Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Osmos is a object data mapper (ODM) designed to bridge Node.js apps with any data store that support traditional CRUD operations. It's built on three principles:
Stay out of the way. Osmos is intuitive and largely transparent to developers, and, most of all, doesn't attempt to be “smarter” than its human masters. It can also be easily mocked away for testing without having to write specialized code.
Fail early, and fail loudly. In debug mode, Osmos uses Direct Proxies to trap access to a document; if attempts are made to read or write non-existent fields, an error is immediately thrown to help you and pinpoint common mistakes before they end up in production.
Don't replace developer knowledge. Osmos is designed to be a generic ODM that will work well with just about any data store that supports CRUD operations. However, it is not meant to be an abstraction layer; instead, it assumes that developers know best, and provides only a simple interface that can be easily extended through plugins.
The current version of Osmos supports RethinkDB, MongoDB, MySQL and ElasticSearch, but it should be easy to write drivers for just about any data store—and contributions are warmly welcome! The library also includes a simple, memory-based data store that can be used for testing purposes.
npm install osmos-odm
Note that, in debug mode (which is the default mode), Osmos uses Direct Proxies in order to work. Therefore, you must run your instance of node with the --harmony_proxies
command-line switch. See the docs for information on how to turn off debug mode in production for extra performance.
Using Osmos requires the following steps:
Create a driver instance. A driver instance connects Osmos to a data store. Learn more about drivers.
Install and invoke zero or more plugins. Plugins allow you to extend the functionality provided by Osmos. They are, of course, optional. Learn more about plugins
Define your schemas. A schema describes the structure of a document, and defines how its data is transformed and validated. Learn more about schemas
Define your models. A model applies a schema to data that is extracted from a data store's specific bucket. Learn more about models
CRUD. Models can be used to create, read, update and delete existing document. Two find methods are also supplied. Learn more about documents.
Additional functionality can be also added to Osmos by a plugin or by a driver—for example, to provide access to features of a data store that are not part of the basic CRUD quartet.
Contributions in the form of patches and pull requests are welcome, provided that you also commit to writing covering unit tests. Learn more about contributing.
Version 1.x of the project aims at greatly simplifying its structure by using standard validation based on JSON Schema and applying many of the lessons learned through its use in production. However, it introduces a significant number of backwards-breaking compatibilities; version 0.x is still available in the corresponding branch.
Osmos is still a fairly new project, and bug fixing is the priority, as well as the addition of support for more drivers.
FAQs
A general purpose, strict, simple ORM for Node.js apps
The npm package osmos-odm receives a total of 62 weekly downloads. As such, osmos-odm popularity was classified as not popular.
We found that osmos-odm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.