Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
By Sarah Gooding - Sep 30, 2024
larvitdb
DB pool wrapper for node.js This module is used to share a mysql/mariadb pool of connections between modules, classes, files etc.
It also logs with winston if there is a database error, so you do not need to fetch the database error manually each time.
Installation
npm i larvitdb
Usage
The module must first be required and then configured. Make this in your main application file:
const db = require('larvitdb');
db.setup({
'connectionLimit': 10,
'socketPath': '/var/run/mysqld/mysqld.sock',
'user': 'foo',
'password': 'bar',
'charset': 'utf8_general_ci',
'supportBigNumbers': true,
'database': 'my_database_name'
});
See list of native options here. Then you can just require the module in your other files for usage, like this:
A direct query
const db = require('larvitdb');
db.query('SELECT 1 + 1 AS solution', function(err, rows, fields) {
console.log('dbmodel: The solution is: ', rows[0].solution);
});
Or, if a connection is needed:
const db = require('larvitdb');
db.pool.getConnection(function(err, dbCon) {
const sql = 'SELECT * FROM users WHERE username LIKE ' + dbCon.escape(postData);
dbCon.query(sql, function(err, rows) {
dbCon.release(); // Always release your connection when the query is done
if (err)
throw err;
});
});
You dont need to get a connection to escape though. You can do like this:
const db = require('larvitdb');
db.query('SELECT * FROM users WHERE id = ?', [userId], function(err, results) {
// ...
});
Advanced configuration - recoverable errors
Sometimes recoverable errors happend in the database. One such example is deadlocks in a cluster. Here we'll provide an example of how to make the database layer retry a query 5 times if a deadlock happends, before giving up.
const db = require('larvitdb');
db.setup({
'connectionLimit': 10,
'socketPath': '/var/run/mysqld/mysqld.sock',
'user': 'foo',
'password': 'bar',
'charset': 'utf8_general_ci',
'supportBigNumbers': true,
'database': 'my_database_name',
'retries': 5, // Defaults to 3 if omitted
'recoverableErrors': ['PROTOCOL_CONNECTION_LOST', 'ER_LOCK_DEADLOCK'] // What error codes to retry, these are the defaults
});
// If this query fails with a deadlock, it will be retried up to 5 times.
// On each retry a warning will be logged with winston
// If the 5th retry fails, an error will be logged and the callback will be called with an error
db.query('DELETE FROM tmpTable LIMIT 10');
Advanced configuration - long running queries
By default a warning is logged if a query runs longer than 10k ms (10 seconds). This number can be tweaked like this for 20 seconds:
db.setup({
...
'longQueryTime': 20000
});
or like this to disable the warnings:
db.setup({
...
'longQueryTime': false
});
## Custom functions
### Remove all tables from current database
This function will clean the current database from all tables.
```javascript
const db = require('larvitdb');
db.removeAllTables();
FAQs
DB wrapper module for node.js
The npm package larvitdb receives a total of 52 weekly downloads. As such, larvitdb popularity was classified as not popular.
We found that larvitdb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 05 Jun 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Malicious “express-dompurify” npm Package Steals Browser and Cryptocurrency Wallet Data
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
By Socket Research Team - Sep 27, 2024
Security News
ENISA 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply Chain Attacks on Open Source Software
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
By Sarah Gooding - Sep 27, 2024