npm install --save gitback
GitBack is a (currently experimental) attempt to use Git as a datastore for NodeJS. Data is stored as files (generally JSON documents) inside a Git repository, and is exposed via a RESTful API. This may seem insane, and it many ways it is. But there are a number of positives.
We get, for free:
That last point is particularly important if you want to collaborate with less-technical folks. What would normally involve database queries can now be done in a point-and-click interface.
git pull to keep the local repository in line with the remoteSo when should you use GitBack, and when should you use a more traditional datastore?
Use GitBack if:
DON'T use GitBack if:
GitBack is great for small projects, or for getting an idea off the ground quickly. It doesn't scale well at all, but we're working on ways to export to and sync with a MongoDB instance.
As an example, I'm maintaining my blog using GitBack. You can see the repository here
{
access: {
get: 'all',
post: 'all',
}
}
$ npm install express gitback
./server.js
var App = require('express')();
var GitBack = require('gitback');
var DB = new GitBack({
directory: __dirname + '/database',
remote: "https://username:password@github.com/username/repository.git",
refreshRate: 30000, // Check remote for changes every 30s
});
DB.initialize(function(err) {
App.use('/api', DB.router);
});
App.listen(3000);
$ node server.js &
$ curl -X POST localhost:3000/api/myCollection -d '{"id": "foo", "bar": "baz"}' -H "Content-Type: application/json"
{"success": true}
$ curl localhost:3000/api/myCollection
[{"id": "foo", "bar": "baz"}]
You'll see the changes immediately reflected in the repository you created in step 1.
You'll need to make sure your machine has read and write access to the repository. There are a few strategies for this:
The best way to do this is to use an environment variable:
export GITBACK_REMOTE_URL="https://username:password@github.com/username/repository.git"
var GitBack = require('gitback');
var DB = new GitBack({
directory: __dirname + '/database',
remote: process.env.GITBACK_REMOTE_URL,
});
Git provies a way for you to permanently stash your credentials on the current machine
var GitBack = require('gitback');
var DB = new GitBack({
directory: __dirname + '/database',
remote: 'https://github.com/username/repository.git',
});
Probably the most secure option. Deploy keys are specific to a particular repository, so if they're compromised attackers won't have access to your whole account. Be sure to enable write access.
var GitBack = require('gitback');
var DB = new GitBack({
directory: __dirname + '/database',
remote: 'git@github.com:username/repository.git',
});
For each collection in the datastore, we'll have:
./{collection}.js - a file that describes the collection, e.g. it's schema and access control./{collection}/ - a directory containing all the items in the collection./{collection}/{itemID}/ - a directory containing the all the data for a particular item./{collection}/{itemID}/_item.json - the JSON describing the details of the item.We can also associate additional data with the item by adding files to its folder.
Here's an example:
./
pets.js
pets/
Rover/
_item.json
photo.png
Spot/
_item.json
photo.png
Let's have a look at pets.js, which tells us about the collection:
./pets.js
{
id: "name",
schema: {
type: "object",
properties: {
name: {type: "string"},
age: {type: "number"},
type: {type: "string"},
owners: {type: "array", items: {type: "string"}},
}
additionalProperties: false,
},
attachments: {
photo: {
extension: 'png',
strategy: 'link',
}
},
access: {
get: "all",
post: "all",
},
}
There's a lot going on here. Let's take it field by field.
id: This specifies the field to use as a unique id for this collection. Default is 'id'.schema: JSON schema for validating new items. You can leave this unspecified if you want to accept arbitrary JSON.attachments: Additional files that will be stored alongside _item.json. strategy can be one of
access: GitBack will expose a RESTful API for manipulating your database. You can set access control for each HTTP verb to 'all' to grant world access, or to a function that validates the request (see 'Authentication' below). The verbs are:
Contributions, issues, and pull requests are welcome!
FAQs
An API that uses git as a backend
We found that gitback demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.