Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The mariadb npm package is a Node.js connector for MariaDB, a popular open-source relational database. It allows you to interact with MariaDB databases using JavaScript, providing functionalities for connecting to the database, executing queries, managing transactions, and handling connection pools.
Connecting to the Database
This code demonstrates how to create a connection pool and connect to a MariaDB database using the mariadb package. It establishes a connection and logs a message upon successful connection.
const mariadb = require('mariadb');
const pool = mariadb.createPool({
host: 'localhost',
user: 'yourUsername',
password: 'yourPassword',
database: 'yourDatabase'
});
async function connect() {
let conn;
try {
conn = await pool.getConnection();
console.log('Connected to the database');
} catch (err) {
throw err;
} finally {
if (conn) conn.end();
}
}
connect();
Executing Queries
This code sample shows how to execute a simple SELECT query using the mariadb package. It retrieves all rows from a specified table and logs them to the console.
const mariadb = require('mariadb');
const pool = mariadb.createPool({
host: 'localhost',
user: 'yourUsername',
password: 'yourPassword',
database: 'yourDatabase'
});
async function executeQuery() {
let conn;
try {
conn = await pool.getConnection();
const rows = await conn.query('SELECT * FROM yourTable');
console.log(rows);
} catch (err) {
throw err;
} finally {
if (conn) conn.end();
}
}
executeQuery();
Managing Transactions
This code demonstrates how to manage transactions using the mariadb package. It begins a transaction, executes an INSERT query, and commits the transaction. If an error occurs, the transaction is rolled back.
const mariadb = require('mariadb');
const pool = mariadb.createPool({
host: 'localhost',
user: 'yourUsername',
password: 'yourPassword',
database: 'yourDatabase'
});
async function manageTransaction() {
let conn;
try {
conn = await pool.getConnection();
await conn.beginTransaction();
await conn.query('INSERT INTO yourTable (column1, column2) VALUES (?, ?)', [value1, value2]);
await conn.commit();
console.log('Transaction committed');
} catch (err) {
if (conn) await conn.rollback();
console.error('Transaction rolled back', err);
} finally {
if (conn) conn.end();
}
}
manageTransaction();
Handling Connection Pools
This code sample shows how to handle connection pools with the mariadb package. It sets a connection limit and demonstrates how to use the pool to execute a query.
const mariadb = require('mariadb');
const pool = mariadb.createPool({
host: 'localhost',
user: 'yourUsername',
password: 'yourPassword',
database: 'yourDatabase',
connectionLimit: 5
});
async function usePool() {
let conn;
try {
conn = await pool.getConnection();
const rows = await conn.query('SELECT * FROM yourTable');
console.log(rows);
} catch (err) {
throw err;
} finally {
if (conn) conn.end();
}
}
usePool();
The mysql package is a popular Node.js connector for MySQL databases. It offers similar functionalities to mariadb, such as connecting to the database, executing queries, and managing transactions. However, it is specifically designed for MySQL databases, whereas mariadb is tailored for MariaDB.
The mysql2 package is another Node.js connector for MySQL databases. It is a more modern and faster alternative to the mysql package, with support for Promises and async/await. Like mariadb, it provides functionalities for connecting to the database, executing queries, and managing transactions.
The pg package is a Node.js connector for PostgreSQL databases. While it serves a different database system, it offers similar functionalities to mariadb, such as connecting to the database, executing queries, and managing transactions. It is a good alternative if you are using PostgreSQL instead of MariaDB.
Non-blocking MariaDB and MySQL client for Node.js.
MariaDB and MySQL client, 100% JavaScript, with TypeScript definition, with the Promise API.
version before 2.4 is compatible with Node.js 6+ version after 2.4 is compatible with Node.js 10+
See promise documentation for detailed API.
Callback documentation describe the callback wrapper for compatibility with existing drivers.
While there are existing MySQL clients that work with MariaDB, (such as the mysql
and mysql2
clients), the MariaDB Node.js Connector offers new functionality, like Insert Streaming, Pipelining, ed25519 plugin authentication while making no compromises on performance.
Using a Readable stream in your application, you can stream INSERT
statements to MariaDB through the Connector.
https.get('https://someContent', readableStream => {
//readableStream implement Readable, driver will stream data to database
connection.query("INSERT INTO myTable VALUE (?)", [readableStream]);
});
With Pipelining, the Connector sends commands without waiting for server results, preserving order. For instance, consider the use of executing two INSERT
statements.
The Connector doesn't wait for query results before sending the next INSERT
statement. Instead, it sends queries one after the other, avoiding much of the network latency.
For more information, see the Pipelining documentation.
Some use cases require a large amount of data to be inserted into a database table. By using batch processing, these queries can be sent to the database in one call, thus improving performance.
For more information, see the Batch documentation.
MariaDB provides benchmarks comparing the Connector with popular Node.js MySQL clients, including:
promise-mysql
version 4.0.4 + mysql
version 2.17.1mysql2
version 1.6.5promise-mysql : 646 ops/sec ±2.20%
mysql2 : 746 ops/sec ±2.35%
mariadb : 961 ops/sec ±2.82%
query: SELECT < all mysql fields >, 1 FROM mysql.user LIMIT 1
For more information, see the Benchmarks page.
The MariaDB Connector is available through the Node.js repositories. You can install it using npm :
$ npm install mariadb
example:
const mariadb = require('mariadb');
const pool = mariadb.createPool({host: process.env.DB_HOST, user: process.env.DB_USER, connectionLimit: 5});
async function asyncFunction() {
let conn;
try {
conn = await pool.getConnection();
const rows = await conn.query("SELECT 1 as val");
// rows: [ {val: 1}, meta: ... ]
const res = await conn.query("INSERT INTO myTable value (?, ?)", [1, "mariadb"]);
// res: { affectedRows: 1, insertId: 1, warningStatus: 0 }
} finally {
if (conn) conn.release(); //release to pool
}
}
If you would like to contribute to the MariaDB Node.js Connector, please follow the instructions given in the Developers Guide.
To file an issue or follow the development, see JIRA.
FAQs
fast mariadb or mysql connector.
We found that mariadb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.