Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
hapi-sequelize-orm
Advanced tools
Hapi Sequelize ORM
A Hapijs (v17+) plugin for relational databases using Sequelize
Installation
# npm
npm install hapi-sequelize-orm
# yarn
yarn add hapi-sequelize-orm
Depending on which database(s) you will work with, you will need one or more of these
# Postgres
npm install pg pg-hstore
yarn add pg pg-hstore
# MySQL
npm install mysql2
yarn add mysql2
# SQLite
npm install sqlite3
yarn add sqlite3
# MS SQL
npm install tedious
yarn add tedious
Options
Database options are passed as a javascript object with the following structure:
{
models: {},
...sequelizeOpts
}
- models: object where each key has a Model Definition
- sequelizeOpts: same as described by Sequelize docs
Model Definition
Models are javascript objects with the following properties:
requiredname: A string that will be used to register the modelrequireddefinition: an object following the Sequelize models definitionoptionaloptions: an object following the Sequelize model configuration. This controls the table behavior, like fields with urderscore, timestamps, etc.optionalassociations: an array of objects with the following properties:requiredtype: The association type. TheASSOCIATION_TYPESvariable that comes with this library is a direct export ofsequelize.DataTypes.requiredtarget: the name of the target model.optional | requiredoptions: an object that defines the specific association. See Sequelize Associations for more details.
Example
// user.js | User Model
import { ASSOCIATION_TYPES, DATA_TYPES } from 'hapi-sequelize-orm';
export default {
name: 'User',
definition: {
id: {
type: DATA_TYPES.STRING,
primaryKey: true
},
name: DATA_TYPES.STRING,
lastname: DATA_TYPES.STRING,
email: {
type: DATA_TYPES.STRING,
unique: true
}
},
associations: [
{
type: ASSOCIATION_TYPES.belongsToMany,
target: 'Job',
options: {
through: 'UserJob'
}
}
]
};
Usage
You can either implement this as a HapiJS plugin (intended) or as a standalone using the Orm class directly.
HapiJS Plugin
The plugin approach allows you to connect to multiple databases and access them from a single point, which is the plugin itself.
// File where you register your plugins
import { plugin as ormPlugin } from 'hapi-sequelize-orm';
// other plugins
await server.register({
plugin: ormPlugin,
options: {
databases: {
bookstore: {
models: {/* model definitions */},
database: 'bookstore',
username: 'dev',
password: '123456',
dialect: 'mysql'
},
statistics: {
models: {/* model definitions */},
database: 'stats',
username: 'dev',
password: '123456',
dialect: 'postgres'
},
}
}
});
// Handler
import { QUERY_TYPES } from 'hapi-sequelize-orm';
server.route({
method:'GET',
path:'/books',
handler: function (request) {
const database = request.server['hapi-sequelize-orm'].getDb('bookstore');
const books = await database.query('SELECT * FROM books', { raw: true, type: QUERY_TYPES.SELECT });
// QUERY_TYPES is a direct export of sequelize.QueryTypes
return books;
}
});
Standalone
The standalone approach is almost the same as the plugin one. You would create a new instance of the Orm class with a single database configuration object (see Options) and then use the database. You could also test the connection and/or invoke the init() method just to be sure that you can connect to the database. You are in control.
The difference here is that you would need to expose the implementation through your own plugin (you can see the plugin implementation for reference) or instantiate a new database connection across your API everytime you need to perform a query.
// Handler
import { Orm, QUERY_TYPES } from 'hapi-sequelize-orm';
import dbOpts from 'path/to/config/dbOpts';
server.route({
method:'GET',
path:'/books',
handler: function (request) {
const database = new Orm(dbOpts);
const books = await database.query('SELECT * FROM books', { raw: true, type: QUERY_TYPES.SELECT });
// QUERY_TYPES is a direct export of sequelize.QueryTypes
return books;
}
});
Disclaimer
I created this library to avoid the copy/paste across personal projects where I interact with relational databases.
If you find it useful and have any feedback / issue / improvement in mind, create an issue describing it. I'm open to discussion.
FAQs
Sequelize plugin for HapiJS (v17+)
The npm package hapi-sequelize-orm receives a total of 5 weekly downloads. As such, hapi-sequelize-orm popularity was classified as not popular.
We found that hapi-sequelize-orm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 Apr 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025