Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The mquery npm package is a fluent MongoDB query builder designed to run in multiple environments. It provides a chainable interface for building queries and allows for the construction and manipulation of MongoDB queries with a more readable and convenient syntax.
Building Queries
Allows for the construction of MongoDB queries using a chainable syntax. For example, to find all documents where the age field is greater than 21 and limit the results to 10 documents, you can use the following code: `mquery().find({ age: { $gt: 21 } }).limit(10)`.
{"find": {"age": {"$gt": 21}}, "limit": 10}
Query Execution
Executes the built query against a MongoDB collection. The `exec` method takes a callback function that will be called with the results of the query. For example: `mquery().find({ name: 'John Doe' }).exec(callback)`.
{"exec": "function(callback) { return this._collection.find(this._conditions, this._fields, this._options, callback); }"}
Updating Documents
Provides methods for updating documents in a MongoDB collection. For instance, to update the name field of all documents matching certain conditions, you can use: `mquery().update({ name: 'John Doe' }, { $set: { name: 'Jane Doe' } }).exec(callback)`.
{"update": {"$set": {"name": "Jane Doe"}}, "exec": "function(callback) { return this._collection.update(this._conditions, this._update, this._options, callback); }"}
Removing Documents
Allows for the removal of documents from a MongoDB collection. To remove documents that match certain conditions, you can use: `mquery().remove({ age: { $lt: 18 } }).exec(callback)`.
{"remove": "function(callback) { return this._collection.remove(this._conditions, this._options, callback); }"}
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. It provides a straight-forward, schema-based solution to model application data. It includes built-in type casting, validation, query building, and business logic hooks. It is more feature-rich than mquery and is often used in conjunction with it as mquery is a dependency of mongoose.
The official MongoDB driver for Node.js provides a native interface to perform queries and operations against MongoDB databases. It is more low-level compared to mquery, requiring more verbose syntax for query construction and execution.
mquery
is a fluent mongodb query builder designed to run in multiple environments.
const mongo = require('mongodb');
const client = new mongo.MongoClient(uri);
await client.connect();
// get a collection
const collection = client.collection('artists');
// pass it to the constructor
await mquery(collection).find({...});
// or pass it to the collection method
const docs = await mquery().find({...}).collection(collection);
// or better yet, create a custom query constructor that has it always set
const Artist = mquery(collection).toConstructor();
const docs = await Artist().find(...).where(...);
mquery
requires a collection object to work with. In the example above we just pass the collection object created using the official MongoDB driver.
Declares this query a find query. Optionally pass a match clause.
mquery().find()
mquery().find(match)
await mquery().find()
const docs = await mquery().find(match);
assert(Array.isArray(docs));
Declares this query a findOne query. Optionally pass a match clause.
mquery().findOne()
mquery().findOne(match)
await mquery().findOne()
const doc = await mquery().findOne(match);
if (doc) {
// the document may not be found
console.log(doc);
}
Declares this query a count query. Optionally pass a match clause.
mquery().count()
mquery().count(match)
await mquery().count()
const number = await mquery().count(match);
console.log('we found %d matching documents', number);
Declares this query a findAndModify with update query. Optionally pass a match clause, update document, options.
When executed, the first matching document (if found) is modified according to the update document and passed back.
Options are passed to the setOptions()
method.
returnDocument
: string - 'after'
to return the modified document rather than the original. defaults to 'before'
upsert
: boolean - creates the object if it doesn't exist. defaults to falsesort
: if multiple docs are found by the match condition, sets the sort order to choose which doc to updatequery.findOneAndUpdate()
query.findOneAndUpdate(updateDocument)
query.findOneAndUpdate(match, updateDocument)
query.findOneAndUpdate(match, updateDocument, options)
// the following all execute the command
await query.findOneAndUpdate()
await query.findOneAndUpdate(updateDocument)
await query.findOneAndUpdate(match, updateDocument)
const doc = await await query.findOneAndUpdate(match, updateDocument, options);
if (doc) {
// the document may not be found
console.log(doc);
}
Declares this query a findAndModify with remove query. Alias of findOneAndDelete. Optionally pass a match clause, options.
When executed, the first matching document (if found) is modified according to the update document, removed from the collection and passed as a result.
Options are passed to the setOptions()
method.
sort
: if multiple docs are found by the condition, sets the sort order to choose which doc to modify and removeA.where().findOneAndDelete()
A.where().findOneAndRemove()
A.where().findOneAndRemove(match)
A.where().findOneAndRemove(match, options)
// the following all execute the command
await A.where().findOneAndRemove()
await A.where().findOneAndRemove(match)
const doc = await A.where().findOneAndRemove(match, options);
if (doc) {
// the document may not be found
console.log(doc);
}
Declares this query a distinct query. Optionally pass the distinct field, a match clause.
mquery().distinct()
mquery().distinct(match)
mquery().distinct(match, field)
mquery().distinct(field)
// the following all execute the command
await mquery().distinct()
await mquery().distinct(field)
await mquery().distinct(match)
const result = await mquery().distinct(match, field);
console.log(result);
Executes the query.
const docs = await mquery().findOne().where('route').intersects(polygon).exec()
Executes the query and returns a stream.
var stream = mquery().find().stream(options);
stream.on('data', cb);
stream.on('close', fn);
Note: this only works with find()
operations.
Note: returns the stream object directly from the node-mongodb-native driver. (currently streams1 type stream). Any options will be passed along to the driver method.
Specifies an $all
query condition
mquery().where('permission').all(['read', 'write'])
Specifies arguments for an $and
condition
mquery().and([{ color: 'green' }, { status: 'ok' }])
Specifies a $box
condition
var lowerLeft = [40.73083, -73.99756]
var upperRight= [40.741404, -73.988135]
mquery().where('location').within().box(lowerLeft, upperRight)
Specifies a $center
or $centerSphere
condition.
var area = { center: [50, 50], radius: 10, unique: true }
query.where('loc').within().circle(area)
query.circle('loc', area);
// for spherical calculations
var area = { center: [50, 50], radius: 10, unique: true, spherical: true }
query.where('loc').within().circle(area)
query.circle('loc', area);
Specifies an $elemMatch
condition
query.where('comment').elemMatch({ author: 'autobot', votes: {$gte: 5}})
query.elemMatch('comment', function (elem) {
elem.where('author').equals('autobot');
elem.where('votes').gte(5);
})
Specifies the complementary comparison value for the path specified with where()
.
mquery().where('age').equals(49);
// is the same as
mquery().where({ 'age': 49 });
Specifies an $exists
condition
// { name: { $exists: true }}
mquery().where('name').exists()
mquery().where('name').exists(true)
mquery().exists('name')
// { name: { $exists: false }}
mquery().where('name').exists(false);
mquery().exists('name', false);
Specifies a $geometry
condition
var polyA = [[[ 10, 20 ], [ 10, 40 ], [ 30, 40 ], [ 30, 20 ]]]
query.where('loc').within().geometry({ type: 'Polygon', coordinates: polyA })
// or
var polyB = [[ 0, 0 ], [ 1, 1 ]]
query.where('loc').within().geometry({ type: 'LineString', coordinates: polyB })
// or
var polyC = [ 0, 0 ]
query.where('loc').within().geometry({ type: 'Point', coordinates: polyC })
// or
query.where('loc').intersects().geometry({ type: 'Point', coordinates: polyC })
// or
query.where('loc').near().geometry({ type: 'Point', coordinates: [3,5] })
geometry()
must come after intersects()
, within()
, or near()
.
The object
argument must contain type
and coordinates
properties.
String
Array
Specifies a $gt
query condition.
mquery().where('clicks').gt(999)
Specifies a $gte
query condition.
mquery().where('clicks').gte(1000)
Specifies an $in
query condition.
mquery().where('author_id').in([3, 48901, 761])
Declares an $geoIntersects
query for geometry()
.
query.where('path').intersects().geometry({
type: 'LineString'
, coordinates: [[180.0, 11.0], [180, 9.0]]
})
// geometry arguments are supported
query.where('path').intersects({
type: 'LineString'
, coordinates: [[180.0, 11.0], [180, 9.0]]
})
Must be used after where()
.
Specifies a $lt
query condition.
mquery().where('clicks').lt(50)
Specifies a $lte
query condition.
mquery().where('clicks').lte(49)
Specifies a $maxDistance
query condition.
mquery().where('location').near({ center: [139, 74.3] }).maxDistance(5)
Specifies a $mod
condition
mquery().where('count').mod(2, 0)
Specifies a $ne
query condition.
mquery().where('status').ne('ok')
Specifies an $nin
query condition.
mquery().where('author_id').nin([3, 48901, 761])
Specifies arguments for an $nor
condition.
mquery().nor([{ color: 'green' }, { status: 'ok' }])
Specifies arguments for a $near
or $nearSphere
condition.
These operators return documents sorted by distance.
query.where('loc').near({ center: [10, 10] });
query.where('loc').near({ center: [10, 10], maxDistance: 5 });
query.near('loc', { center: [10, 10], maxDistance: 5 });
// GeoJSON
query.where('loc').near({ center: { type: 'Point', coordinates: [10, 10] }});
query.where('loc').near({ center: { type: 'Point', coordinates: [10, 10] }, maxDistance: 5, spherical: true });
query.where('loc').near().geometry({ type: 'Point', coordinates: [10, 10] });
// For a $nearSphere condition, pass the `spherical` option.
query.near({ center: [10, 10], maxDistance: 5, spherical: true });
Specifies arguments for an $or
condition.
mquery().or([{ color: 'red' }, { status: 'emergency' }])
Specifies a $polygon
condition
mquery().where('loc').within().polygon([10,20], [13, 25], [7,15])
mquery().polygon('loc', [10,20], [13, 25], [7,15])
Specifies a $regex
query condition.
mquery().where('name').regex(/^sixstepsrecords/)
Specifies which document fields to include or exclude
// 1 means include, 0 means exclude
mquery().select({ name: 1, address: 1, _id: 0 })
// or
mquery().select('name address -_id')
When passing a string, prefixing a path with -
will flag that path as excluded. When a path does not have the -
prefix, it is included.
// include a and b, exclude c
query.select('a b -c');
// or you may use object notation, useful when
// you have keys already prefixed with a "-"
query.select({a: 1, b: 1, c: 0});
Cannot be used with distinct()
.
Determines if the query has selected any fields.
var query = mquery();
query.selected() // false
query.select('-name');
query.selected() // true
Determines if the query has selected any fields inclusively.
var query = mquery().select('name');
query.selectedInclusively() // true
var query = mquery();
query.selected() // false
query.select('-name');
query.selectedInclusively() // false
query.selectedExclusively() // true
Determines if the query has selected any fields exclusively.
var query = mquery().select('-name');
query.selectedExclusively() // true
var query = mquery();
query.selected() // false
query.select('name');
query.selectedExclusively() // false
query.selectedInclusively() // true
Specifies a $size
query condition.
mquery().where('someArray').size(6)
Specifies a $slice
projection for a path
mquery().where('comments').slice(5)
mquery().where('comments').slice(-5)
mquery().where('comments').slice([-10, 5])
Sets a $geoWithin
or $within
argument for geo-spatial queries.
mquery().within().box()
mquery().within().circle()
mquery().within().geometry()
mquery().where('loc').within({ center: [50,50], radius: 10, unique: true, spherical: true });
mquery().where('loc').within({ box: [[40.73, -73.9], [40.7, -73.988]] });
mquery().where('loc').within({ polygon: [[],[],[],[]] });
mquery().where('loc').within([], [], []) // polygon
mquery().where('loc').within([], []) // box
mquery().where('loc').within({ type: 'LineString', coordinates: [...] }); // geometry
As of mquery 2.0, $geoWithin
is used by default. This impacts you if running MongoDB < 2.4. To alter this behavior, see mquery.use$geoWithin.
Must be used after where()
.
Specifies a path
for use with chaining
// instead of writing:
mquery().find({age: {$gte: 21, $lte: 65}});
// we can instead write:
mquery().where('age').gte(21).lte(65);
// passing query conditions is permitted too
mquery().find().where({ name: 'vonderful' })
// chaining
await mquery()
.where('age').gte(21).lte(65)
.where({ 'name': /^vonderful/i })
.where('friends').slice(10)
.exec()
Specifies a $where
condition.
Use $where
when you need to select documents using a JavaScript expression.
await query.$where('this.comments.length > 10 || this.name.length > 5').exec()
query.$where(function () {
return this.comments.length > 10 || this.name.length > 5;
})
Only use $where
when you have a condition that cannot be met using other MongoDB operators like $lt
. Be sure to read about all of its caveats before using.
Specifies the batchSize option.
query.batchSize(100)
Cannot be used with distinct()
.
Specifies the collation option.
query.collation({ locale: "en_US", strength: 1 })
Specifies the comment option.
query.comment('login query');
Cannot be used with distinct()
.
Sets query hints.
mquery().hint({ indexA: 1, indexB: -1 })
Cannot be used with distinct()
.
Requests acknowledgement that this operation has been persisted to MongoDB's on-disk journal.
This option is only valid for operations that write to the database:
deleteOne()
deleteMany()
findOneAndDelete()
findOneAndUpdate()
updateOne()
updateMany()
Defaults to the j
value if it is specified in writeConcern
mquery().j(true);
Specifies the limit option.
query.limit(20)
Cannot be used with distinct()
.
Specifies the maxTimeMS option.
query.maxTime(100)
query.maxTimeMS(100)
Specifies the skip option.
query.skip(100).limit(20)
Cannot be used with distinct()
.
Sets the query sort order.
If an object is passed, key values allowed are asc
, desc
, ascending
, descending
, 1
, and -1
.
If a string is passed, it must be a space delimited list of path names. The sort order of each path is ascending unless the path name is prefixed with -
which will be treated as descending.
// these are equivalent
query.sort({ field: 'asc', test: -1 });
query.sort('field -test');
Cannot be used with distinct()
.
Sets the readPreference option for the query.
mquery().read('primary')
mquery().read('p') // same as primary
mquery().read('primaryPreferred')
mquery().read('pp') // same as primaryPreferred
mquery().read('secondary')
mquery().read('s') // same as secondary
mquery().read('secondaryPreferred')
mquery().read('sp') // same as secondaryPreferred
mquery().read('nearest')
mquery().read('n') // same as nearest
mquery().setReadPreference('primary') // alias of .read()
primary
- (default) Read from primary only. Operations will produce an error if primary is unavailable. Cannot be combined with tags.secondary
- Read from secondary if available, otherwise error.primaryPreferred
- Read from primary if available, otherwise a secondary.secondaryPreferred
- Read from a secondary if available, otherwise read from the primary.nearest
- All operations read from among the nearest candidates, but unlike other modes, this option will include both the primary and all secondaries in the random selection.Aliases
p
primarypp
primaryPreferreds
secondarysp
secondaryPreferredn
nearestTo keep the separation of concerns between mquery
and your driver
clean, mquery#read()
no longer handles specifying a second tags
argument as of version 0.5.
If you need to specify tags, pass any non-string argument as the first argument.
mquery
will pass this argument untouched to your collections methods later.
For example:
// example of specifying tags using the Node.js driver
var ReadPref = require('mongodb').ReadPreference;
var preference = new ReadPref('secondary', [{ dc:'sf', s: 1 },{ dc:'ma', s: 2 }]);
mquery(...).read(preference).exec();
Read more about how to use read preferences here and here.
Sets the readConcern option for the query.
// local
mquery().readConcern('local')
mquery().readConcern('l')
mquery().r('l')
// available
mquery().readConcern('available')
mquery().readConcern('a')
mquery().r('a')
// majority
mquery().readConcern('majority')
mquery().readConcern('m')
mquery().r('m')
// linearizable
mquery().readConcern('linearizable')
mquery().readConcern('lz')
mquery().r('lz')
// snapshot
mquery().readConcern('snapshot')
mquery().readConcern('s')
mquery().r('s')
local
- The query returns from the instance with no guarantee guarantee that the data has been written to a majority of the replica set members (i.e. may be rolled back). (MongoDB 3.2+)available
- The query returns from the instance with no guarantee guarantee that the data has been written to a majority of the replica set members (i.e. may be rolled back). (MongoDB 3.6+)majority
- The query returns the data that has been acknowledged by a majority of the replica set members. The documents returned by the read operation are durable, even in the event of failure. (MongoDB 3.2+)linearizable
- The query returns data that reflects all successful majority-acknowledged writes that completed prior to the start of the read operation. The query may wait for concurrently executing writes to propagate to a majority of replica set members before returning results. (MongoDB 3.4+)snapshot
- Only available for operations within multi-document transactions. Upon transaction commit with write concern "majority", the transaction operations are guaranteed to have read from a snapshot of majority-committed data. (MongoDB 4.0+)Aliases
l
locala
availablem
majoritylz
linearizables
snapshotRead more about how to use read concern here.
Sets the writeConcern option for the query.
This option is only valid for operations that write to the database:
deleteOne()
deleteMany()
findOneAndDelete()
findOneAndUpdate()
updateOne()
updateMany()
mquery().writeConcern(0)
mquery().writeConcern(1)
mquery().writeConcern({ w: 1, j: true, wtimeout: 2000 })
mquery().writeConcern('majority')
mquery().writeConcern('m') // same as majority
mquery().writeConcern('tagSetName') // if the tag set is 'm', use .writeConcern({ w: 'm' }) instead
mquery().w(1) // w is alias of writeConcern
writeConcern({ w: <value>
, j: <boolean>
, wtimeout: <number>
}`)
Can be break down to use the following syntax:
mquery().w(<value>
).j(<boolean>
).wtimeout(<number>
)
Read more about how to use write concern here
Sets the slaveOk option. true
allows reading from secondaries.
deprecated use read() preferences instead if on mongodb >= 2.2
query.slaveOk() // true
query.slaveOk(true)
query.slaveOk(false)
Sets tailable option.
mquery().tailable() <== true
mquery().tailable(true)
mquery().tailable(false)
Cannot be used with distinct()
.
Specifies a time limit, in milliseconds, for the write concern. If w > 1
, it is maximum amount of time to
wait for this write to propagate through the replica set before this operation fails. The default is 0
, which means no timeout.
This option is only valid for operations that write to the database:
deleteOne()
deleteMany()
findOneAndDelete()
findOneAndUpdate()
updateOne()
updateMany()
Defaults to wtimeout
value if it is specified in writeConcern
mquery().wtimeout(2000)
mquery().wTimeout(2000)
Sets the querys collection.
mquery().collection(aCollection)
Executes the query and returns a promise which will be resolved with the query results or rejected if the query responds with an error.
mquery().find(..).then(success, error);
This is very useful when combined with co or koa, which automatically resolve promise-like objects for you.
co(function*(){
var doc = yield mquery().findOne({ _id: 499 });
console.log(doc); // { _id: 499, name: 'amazing', .. }
})();
NOTE:
The returned promise is a bluebird promise but this is customizable. If you want to
use your favorite promise library, simply set mquery.Promise = YourPromiseConstructor
.
Your Promise
must be promises A+ compliant.
Merges other mquery or match condition objects into this one. When an mquery instance is passed, its match conditions, field selection and options are merged.
const drum = mquery({ type: 'drum' }).collection(instruments);
const redDrum = mquery({ color: 'red' }).merge(drum);
const n = await redDrum.count();
console.log('there are %d red drums', n);
Internally uses mquery.canMerge
to determine validity.
Sets query options.
mquery().setOptions({ collection: coll, limit: 20 })
* denotes a query helper method is also available
Set a function to trace this query. Useful for profiling or logging.
function traceFunction (method, queryInfo, query) {
console.log('starting ' + method + ' query');
return function (err, result, millis) {
console.log('finished ' + method + ' query in ' + millis + 'ms');
};
}
mquery().setTraceFunction(traceFunction).findOne({name: 'Joe'}, cb);
The trace function is passed (method, queryInfo, query)
The trace function should return a callback function which accepts:
NOTE: stream requests are not traced.
Similar to setTraceFunction()
but automatically applied to all queries.
mquery.setTraceFunction(traceFunction);
Determines if conditions
can be merged using mquery().merge()
.
var query = mquery({ type: 'drum' });
var okToMerge = mquery.canMerge(anObject)
if (okToMerge) {
query.merge(anObject);
}
MongoDB 2.4 introduced the $geoWithin
operator which replaces and is 100% backward compatible with $within
. As of mquery 0.2, we default to using $geoWithin
for all within()
calls.
If you are running MongoDB < 2.4 this will be problematic. To force mquery
to be backward compatible and always use $within
, set the mquery.use$geoWithin
flag to false
.
mquery.use$geoWithin = false;
Often times we want custom base queries that encapsulate predefined criteria. With mquery
this is easy. First create the query you want to reuse and call its toConstructor()
method which returns a new subclass of mquery
that retains all options and criteria of the original.
var greatMovies = mquery(movieCollection).where('rating').gte(4.5).toConstructor();
// use it!
const n = await greatMovies().count();
console.log('There are %d great movies', n);
const docs = await greatMovies().where({ name: /^Life/ }).select('name').find();
console.log(docs);
Method and options combinations are checked for validity at runtime to prevent creation of invalid query constructs. For example, a distinct
query does not support specifying options like hint
or field selection. In this case an error will be thrown so you can catch these mistakes in development.
Debug mode is provided through the use of the debug module. To enable:
DEBUG=mquery node yourprogram.js
Read the debug module documentation for more details.
mquery
clones query arguments before passing them to a collection
method for execution.
This prevents accidental side-affects to the objects you pass.
To clone ObjectIds
we need to make some assumptions.
First, to check if an object is an ObjectId
, we check its constructors name. If it matches either
ObjectId
or ObjectID
we clone it.
To clone ObjectIds
, we call its optional clone
method. If a clone
method does not exist, we fall
back to calling new obj.constructor(obj.id)
. We assume, for compatibility with the
Node.js driver, that the ObjectId
instance has a public id
property and that
when creating an ObjectId
instance we can pass that id
as an argument.
mquery
supports specifying Read Preferences to control from which MongoDB node your query will read.
The Read Preferences spec also support specifying tags. To pass tags, some
drivers (Node.js driver) require passing a special constructor that handles both the read preference and its tags.
If you need to specify tags, pass an instance of your drivers ReadPreference constructor or roll your own. mquery
will store whatever you provide and pass later to your collection during execution.
npm install mquery
FAQs
Expressive query building for MongoDB
The npm package mquery receives a total of 1,566,593 weekly downloads. As such, mquery popularity was classified as popular.
We found that mquery demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.