Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Getting an overview of your Jamstack Markdown files.
Play with: https://peterbe.github.io/docsql/
You're supposed to run docsQL
with your own projects Markdown files. This
demo uses a subset of the content behind GitHub Docs.
You give the CLI program one or more directories that contain Markdown files. Most of the time it's just one directory; where your jamstack website files are.
Each file is opened and the front-matter becomes the key-value pairs that you
can later query. I.e. if you have a front-matter key called title
you'll be able to query SELECT title FROM ? WHERE title ILIKE "%peterbe%"
.
The content is not included in the database. That would make the searchable
database too big.
Additionally, plugins are executed for each file. There are built-in plugins
and there are plugins you write and point to yourself.
One of the built-in plugins is called commonheadings.mjs
and it counts
the number of ##
and ###
rows there are in the content so you can
query SELECT h2s, h3s, h2s+h3s AS combined FROM ? ORDER BY 3 DESC
.
To specify your own plugins for your particular project, see the section on "Plugins".
npx docsql /path/to/my/project/with/lots/of/markdown/files
git
clone)export CONTENT_SOURCES=/path/to/my/project/with/lots/of/markdown/files
npm run run
echo CONTENT_SOURCES=/path/to/my/project/with/lots/of/markdown/files >> .env
npm run dev
The built-in plugins are can be found in the source code (TODO: add link). These are hopefully generic enough and useful enough for most people.
To write your own plugin, you create a .mjs
file. Your .mjs
files
just need to export a default function that returns an object. Best
demonstrated with an example:
my-docsql-plugins
.my-docsql-plugins/chocolate-icecream-mentions.mjs
const regex = /💩/g;
export default function countCocoIceMentions({ data, content }) {
const inTitle = (data.title.match(regex) || []).length;
const inBody = (content.match(regex) || []).length;
return {
chocolateIcecreamMentions: inTitle + inBody,
};
}
The name of the function isn't important. You could have used
export default function whatever(
. What is important is that you
get a context object that contains the keys data
and content
.
And it's important you return an object with keys and values that
make sense to search on. You can even return a namespace which
you can search on as if it was JSON.
Now start the CLI with --plugins my-docsql-plugins
and your new plugin
will be included. Once the server starts, you can click "Open help"
in the web interface and expect to see it mentioned there. With this,
you can now run:
SELECT _file, chocolateIcecreamMentions FROM ? WHERE chocolateIcecreamMentions > 0
Instead of passing --plugins my-plugins --plugins /my/other/custom-plugins
you can equally set the environment variable:
# Example of setting plugins directories
DOCSQL_PLUGINS="myplugins, /my/other/custom-plugins"
_url
Here's an example plugin that speaks for itself:
// In /path/to/my/custom/plugins
export default function getURL({ _file }) {
const pathname = _file.replace(/\.md$/, '')
return {
_url: `https://example.com/${pathname}`,
local_url: `https://localhost:4000/${pathname}`,
}
}
Because the keys end with _url
these are treated as external
hyperlinks in the UI when queried. For example:
SELECT _url, local_url FROM ? ORDER BY RANDOM() LIMIT 10
At the moment, the best way is that one of you writes some plugins that
suites your content. Once that works well, you can either zip up that
directory and share with your team. Or, you can simply create a
git
repo and put them in there.
wordcount.mjs
which is really basic. If you don't like it, write
your own plugin that returns a key called wordCount
and it will
override the built-in computation.If you have an environment variable called EDITOR
set, and you make a
query that includes the key _file
it will make that a clickable link,
which when running on localhost
will open that file on your computer.
A lot of systems have a default $EDITOR
which might be something
terminal based, like nano
. If you, for example, what your files to
open in VS Code you can set:
echo EDITOR=code >> .env
Simple query
Saved queries
Open help
Example queries help you learn
Pre- pretty format
Post- pretty format
Less trivial query
URLs become clickable links
Dark mode
Export by downloading
Downloaded JSON file
Downloaded CSV file
Click to open in your local editor (only when running on localhost)
Automatically opened in VS Code (only when running on localhost)
Write your own plugins (to generate columns)
Icon by Yannick Lung
FAQs
Getting an overview of your Jamstack Markdown files.
The npm package docsql receives a total of 4 weekly downloads. As such, docsql popularity was classified as not popular.
We found that docsql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.