
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
level-atomic-counter
Advanced tools
Accurately keep count of entries in a levelup store with sublevel installed. It does this by monkey-patching put/del/batch to check whether a key already exists or not before appending the new count to the batch of operations being written. The count is stored in a sublevel named 'counter'.
Note: The chained form a batch() is not supported.
let level = require('level')
let sublevel = require('level-sublevel');
let db = sublevel( level('example.db') );
let Counter = require('level-atomic-counter');
Counter.install(db);
db.batch([
{type: 'put', key: 1, value: 1},
{type: 'put', key: 2, value: 2},
{type: 'del', key: 1},
], (err) => {
db.getCount((err, result) => {
console.log(result); // 1
});
});
This does not alter the db object and instead returns an object of methods in the form of {put, del, batch, getCount, recount} which will update the counter only when used.
This will install the methods onto the db object directly instead of returning them. Do it this way if you want all writes to the database to update the counter so long as those writes use this this particular db object.
MIT
FAQs
Accurately keep count of entries in a levelup store.
We found that level-atomic-counter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.