Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Apache TinkerPop™ is a graph computing framework for both graph databases (OLTP) and graph analytic systems (OLAP). Gremlin is the graph traversal language of TinkerPop. It can be described as a functional, data-flow language that enables users to succinctly express complex traversals on (or queries of) their application's property graph.
Gremlin-Javascript implements Gremlin within the JavaScript language and can be used on Node.js and has experimental support for Web APIs compatible runtimes.
npm install gremlin
Gremlin-Javascript is designed to connect to a "server" that is hosting a TinkerPop-enabled graph system. That "server" could be Gremlin Server or a remote Gremlin provider that exposes protocols by which Gremlin-Javascript can connect.
A typical connection to a server running on "localhost" that supports the Gremlin Server protocol using websockets looks like this:
const gremlin = require('gremlin');
const traversal = gremlin.process.AnonymousTraversalSource.traversal;
const DriverRemoteConnection = gremlin.driver.DriverRemoteConnection;
const g = traversal().withRemote(new DriverRemoteConnection('ws://localhost:8182/gremlin'));
Once "g" has been created using a connection, it is then possible to start writing Gremlin traversals to query the remote graph:
g.V().hasLabel('person').values('name').toList()
.then(names => console.log(names));
const names = await g.V().hasLabel('person').values('name').toList();
console.log(names);
The Gremlin language allows users to write highly expressive graph traversals and has a broad list of functions that cover a wide body of features. The Reference Documentation describes these functions and other aspects of the TinkerPop ecosystem including some specifics on Gremlin in Javascript itself. Most of the examples found in the documentation use Groovy language syntax in the Gremlin Console. For the most part, these examples should generally translate to Javascript with little modification. Given the strong correspondence between canonical Gremlin in Java and its variants like Javascript, there is a limited amount of Javascript-specific documentation and examples. This strong correspondence among variants ensures that the general Gremlin reference documentation is applicable to all variants and that users moving between development languages can easily adopt the Gremlin variant for that language.
/* if we want to assign our own ID and properties to this vertex */
const { t: { id } } = gremlin.process;
const { cardinality: { single } } = gremlin.process;
/**
* Create a new vertex with Id, Label and properties
* @param {String,Number} vertexId Vertex Id (assuming the graph database allows id assignment)
* @param {String} vlabel Vertex Label
*/
const createVertex = async (vertexId, vlabel) => {
const vertex = await g.addV(vlabel)
.property(id, vertexId)
.property(single, 'name', 'Apache')
.property('lastname', 'Tinkerpop') // default database cardinality
.next();
return vertex.value;
};
/**
* List all vertexes in db
* @param {Number} limit
*/
const listAll = async (limit = 500) => {
return g.V().limit(limit).elementMap().toList();
};
/**
* Find unique vertex with id
* @param {Object} vertexId Vertex Id
*/
const findVertex = async (vertexId) => {
const vertex = await g.V(vertexId).elementMap().next();
return vertex.value;
};
/**
* Find vertices by label and 'name' property
* @param {String} vlabel Vertex label
* @param {String} name value of 'name' property
*/
const listByLabelAndName = async (vlabel, name) => {
return g.V().has(vlabel, 'name', name).elementMap().toList();
};
const { cardinality: { single } } = gremlin.process;
/**
* Update Vertex Properties
* @param {String,Number} vertexId Vertex Id
* @param {String} name Vertex Name Property
*/
const updateVertex = async (vertexId, label, name) => {
const vertex = await g.V(vertexId).property(single, 'name', name).next();
return vertex.value;
};
NOTE that versions suffixed with "-rc" are considered release candidates (i.e. pre-alpha, alpha, beta, etc.) and thus for early testing purposes only. These releases are not suitable for production.
FAQs
JavaScript Gremlin Language Variant
The npm package gremlin receives a total of 14,679 weekly downloads. As such, gremlin popularity was classified as popular.
We found that gremlin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.