Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A lib to create and manage local db files and data, whit a simple send and get system,
save any data, html content, js objects and arrays, json, some texts, anything.
const ldb = require('ldbjs');
ldb.createDB('.', 'myDB'); // optional callback
And your db are created.
const ldb = require('ldbjs');
ldb.createDB('.', 'myDB'); // optional callback
ldb.createDBFile('.', 'myDB', 'myDBFile'); // optional callback
The file extension are .ldb.
const ldb = require('ldbjs');
ldb.createDB('.', 'myDB');
ldb.createDBFile('.', 'myDB', 'myDBFile');
let myData = 'Hello World!';
ldb.sendData('.', 'myDB', 'myDBFile', myData, ()=>{
// this callback is optional
console.log(`${myData} as been sended to my ldb DB!`);
});
Sent data is saved exactly as sent
const ldb = require('ldbjs');
ldb.getData('.', 'myDB', 'myDBFile', (data)=>{ // use callback
console.log(data);
});
The returned value is the data of the file.
This function is used only with a callback to get the parameter.
const ldb = require('ldbjs');
// ldb.dir is the project location
ldb.createDB(ldb.dir, 'db');
ldb.createDBFile(ldb.dir, 'db', 'test');
ldb.createDBFile(ldb.dir, 'db', 'hello');
ldb.json.createDBFile(ldb.dir, 'db', 'world');
// this return a table on console with the all files in the db
ldb.getDBFiles(ldb.dir, 'db');
To use a callback in that function use like this
ldb.getDBFiles(ldb.dir, 'db', (files)=>{
console.log(files);
});
This function return the files name.
const ldb = require('ldbjs');
ldb.createDB('.', 'myDB');
ldb.createDBFile('.', 'myDB', 'myDBFile');
let myData = 'I overwrited data!';
ldb.overwriteData('.', 'myDB', 'myDBFile', myData); // optional callback
That action is irreversible.
const ldb = require('ldbjs');
ldb.createDB('.', 'myDB');
ldb.createDBFile('.', 'myDB', 'myDBFile');
let myData = 'I overwrited data!';
ldb.sendData('.', 'myDB', 'myDBFile', myData); // optional callback
ldb.cloneDBFile('.', 'myDB', 'myDBFile', '.', 'myDB', 'myOtherDBFile', ()=>{ // optional callback
console.log('cloned a db file');
});
To clone a file you need the two files created.
const ldb = require('ldbjs');
ldb.deleteDBFile('.', 'myDB', 'myDBFile', ()=>{ // optional callback
console.log('the dbfile as been deleted');
});
That action is irreversible.
const ldb = require('ldbjs');
ldb.renameDBFile('.', 'myDB', 'myDBFile', 'myNewDBFileName');
This function not receive a callback, are shown in the console the new stats of the file
const ldb = require('ldbjs');
ldb.event.on('create a DB', (path, name)=>{
ldb.createDB(path, name);
});
ldb.event.emit('create a DB', '.', 'myDB');
Events are a very simple way to create and manage DBs and DBfiles in your application, don't repeat code anymore.
const ldb = require('ldbjs');
// createing a json dbfile
ldb.json.createDBFile('.', 'myJSONDBName', 'myJSONFileName', ()=>{
// optional callback
console.log('json dbfile created');
});
// sending the data
let myJSObj = {
name: "Jhon",
age: 27
};
ldb.json.sendData('.', 'myJSONDBName', 'myJSONFileName', myJSObj);
// getting the data
ldb.json.getData('.', 'myJSONDBName', 'myJSONFileName', (data)=>{
cosole.log(data);
});
While a data are getted a js obj are return, the api automatically convert the json to a js object for you.
const ldb = require('ldbjs');
let str = 'Hello World!';
// to encode a string
ldb.base64.encode(str);
// returns SGVsbG8gV29ybGQh
// to decode a string
ldb.base64.decode(str);
// returns Hello World!
This process use the base-64 module, this is downloaded like a dependecie.
FAQs
Create and manage local db files and data
The npm package ldbjs receives a total of 0 weekly downloads. As such, ldbjs popularity was classified as not popular.
We found that ldbjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.