Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
mongoose-to-csv
Advanced tools
MongooseToCsv is a mongoose plugin that creates a CsvBuilder
instance for your Schema.
var UserSchema = new mongoose.Schema({
fullname: {type: String},
email: {type: String},
age: {type: Number},
username: {type: String}
});
UserSchema.plugin(mongooseToCsv, {
headers: 'Firstname Lastname Username Email Age',
constraints: {
'Username': 'username',
'Email': 'email',
'Age': 'age'
},
virtuals: {
'Firstname': function(doc) {
return doc.fullname.split(' ')[0];
},
'Lastname': function(doc) {
return doc.fullname.split(' ')[1];
}
}
});
var User = mongoose.model('Users', UserSchema);
// Query and stream
User.findAndStreamCsv({age: {$lt: 40}})
.pipe(fs.createWriteStream('users_under_40.csv'));
// Create stream from query results
User.find({}).exec()
.then(function(docs) {
User.csvReadStream(docs)
.pipe(fs.createWriteStream('users.csv'));
});
// Transform mongoose streams
User.find({})
.where('age').gt(20).lt(30)
.limit(10)
.sort('age')
.stream()
.pipe(User.csvTransformStream())
.pipe(fs.createWriteStream('users.csv'));
$ npm install mongoose-to-csv
Running tests requires a local mongodb server, and mocha. While most likely not a namespace issue, the test script will create a database __mongoose_to_csv_test__
, and drop the database when finished. You have been warned.
$ npm test
The options
argument is passed to the CsvBuilder
instance, please refer to
the Docs for more in-depth details. The only aditional property that can be included is the virutals
property.
The virtuals
have nothing to do with mongoose virtuals.
Creates a csv formated read stream from query results.
Transforms mongoose querystreams to csv formated streams.
Schema.find(query).stream().pipe(Schema.csvTransformStream())
FAQs
Export mongoose querys as csv streams.
We found that mongoose-to-csv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.