Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
System libraries:
On Debian/Ubuntu linux you can install it as follows:
sudo apt-get install g++ zlib1g zlib1g-dev
Installation from node package manager on linux/macos:
npm install .
Installing EJDB NodeJS module on windows
Open database. Return database instance handle object.
Default open mode: JBOWRITER | JBOCREAT
.
This is blocking function.
Arguments
[openMode=JBOWRITER | JBOCREAT]
Bitmast of open modes:
- JBOREADER
Open as a reader.
- JBOWRITER
Open as a writer.
- JBOCREAT
Create if db file not exists
- JBOTRUNC
Truncate db.Close database.
If database was not opened it does nothing.
This is blocking function.
Automatically creates new collection if it does't exists.
Collection options copts
applied only for newly created collection.
For existing collections copts
takes no effect.
Collection options (copts):
This is blocking function.
Arguments
[copts]
Collection options.Drop collection.
Call variations:
dropCollection(cname)
dropCollection(cname, cb)
dropCollection(cname, prune, cb)
Arguments
[prune=false]
If true the collection data will erased from disk.[cb]
Callback args: (error)Save/update specified JSON objects in the collection.
If collection with cname
does not exists it will be created.
Each persistent object has unique identifier (OID) placed in the _id
property.
If a saved object does not have _id
it will be autogenerated.
To identify and update object it should contains _id
property.
If callback is not provided this function will be synchronous.
Call variations:
save(cname, <json object>|<Array of json objects>, [options] [cb])
save(cname, <json object>|<Array of json objects>, [cb])
NOTE: Field names of passed JSON objects may not contain $
and .
characters,
error condition will be fired in this case.
Arguments
[cb]
Callback args: (error, {Array} of OIDs for saved objects)Return
Loads JSON object identified by OID from the collection. If callback is not provided this function will be synchronous.
Arguments
obj
: Retrieved JSON object or NULL if it is not found.Return
Removes JSON object from the collection. If callback is not provided this function will be synchronous.
Arguments
Supported queries:
- Simple matching of String OR Number OR Array value:
- {'fpath' : 'val', ...}
- $not Negate operation.
- {'fpath' : {'$not' : val}} //Field not equal to val
- {'fpath' : {'$not' : {'$begin' : prefix}}} //Field not begins with val
- $begin String starts with prefix
- {'fpath' : {'$begin' : prefix}}
- $gt, $gte (>, >=) and $lt, $lte for number types:
- {'fpath' : {'$gt' : number}, ...}
- $bt Between for number types:
- {'fpath' : {'$bt' : [num1, num2]}}
- $in String OR Number OR Array val matches to value in specified array:
- {'fpath' : {'$in' : [val1, val2, val3]}}
- $nin - Not IN
- $strand String tokens OR String array val matches all tokens in specified array:
- {'fpath' : {'$strand' : [val1, val2, val3]}}
- $stror String tokens OR String array val matches any token in specified array:
- {'fpath' : {'$stror' : [val1, val2, val3]}}
- $exists Field existence matching:
- {'fpath' : {'$exists' : true|false}}
- $icase Case insensitive string matching:
- {'fpath' : {'$icase' : 'val1'}} //icase matching
Ignore case matching with '$in' operation:
- {'name' : {'$icase' : {'$in' : ['tHéâtre - театр', 'heLLo WorlD']}}}
For case insensitive matching you can create special type of string index.
- $elemMatch The $elemMatch operator matches more than one component within an array element.
- { array: { $elemMatch: { value1 : 1, value2 : { $gt: 1 } } } }
Restriction: only one $elemMatch allowed in context of one array field.
- $and, $or joining:
- {..., $and : [subq1, subq2, ...] }
- {..., $or : [subq1, subq2, ...] }
Example: {z : 33, $and : [ {$or : [{a : 1}, {b : 2}]}, {$or : [{c : 5}, {d : 7}]} ] }
- Mongodb $(projection) operator supported. (http://docs.mongodb.org/manual/reference/projection/positional/#proj._S_)
- Mongodb positional $ update operator supported. (http://docs.mongodb.org/manual/reference/operator/positional/)
- Queries can be used to update records:
$set Field set operation.
- {.., '$set' : {'field1' : val1, 'fieldN' : valN}}
$upsert Atomic upsert. If matching records are found it will be '$set' operation,
otherwise new record will be inserted with fields specified by argment object.
- {.., '$upsert' : {'field1' : val1, 'fieldN' : valN}}
$inc Increment operation. Only number types are supported.
- {.., '$inc' : {'field1' : number, ..., 'field1' : number}
$unset Field removal operation.
- {.., '$unset':{'fpath1':true,'fpathN':true}}
$dropall In-place record removal operation.
- {.., '$dropall' : true}
$addToSet Atomically adds value to the array only if its not in the array already.
If containing array is missing it will be created.
- {.., '$addToSet' : {'fpath' : val1, 'fpathN' : valN, ...}}
$addToSetAll Batch version if $addToSet
- {.., '$addToSetAll' : {'fpath' : [array of values to add], ...}}
$pull Atomically removes all occurrences of value from field, if field is an array.
- {.., '$pull' : {'fpath' : val1, 'fpathN' : valN, ...}}
$pullAll Batch version of $pull
- {.., '$pullAll' : {'fpath' : [array of values to remove], ...}}
NOTE: It is better to execute update queries with `$onlycount=true` hint flag
or use the special `update()` method to avoid unnecessarily rows fetching.
NOTE: Negate operations: $not and $nin not using indexes
so they can be slow in comparison to other matching operations.
NOTE: Only one index can be used in search query operation.
NOTE: If callback is not provided this function will be synchronous.
QUERY HINTS (specified by `hints` argument):
- $max Maximum number in the result set
- $skip Number of skipped results in the result set
- $orderby Sorting order of query fields.
- $onlycount true|false If `true` only count of matching records will be returned
without placing records in result set.
- $fields Set subset of fetched fields
If a field presented in $orderby clause it will be forced to include in resulting records.
Example:
hints: {
"$orderby" : { //ORDER BY field1 ASC, field2 DESC
"field1" : 1,
"field2" : -1
},
"$fields" : { //SELECT ONLY {_id, field1, field2}
"field1" : 1,
"field2" : 1
}
}
Many C API query examples can be found in `tcejdb/testejdb/t2.c` test case.
To traverse selected records cursor object is used:
- Cursor#next() Move cursor to the next record and returns true if next record exists.
- Cursor#hasNext() Returns true if cursor can be placed to the next record.
- Cursor#field(name) Retrieve value of the specified field of the current JSON object record.
- Cursor#object() Retrieve whole JSON object with all fields.
- Cursor#reset() Reset cursor to its initial state.
- Cursor#length Read-only property: Number of records placed into cursor.
- Cursor#pos Read/Write property: You can set cursor position: 0 <= pos < length
- Cursor#close() Closes cursor and free cursor resources. Cursor cant be used in closed state.
Call variations of find():
- find(cname, [cb])
- find(cname, qobj, [cb])
- find(cname, qobj, hints, [cb])
- find(cname, qobj, qobjarr, [cb])
- find(cname, qobj, qobjarr, hints, [cb])
Arguments
[orarr]
Array of additional OR query objects (joined with OR predicate).[hints]
JSON object with query hints.cursor
: Cursor object to traverse records
qobj count
: Total number of selected recordsReturn
$onlycount
hint is set returns count {Number}.$onlycount
hint returns cursor {Object}.Call variations of findOne():
findOne(cname, [cb])
findOne(cname, qobj, [cb])
findOne(cname, qobj, hints, [cb])
findOne(cname, qobj, qobjarr, [cb])
findOne(cname, qobj, qobjarr, hints, [cb])
Arguments
[orarr]
Array of additional OR query objects (joined with OR predicate).[hints]
JSON object with query hints.obj
Retrieved JSON object or NULL if it is not found.Return
$set
Field set operation:
$upsert
Atomic upsert. If matching records are found it will be '$set' operation,
otherwise new record will be inserted with fields specified by argment object.
$inc
Increment operation. Only number types are supported.
$unset
In-place field removal operation.
$dropall
In-place record removal operation.
$addToSet
| $addToSetAll
Atomically adds value to the array only if its not in the array already.
If containing array is missing it will be created.
$pull
| pullAll
Atomically removes all occurrences of value from field, if field is an array.
Call variations of update():
update(cname, [cb])
update(cname, qobj, [cb])
update(cname, qobj, hints, [cb])
update(cname, qobj, qobjarr, [cb])
update(cname, qobj, qobjarr, hints, [cb])
Arguments
[orarr]
Array of additional OR query objects (joined with OR predicate).[hints]
JSON object with query hints.count
The number of updated records.Return
Call variations of count():
count(cname, [cb])
count(cname, qobj, [cb])
count(cname, qobj, hints, [cb])
count(cname, qobj, qobjarr, [cb])
count(cname, qobj, qobjarr, hints, [cb])
Arguments
[orarr]
Array of additional OR query objects (joined with OR predicate).[hints]
JSON object with query hints.count
: Number of matching records.Return
Arguments
Arguments
[cb]
Optional callback function. Callback args: (error)Arguments
[cb]
Optional callback function. Callback args: (error)Ensure index presence of String|Number|Array type for JSON field path.
IString
is the special type of String index for case insensitive matching.
Arguments
[cb]
Optional callback function. Callback args: (error)Rebuild index of String|Number|Array type for JSON field path.
IString
is the special type of String index for case insensitive matching.
Arguments
[cb]
Optional callback function. Callback args: (error)Drop index of String|Number|Array type for JSON field path.
IString
is the special type of String index for case insensitive matching.
Arguments
[cb]
Optional callback function. Callback args: (error)To install nodejs ejdb binding you need:
npm install tar.gz nan
package (because it needed during installation process)Then start MSVC cmd window and run:
`npm install .`
FAQs
EJDB - Embedded JSON Database engine
The npm package ejdb receives a total of 123 weekly downloads. As such, ejdb popularity was classified as not popular.
We found that ejdb demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.