
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
hapi-sequelize-models
Advanced tools
This is a Hapi plugin to load your sequelize models. Your models should be defined so that
they can be imported by sequelize. The plugin itself will not require Sequelize
,
instead you have to pass it in as an option.
import HapiSequelizeModels from 'hapi-sequelize-models';
import Sequelize from 'sequelize';
const mysqlConfig = {
username: process.env.MYSQL_USER,
password: process.env.MYSQL_PASSWORD,
options: {
host: process.env.MYSQL_HOST,
dialect: 'mysql',
},
};
return server
.register({
plugin: HapiSequelizeModels,
options: {
Sequelize,
connections: [
{
...mysqlConfig,
database: 'test',
models: [
{
name: 'test',
model: require('../models/test'),
},
{
name: 'test2',
model: require('../models/test2'),
},
],
},
{
...mysqlConfig,
database: 'test2',
models: [
{
name: 'xxx',
model: require('../models/xxx'),
},
],
},
],
},
})
.then(() => {
console.log('plugin registered');
})
.catch(err => {
console.error('registering plugin failed:', err);
});
const handler = {
handleRequest(request, reply) {
const { models } = request.server.plugins['hapi-sequelize-models'];
return models.test.findAll().then(reply);
},
};
Sequelize
- sequelize npm module (require('sequelize')
)[connections = []]
- optional list of connection definitions
database
- database name or database uri[username]
- optional database user name[password]
- optional database user password[options = {}]
- optional sequelize options
[host]
- optional database host[dialect]
- optional database dialect[logging = (...msg) => server.log(['trace'], ...mgs)]
- optional logging function[models]
- list of objects with the following properties:
name
- name of the modelmodel
- the model definition to load with sequelizeModels should be defined so that they can be imported using sequelize.import. For convenience
a .connection()
function is attached to each model, to access its underlying sequelize connection.
Also models will be available using server.plugins['hapi-sequelize-models'].models.<name>
where <name>
is the name of the model specified in the config.
const handler = (request, h) => {
const { models } = request.server.plugins['hapi-sequelize-models'];
const sequelize = models.test.connection();
const data = await sequelize.query('SELECT * FROM *');
// ...
};
After all models are loaded, the plugin iterates through all of them to check if an associate
function was
defined. If so it calls it with all models
. The assoication must then happen within that function.
export default const defineUser = (sequelize, DataTypes) =>
sequelize.define(
'User',
{
id: DataTypes.INTEGER,
},
{
classMethods: {
associate(models) {
models.user.belongsTo(models.test);
},
},
},
);
npm prune && npm install
npm test
FAQs
hapi sequelize model loader plugin
We found that hapi-sequelize-models demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.