Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
mongoose-summarize
Advanced tools
To minimize populates and improve query performance, we dereference data that is accessed frequently and is changed seldom.
To make it very easy to manage dereferenced data, we created a technique and a plugin we call summarization.
Take the User schema for example.
const UserSchema = new mongoose.Schema({
email: { type: String, required: true },
phone: { type: String },
name: {
first: { type: String, required: true },
last: { type: String, required: true }
},
avatar: {
file: { type: Schema.Types.ObjectId, ref: 'file' },
url: { type: String } // generated
},
credentials: {
encrypted_password: { type: String },
reset_request: {
code: { type: String, trim: true },
date: { type: Date },
expires: { type: Date }
}
},
...
When other collections contain dereferenced user data, they do not need to store all user data obviously. Let's say only the name and avatar need to be stored. We can use this plugin to only store these fields when the user is being dereferenced (the "summary"):
const UserSummarySchema = new mongoose.Schema({
_id: { type: Schema.Types.ObjectId, required: true },
name: {
first: { type: String, trim: true },
last: { type: String, trim: true }
},
avatar: {
url: { type: String }
}
})
module.exports = exports = UserSummarySchema
And then in the original schema:
UserSchema.plugin(summarize.defineSummarySource)
For creating the original model from the above schema:
const UserSchema = require('<PATH_TO_SCHEMAS>/user')
mongoose.model('user', UserSchema).listenForUpdates()
Then to use the summary in another schema:
const CommentSchema = new mongoose.Schema({
author: UserSummarySchema,
body: { type: String },
added: {
date: { type: Date, default: Date.now }
}
})
CommentSchema.plugin(summarize, { path: 'author', ref: 'user' })
mongoose.model('comment', CommentSchema).listenForSourceChanges()
This plugin will setup a pub/sub system so that anytime a document in the source collection (eg. users) is updated, the plugin can optionally do batch updates on the schemas that use the summaries to ensure dereferenced data is kept up to date. This should be fairly performant if we setup indeces on the _id path of summary documents.
TODO:
FAQs
Making denormalization fun (or at least manageable)
The npm package mongoose-summarize receives a total of 1 weekly downloads. As such, mongoose-summarize popularity was classified as not popular.
We found that mongoose-summarize demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.