Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
loopback4-soft-delete
Advanced tools
loopback4-soft-delete
-@2x.png){kind=icon}
Install
npm install loopback4-soft-delete
Quick Starter
For a quick starter guide, you can refer to our loopback 4 starter application which utilizes this package for soft-deletes in a multi-tenant application.
Transaction support
With version 3.0.0, transaction repository support has been added. In place of SoftCrudRepository, extend your repository with DefaultTransactionSoftCrudRepository. For further usage guidelines, refer below.
Usage
Right now, this extension exports three abstract classes which are actually helping with soft delete operations.
- SoftDeleteEntity - An abstract base class for all models which require soft delete feature. This class is a wrapper over Entity class from @loopback/repository adding three attributes to the model class for handling soft-delete, namely, deleted, deletedOn, deletedBy. The column names needed to be there in DB within that table are - 'deleted', 'deleted_on', 'deleted_by'. If you are using auto-migration of loopback 4, then, you may not need to do anything specific to add this column. If not, then please add these columns to the DB table.
- SoftCrudRepository - An abstract base class for all repositories which require soft delete feature. This class is going to be the one which handles soft delete operations and ensures soft deleted entries are not returned in responses, However if there is a need to query soft deleted entries as well,there is an options to achieve that and you can use findAll() in place of find() , findOneIncludeSoftDelete() in place of findOne() and findByIdIncludeSoftDelete() in place of findById(), these will give you the responses including soft deleted entries. This class is a wrapper over DefaultCrudRepository class from @loopback/repository.
- DefaultTransactionSoftCrudRepository - An abstract base class for all repositories which require soft delete feature with transaction support. This class is going to be the one which handles soft delete operations and ensures soft deleted entries are not returned in responses, However if there is a need to query soft deleted entries as well,there is an options to achieve that and you can use findAll() in place of find() , findOneIncludeSoftDelete() in place of findOne() and findByIdIncludeSoftDelete() in place of findById(), these will give you the responses including soft deleted entries. This class is a wrapper over DefaultTransactionalRepository class from @loopback/repository.
In order to use this extension in your LB4 application, please follow below steps.
- Extend models with SoftDeleteEntity class replacing Entity. For example,
import {model, property} from '@loopback/repository';
import {SoftDeleteEntity} from 'loopback4-soft-delete';
@model({
name: 'users',
})
export class User extends SoftDeleteEntity {
@property({
type: 'number',
id: true,
})
id?: number;
// .... More properties
}
- Extend repositories with SoftCrudRepository class replacing DefaultCrudRepository. For example,
import {Getter, inject} from '@loopback/core';
import {SoftCrudRepository} from 'loopback4-soft-delete';
import {AuthenticationBindings, IAuthUser} from 'loopback4-authentication';
import {PgdbDataSource} from '../datasources';
import {User, UserRelations} from '../models';
export class UserRepository extends SoftCrudRepository<
User,
typeof User.prototype.id,
UserRelations
> {
constructor(
@inject('datasources.pgdb') dataSource: PgdbDataSource,
@inject.getter(AuthenticationBindings.CURRENT_USER, {optional: true})
protected readonly getCurrentUser: Getter<IAuthUser | undefined>,
) {
super(User, dataSource, getCurrentUser);
}
}
- For transaction support, extend repositories with DefaultTransactionSoftCrudRepository class replacing DefaultTransactionalRepository. For example,
import {Getter, inject} from '@loopback/core';
import {SoftCrudRepository} from 'loopback4-soft-delete';
import {AuthenticationBindings, IAuthUser} from 'loopback4-authentication';
import {PgdbDataSource} from '../datasources';
import {User, UserRelations} from '../models';
export class UserRepository extends DefaultTransactionSoftCrudRepository<
User,
typeof User.prototype.id,
UserRelations
> {
constructor(
@inject('datasources.pgdb') dataSource: PgdbDataSource,
@inject.getter(AuthenticationBindings.CURRENT_USER, {optional: true})
protected readonly getCurrentUser: Getter<IAuthUser | undefined>,
) {
super(User, dataSource, getCurrentUser);
}
}
The package also provides the following mixins which can be used for soft delete functionality:
- SoftDeleteEntityMixin: This mixin adds the soft delete properties to your model. The properties added are represented by the IBaseEntity interface:
interface IBaseEntity {
deleted?: boolean;
deletedOn?: Date;
deletedBy?: string;
}
There is also an option to provide config for the @property decorator for all these properties. Usage of SoftDeleteEntityMixin is as follows:
class Item extends Entity {
@property({
type: 'number',
id: true,
generated: true,
})
id?: number;
@property({
type: 'string',
required: true,
})
name: string;
constructor(data?: Partial<Item>) {
super(data);
}
}
@model()
export class ItemSoftDelete extends SoftDeleteEntityMixin(Item, {
deletedBy: {name: 'deleted_by_userid'},
}) {}
- SoftCrudRepositoryMixin: You can make use of this mixin to get the soft delete functionality for DefaultCrudRepository or any respository that extends the DefaultCrudRepository. You need to extend your repository with this mixin and provide DefaultCrudRepository (or any repository that extends DefaultCrudRepository) as input. This means that this same mixin can also be used to provide soft delete functionality for DefaultTransactionSoftCrudRepository ( as DefaultTransactionSoftCrudRepository extends DefaultCrudRepository).You will have to inject the getter for IAuthUser in the contructor of your repository. Example:
import {Constructor, Getter, inject} from '@loopback/core';
import {DefaultCrudRepository} from '@loopback/repository';
import {AuthenticationBindings, IAuthUser} from 'loopback4-authentication';
import {SoftCrudRepositoryMixin} from 'loopback4-soft-delete';
import {TestDataSource} from '../datasources';
import {ItemSoftDelete, ItemSoftDeleteRelations} from '../models';
export class ItemRepository extends SoftCrudRepositoryMixin<
ItemSoftDelete,
typeof ItemSoftDelete.prototype.id,
Constructor<
DefaultCrudRepository<
ItemSoftDelete,
typeof ItemSoftDelete.prototype.id,
ItemSoftDeleteRelations
>
>,
ItemSoftDeleteRelations
>(DefaultCrudRepository) {
constructor(
@inject('datasources.test') dataSource: TestDataSource,
@inject.getter(AuthenticationBindings.CURRENT_USER)
public getCurrentUser: Getter<IAuthUser>,
) {
super(ItemSoftDelete, dataSource);
}
}
deletedBy
Whenever any entry is deleted using deleteById, delete and deleteAll repository methods, it also sets deletedBy column with a value with user id whoever is logged in currently. Hence it uses a Getter function of IUser type. However, if you want to use some other attribute of user model other than id, you can do it by overriding deletedByIdKey. Here is an example.
import {Getter, inject} from '@loopback/core';
import {SoftCrudRepository, IUser} from 'loopback4-soft-delete';
import {AuthenticationBindings} from 'loopback4-authentication';
import {PgdbDataSource} from '../datasources';
import {User, UserRelations} from '../models';
export class UserRepository extends SoftCrudRepository<
User,
typeof User.prototype.id,
UserRelations
> {
constructor(
@inject('datasources.pgdb') dataSource: PgdbDataSource,
@inject.getter(AuthenticationBindings.CURRENT_USER, {optional: true})
protected readonly getCurrentUser: Getter<User | undefined>,
) {
super(User, dataSource, getCurrentUser);
}
}
Model class for custom identifier case. Notice the getIdentifier() method and IUser interface implemented.
@model()
class User extends SoftDeleteEntity implements IUser {
@property({
id: true,
})
id: string;
@property()
username: string;
getIdentifier() {
return this.username;
}
constructor(data?: Partial<User>) {
super(data);
}
}
License
Keywords
FAQs
A loopback-next extension for soft delete feature.
The npm package loopback4-soft-delete receives a total of 3,489 weekly downloads. As such, loopback4-soft-delete popularity was classified as popular.
We found that loopback4-soft-delete demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 11 Jan 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025