Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A node.js module for mongodb, that emulates the official mongodb API as much as possible. It wraps mongodb-native. It is available through npm:
npm install mongojs
mongojs is very simple to use:
var mongojs = require('mongojs');
var db = mongojs(connectionString, [collections]);
The connection string should follow the format desribed in the mongo connection string docs. Some examples of this could be:
// simple usage for a local db
var db = mongojs('mydb', ['mycollection']);
// the db is on a remote server (the port default to mongo)
var db = mongojs('example.com/mydb', ['mycollection']);
// we can also provide some credentials
var db = mongojs('username:password@example.com/mydb', ['mycollection']);
// connect now, and worry about collections later
var db = mongojs('mydb');
var mycollection = db.collection('mycollection');
After we connected we can query or update the database just how we would using the mongo API with the exception that we use a callback
The format for callbacks is always callback(error, value)
where error is null if no exception has occured.
// find everything
db.mycollection.find(function(err, docs) {
// docs is an array of all the documents in mycollection
});
// find everything, but sort by name
db.mycollection.find().sort({name:1}, function(err, docs) {
// docs is now a sorted array
});
// iterate over all whose level is greater than 90.
db.mycollection.find({level:{$gt:90}}).forEach(function(err, doc) {
if (!doc) {
// we visited all docs in the collection
return;
}
// doc is a document in the collection
});
// find all named 'mathias' and increment their level
db.mycollection.update({name:'mathias'}, {$inc:{level:1}}, {multi:true}, function(err) {
// the update is complete
});
// find one named 'mathias', tag him as a contributor and return the modified doc
db.mycollection.findAndModify({
query: { name: 'mathias' },
update: { $set: { tag:'maintainer' } },
new: true
}, function(err, doc) {
// doc.tag === 'maintainer'
});
// use the save function to just save a document (the callback is optional for all writes)
db.mycollection.save({created:'just now'});
If you provide a callback to find
or any cursor config operation mongojs will call toArray
for you
db.mycollection.find({}, function(err, docs) { ... });
db.mycollection.find({}).limit(2).skip(1, function(err, docs) { ... });
is the same as
db.mycollection.find({}).toArray(function(err, docs) { ... });
db.mycollection.find({}).limit(2).skip(1).toArray(function(err, docs) { ... });
For more detailed information about the different usages of update and quering see the mongo docs
Mongojs can also connect to a mongo replication set by providing a connection string with multiple hosts
var db = mongojs('rs-1.com,rs-2.com,rs-3.com/mydb?slaveOk=true', ['mycollection']);
For more detailed information about replica sets see the mongo replication docs
FAQs
Easy to use module that implements the mongo api
The npm package mongojs receives a total of 7,355 weekly downloads. As such, mongojs popularity was classified as popular.
We found that mongojs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.