Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A browser-based LevelDOWN adapter that works over all IndexedDB implementations, including Apple's
A browser-based LevelDOWN adapter that works over all implementations of IndexedDB, including Apple's buggy version.
This is designed for environments where you can't use WebSQL as a polyfill for Safari browsers, such as:
This project is intended for use with the Level ecosystem, including as a PouchDB adapter (coming soon).
npm install fruitdown
Tested in:
IndexedDB support is pretty awful these days. Every browser except for Chrome and Firefox has tons of bugs, but Safari's are arguably the worst. While there are well-known workarounds for Microsoft's bugs, most IndexedDB wrappers just gave up and didn't support Apple IndexedDB. PouchDB, LocalForage, YDN-DB, Lovefield, Dexie, and Level.js all either fall back to WebSQL or recommend that you use the IndexedDBShim.
This library is different. It does all the weird backflips you have to do to support Apple IndexedDB.
This project is a fork of localstorage-down. It uses a tiny subset of the IndexedDB API – just those parts that are supported in Firefox, Chrome, Safari, and IE. The #1 goal is compatibility with as many browsers as possible. The #2 goal is performance.
Only one object store is ever opened, because Apple's implementation does not allow you to open more than one at once. So presumably you would use something like level-sublevel to prefix keys. Also every operation is its own transaction, so you should not count on standard IndexedDB transaction guarantees, even when you use batch()
. However, internally the lib does its own batching, and supports snapshots.
All keys are kept in memory, which is bad for memory usage but actually a win for performance, since IDBCursors are slow. However, the database creates two indexes, because 1) the primary index does not support openKeyCursor()
per the IndexedDB 1.0 spec, and we want to use it to avoid reading in large values during key iteration, but 2) secondary indexes do not correctly throw ConstraintErrors in Safari. So unfortunately there's a superfluous extra index. ¯\_(ツ)_/¯
Another limitation is that both keys and values are converted to strings before being stored. So instead of efficiently using Blobs or even JSON objects, binary strings are stored instead. This is okay, though, because Chrome < 43 (and therefore pre-Lollipop Android) does not store Blobs correctly, and Safari doesn't support Blob storage either.
To avoid concurrency bugs in IE/Edge, this project borrows PouchDB's system of maintaining a global cache of databases and only ever using one database per name.
FruitDOWN supports any browser that has IndexedDB, even those with partial support. Notably:
The buggy Samsung/HTC IndexedDB variants based on an older version of the IndexedDB spec, which you will occasionally find in Android 4.3, are not supported.
Apple have pledged to fix IndexedDB. When they do, you should stop using this library and use Level.js or another IndexedDB wrapper instead.
npm run dev
Browse to http://localhost:9966. View console logs in the browser to see test output.
Browser:
BROWSER=firefox npm test
BROWSER=chrome npm test
FakeIndexedDB in Node:
npm run test-fakeindexeddb
PhantomJS tests:
npm run test-phantom
Thanks to Anton Whalley, Adam Shih and everybody else who contributed to localstorage-down. Also thanks to everybody who worked on PouchDB, where most of these IndexedDB bugs were discovered.
FAQs
A browser-based LevelDOWN adapter that works over all IndexedDB implementations, including Apple's
We found that fruitdown demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.