Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
objection
Advanced tools
Objection.js is an ORM (Object-Relational Mapper) for Node.js, built on top of the SQL query builder Knex.js. It aims to provide a powerful and flexible way to interact with SQL databases using JavaScript, while maintaining a clean and intuitive API.
Model Definition
Defines a model class that maps to a database table. In this example, the `Person` class represents the `persons` table in the database.
const { Model } = require('objection');
class Person extends Model {
static get tableName() {
return 'persons';
}
}
Querying
Performs a query to fetch all persons older than 30 years. Objection.js provides a fluent API for building SQL queries.
const people = await Person.query().where('age', '>', 30);
Relations
Defines relationships between models. In this example, a `Person` can have many `Animal` pets, establishing a one-to-many relationship.
class Person extends Model {
static get tableName() {
return 'persons';
}
static get relationMappings() {
const Animal = require('./Animal');
return {
pets: {
relation: Model.HasManyRelation,
modelClass: Animal,
join: {
from: 'persons.id',
to: 'animals.ownerId'
}
}
};
}
}
Eager Loading
Fetches related data in a single query. This example fetches persons along with their pets using eager loading.
const peopleWithPets = await Person.query().withGraphFetched('pets');
Validation
Defines a JSON schema for model validation. This example ensures that `firstName` and `lastName` are required fields and must be strings of a certain length.
class Person extends Model {
static get jsonSchema() {
return {
type: 'object',
required: ['firstName', 'lastName'],
properties: {
id: { type: 'integer' },
firstName: { type: 'string', minLength: 1, maxLength: 255 },
lastName: { type: 'string', minLength: 1, maxLength: 255 }
}
};
}
}
Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite, and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication, and more. Compared to Objection.js, Sequelize has a more extensive feature set but can be more complex to use.
TypeORM is an ORM for TypeScript and JavaScript (ES7, ES6, ES5). It supports many database systems including MySQL, MariaDB, PostgreSQL, SQLite, and more. TypeORM is known for its strong TypeScript support and decorators, making it a good choice for TypeScript projects. It offers similar functionalities to Objection.js but with a different API style.
Bookshelf.js is a JavaScript ORM for Node.js, built on top of the Knex.js SQL query builder. It provides a simple and straightforward way to interact with SQL databases. Bookshelf.js is similar to Objection.js in that both are built on Knex.js, but Bookshelf.js has a more minimalistic approach.
Objection.js is an ORM for Node.js that aims to stay out of your way and make it as easy as possible to use the full power of SQL and the underlying database engine while still making the common stuff easy and enjoyable.
Even though ORM is the best commonly known acronym to describe objection, a more accurate description is to call it a relational query builder. You get all the benefits of an SQL query builder but also a powerful set of tools for working with relations.
Objection.js is built on an SQL query builder called knex. All databases supported by knex are supported by objection.js. SQLite3, Postgres and MySQL are thoroughly tested.
What objection.js gives you:
What objection.js doesn't give you:
The best way to get started is to clone our example project and start playing with it. There's also a typescript version available.
Check out this issue to see who is using objection and what they think about it.
Shortcuts:
FAQs
An SQL-friendly ORM for Node.js
The npm package objection receives a total of 113,853 weekly downloads. As such, objection popularity was classified as popular.
We found that objection demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.