Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The mongodb npm package is the official Node.js driver for MongoDB. It provides a high-level API to connect to and interact with MongoDB databases. With this package, developers can perform CRUD operations, manage database connections, and work with MongoDB features like transactions, indexes, and aggregation.
Connecting to a MongoDB database
This code sample demonstrates how to connect to a MongoDB database using the MongoClient object provided by the mongodb package.
const { MongoClient } = require('mongodb');
const url = 'mongodb://localhost:27017';
const client = new MongoClient(url);
async function connect() {
try {
await client.connect();
console.log('Connected to MongoDB');
} catch (e) {
console.error(e);
}
}
connect();
CRUD Operations
This code sample shows how to perform CRUD (Create, Read, Update, Delete) operations on a MongoDB collection using the mongodb package.
const { MongoClient } = require('mongodb');
const url = 'mongodb://localhost:27017';
const client = new MongoClient(url);
const dbName = 'myDatabase';
async function crudOperations() {
try {
await client.connect();
const db = client.db(dbName);
const collection = db.collection('documents');
// Create a document
await collection.insertOne({ a: 1 });
// Read documents
const docs = await collection.find({}).toArray();
// Update a document
await collection.updateOne({ a: 1 }, { $set: { b: 1 } });
// Delete a document
await collection.deleteOne({ b: 1 });
} catch (e) {
console.error(e);
} finally {
await client.close();
}
}
crudOperations();
Index Management
This code sample illustrates how to manage indexes in a MongoDB collection, including creating an index and listing all indexes.
const { MongoClient } = require('mongodb');
const url = 'mongodb://localhost:27017';
const client = new MongoClient(url);
const dbName = 'myDatabase';
async function manageIndexes() {
try {
await client.connect();
const db = client.db(dbName);
const collection = db.collection('documents');
// Create an index
await collection.createIndex({ a: 1 });
// List indexes
const indexes = await collection.indexes();
console.log(indexes);
} catch (e) {
console.error(e);
} finally {
await client.close();
}
}
manageIndexes();
Aggregation
This code sample demonstrates how to use the aggregation framework provided by MongoDB to process data and compute aggregated results.
const { MongoClient } = require('mongodb');
const url = 'mongodb://localhost:27017';
const client = new MongoClient(url);
const dbName = 'myDatabase';
async function aggregateData() {
try {
await client.connect();
const db = client.db(dbName);
const collection = db.collection('documents');
// Perform an aggregation query
const aggregation = await collection.aggregate([
{ $match: { a: 1 } },
{ $group: { _id: '$b', total: { $sum: 1 } } }
]).toArray();
console.log(aggregation);
} catch (e) {
console.error(e);
} finally {
await client.close();
}
}
aggregateData();
Mongoose is an Object Data Modeling (ODM) library for MongoDB and Node.js. It manages relationships between data, provides schema validation, and is used to translate between objects in code and the representation of those objects in MongoDB. Mongoose offers a more structured approach to data handling with predefined schemas compared to the flexibility of the mongodb package.
Couchbase is the official Node.js client library for the Couchbase database. While Couchbase is a different NoSQL database system with its own set of features and capabilities, the couchbase npm package offers similar functionalities in terms of CRUD operations, connection management, and querying as the mongodb package does for MongoDB.
Redis is an in-memory data structure store, used as a database, cache, and message broker. The npm package for Redis provides Node.js bindings to the Redis server. It is similar to mongodb in that it allows for data storage and retrieval, but it operates in-memory and is typically used for different use cases such as caching.
The official MongoDB driver for Node.js.
Upgrading to version 4? Take a look at our upgrade guide here!
what | where |
---|---|
documentation | docs.mongodb.com/drivers/node |
api-doc | mongodb.github.io/node-mongodb-native/4.2/ |
npm package | www.npmjs.com/package/mongodb |
source | github.com/mongodb/node-mongodb-native |
mongodb | www.mongodb.com |
changelog | HISTORY.md |
upgrade to v4 | docs/CHANGES_4.0.0.md |
contributing | CONTRIBUTING.md |
Think you’ve found a bug? Want to see a new feature in node-mongodb-native
? Please open a
case in our issue management tool, JIRA:
Bug reports in JIRA for all driver projects (i.e. NODE, PYTHON, CSHARP, JAVA) and the Core Server (i.e. SERVER) project are public.
For issues with, questions about, or feedback for the Node.js driver, please look into our support channels. Please do not email any of the driver developers directly with issues or questions - you're more likely to get an answer on the MongoDB Community Forums.
Change history can be found in HISTORY.md
.
For version compatibility matrices, please refer to the following links:
We recommend using the latest version of typescript, however we do provide a downleveled version of the type definitions that we test compiling against typescript@4.0.2
.
Since typescript does not restrict breaking changes to major versions we consider this support best effort.
If you run into any unexpected compiler failures please let us know and we will do our best to correct it.
The recommended way to get started using the Node.js 4.x driver is by using the npm
(Node Package Manager) to install the dependency in your project.
After you've created your own project using npm init
, you can run:
npm install mongodb
# or ...
yarn add mongodb
This will download the MongoDB driver and add a dependency entry in your package.json
file.
If you are a Typescript user, you will need the Node.js type definitions to use the driver's definitions:
npm install -D @types/node
The MongoDB driver depends on several other packages. These are:
Some of these packages include native C++ extensions. Consult the trouble shooting guide here if you run into issues.
This guide will show you how to set up a simple application using Node.js and MongoDB. Its scope is only how to set up the driver and perform the simple CRUD operations. For more in-depth coverage, see the official documentation.
package.json
fileFirst, create a directory where your application will live.
mkdir myProject
cd myProject
Enter the following command and answer the questions to create the initial structure for your new project:
npm init -y
Next, install the driver as a dependency.
npm install mongodb
For complete MongoDB installation instructions, see the manual.
mongod
process.mongod --dbpath=/data
You should see the mongod process start up and print some status information.
Create a new app.js file and add the following code to try out some basic CRUD operations using the MongoDB driver.
Add code to connect to the server and the database myProject:
NOTE: All the examples below use async/await syntax.
However, all async API calls support an optional callback as the final argument, if a callback is provided a Promise will not be returned.
const { MongoClient } = require('mongodb');
// or as an es module:
// import { MongoClient } from 'mongodb'
// Connection URL
const url = 'mongodb://localhost:27017';
const client = new MongoClient(url);
// Database Name
const dbName = 'myProject';
async function main() {
// Use connect method to connect to the server
await client.connect();
console.log('Connected successfully to server');
const db = client.db(dbName);
const collection = db.collection('documents');
// the following code examples can be pasted here...
return 'done.';
}
main()
.then(console.log)
.catch(console.error)
.finally(() => client.close());
Run your app from the command line with:
node app.js
The application should print Connected successfully to server to the console.
Add to app.js the following function which uses the insertMany method to add three documents to the documents collection.
const insertResult = await collection.insertMany([{ a: 1 }, { a: 2 }, { a: 3 }]);
console.log('Inserted documents =>', insertResult);
The insertMany command returns an object with information about the insert operations.
Add a query that returns all the documents.
const findResult = await collection.find({}).toArray();
console.log('Found documents =>', findResult);
This query returns all the documents in the documents collection. If you add this below the insertMany example you'll see the document's you've inserted.
Add a query filter to find only documents which meet the query criteria.
const filteredDocs = await collection.find({ a: 3 }).toArray();
console.log('Found documents filtered by { a: 3 } =>', filteredDocs);
Only the documents which match 'a' : 3
should be returned.
The following operation updates a document in the documents collection.
const updateResult = await collection.updateOne({ a: 3 }, { $set: { b: 1 } });
console.log('Updated documents =>', updateResult);
The method updates the first document where the field a is equal to 3 by adding a new field b to the document set to 1. updateResult
contains information about whether there was a matching document to update or not.
Remove the document where the field a is equal to 3.
const deleteResult = await collection.deleteMany({ a: 3 });
console.log('Deleted documents =>', deleteResult);
Indexes can improve your application's performance. The following function creates an index on the a field in the documents collection.
const indexName = await collection.createIndex({ a: 1 });
console.log('index name =', indexName);
For more detailed information, see the indexing strategies page.
If you need to filter certain errors from our driver we have a helpful tree of errors described in docs/errors.md.
It is our recommendation to use instanceof
checks on errors and to avoid relying on parsing error.message
and error.name
strings in your code.
We guarantee instanceof
checks will pass according to semver guidelines, but errors may be sub-classed or their messages may change at any time, even patch releases, as we see fit to increase the helpfulness of the errors.
Any new errors we add to the driver will directly extend an existing error class and no existing error will be moved to a different parent class outside of a major release.
This means instanceof
will always be able to accurately capture the errors that our driver throws (or returns in a callback).
const client = new MongoClient(url);
await client.connect();
const collection = client.db().collection('collection');
try {
await collection.insertOne({ _id: 1 });
await collection.insertOne({ _id: 1 }); // duplicate key error
} catch (error) {
if (error instanceof MongoServerError) {
console.log(`Error worth logging: ${error}`); // special case for some reason
}
throw error; // still want to crash
}
© 2009-2012 Christian Amor Kvalheim © 2012-present MongoDB Contributors
4.2.2 (2021-12-13)
FAQs
The official MongoDB driver for Node.js
The npm package mongodb receives a total of 4,127,872 weekly downloads. As such, mongodb popularity was classified as popular.
We found that mongodb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.