Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
lambdaorm
Advanced tools
λORM is an ORM that allows us to perform distributed queries on different database engines.
In λORM, queries are defined using lambda expressions based on a domain model which abstracts us from the infrastructure. For example, in a query you can obtain or modify records from different entities, where some persist in MySQL, others in Postgres, and others in Mongo.
λORM allows you to define different scenarios for the same domain. For example, in one scenario, the infrastructure may consist of distributed instances across SQL Server, MongoDB, and Oracle, while in another scenario it may be a single Postgres instance. This allows the CQRS pattern to be implemented through configuration, without needing to write a single line of code. view example
In addition to being used as a Node.js library, it can be consumed from a command line interface (CLI), a REST service, or a REST service client in other programming languages.
Example of a query where orders and their details associated with a customer are obtained:
// Define a query that returns a list of product categories along with the maximum price of each category.
// Filter products based on price and supplier's country or stock availability
// Group products by category and calculate the maximum price
// Map each product to an object with category name and maximum price
// Sort the products by largest price in descending order
const query = (country: string) => Products
.filter(p => (p.price > 5 && p.supplier.country == country) || (p.inStock < 3))
.having(p => max(p.price) > 50)
.map(p => ({ category: p.category.name, largestPrice: max(p.price) }))
.sort(p => desc(p.largestPrice));
// Execute the query using the ORM with the specified country parameter
const result = await orm.execute(query, { country: 'ARG' });
The include clause is used, which allows us to bring records from different entities in the same execution:
// Filters orders based on the provided ID and includes details and customers
Orders.filter(p => p.id == id).include(p => [p.details,p.customer])
view: queries select join grouping include inserts bulkInsert update delete repository metadata usage metadata
Through the schema, you can define entities, enumerations, indexes, unique keys, default values, constraints, mapping, sources, stages, listeners, etc. The schema can be defined in a JSON or YAML format. Conditions or actions are performed using the same expression language that is used to define queries.
view: definition use expressions environment Variables composite listener multiple stages multiple sources push pull fetch introspect incorporate
Would you like to contribute? Read our contribution guidelines to learn more. There are many ways to help!
Full documentation is available in the Wiki.
You can access various labs at lambdaorm labs
FAQs
ORM
The npm package lambdaorm receives a total of 35 weekly downloads. As such, lambdaorm popularity was classified as not popular.
We found that lambdaorm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.