouchDB.
You will need:
Simply go to terminal and type:
npm install couch-admin
Feel free to look at examples below to see how easy it is to use this library!
var admin = require('couch-admin')({
url: 'http://localhost:5984',
user: 'admin',
pass: 'mysecretpassword'
user_db: '_users', // Optional
});
admin.createUser('leander', 'unhackable password', function (err) {
// Added a user!
})
admin.changePassword('leander', 'new unhackable password', function (err) {
// Changed the password for leander.
})
admin.createDatabase('my_documents', function (err) {
// New database called 'my_documents' created!
})
admin.grantMembership('leander', 'my_documents', function (err) {
// User 'leander' was given membership access to my_documents.
})
admin.revokeMembership('leander', 'my_documents', function (err) {
// User 'leander' is no longer a member of my_documents :(
})
admin.grantAdmin('leander', 'my_documents', function (err) {
// User 'leander' was given admin access to my_documents.
})
admin.revokeAdmin('leander', 'my_documents', function (err) {
// User 'leander' is no longer an admin of my_documents :(
})
admin.removeUser('leander', function (err) {
// User 'leander' was deleted :(
})
admin.removeDatabase('my_documents', function (err) {
// Database 'my_documents' was deleted :(
})
Unless otherwise specified, cb
is a callback that contains errors in its first parameter, and
response as its second. The response comes from CouchDB, and varies depending on the call. Feel
free to learn more about these calls at the resources linked below.
The URL to the CouchDB instance. (default: http://localhost:5984
)
The username for the admin of the CouchDB instance. (default: admin
)
The password for the admin of the CouchDB instance. (default: mysecretpassword
)
The user id prefix for users. (default: org.couchdb.user
)
The database name for the authentication db of the CouchDB instance. (default: _users
)
The database name for the config db of the CouchDB instance. (default: _config
)
The database name for the session db of the CouchDB instance. (default: _session
)
Gets the user with the given username.
Verifies that the username/password combination is valid.
Adds a user with the given username and password.
Edits the username to have a new password.
Removes the user with the given username.
Adds a database (initially with no permissions.)
Removes the database.
Adds username as a member of the database. Members will have read/write access to the data in the database, but cannot change the design docs.
Adds username as an admin of the database. Admins will have read/write access to the data in the database, and also be able to add, edit and remove design docs.
Removes username as a member of the database.
Removes username as an admin of the database.
Feel free to file an issue if you notice there are problems, and submit pull requests to contribute to this simple little library!
FAQs
Node.js library to manage users on CouchDB.
The npm package couch-admin receives a total of 3 weekly downloads. As such, couch-admin popularity was classified as not popular.
We found that couch-admin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.