Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
var YourModelClass = odm.model(...)
model function arguments are:
If mongoCollection is not defined this is a embedded model (meaning that is a model that can be part of other models).
l2Cache can only be defined if mongoCollection is defined and is optional.
Schema must always be present.
Schemas are plain JavaScript Objects describing the fields of the model. The formal is:
{fieldName: Type}
Field names must adhere to MongoDB naming convention, therefore names starting with $ are not allowed. any other name is allowed.
Recognized types are:
[]
(Arrays)ObjectId and Binary are mongoDB specific you can get the Object type from the odm module exports.
Arrays can take any of supported types, for example an Array of Strings would be defined as [
String]
.
Specials are for cases you need to control what gets stored on MongoDB, in this case you need to pass a function that validates the values. This function has the following signature:
function (value): value
Every model has a set of common methods, some at class level and some at intance level. The methods at class level are:
Instance level methods:
Fields and options are always optional. Callbacks have always the following format:
function(error, result): void
Embedded documents also have the same method definition with the exception that if you try to save, update or delete you will get an error since it is not allowed to save the embedded document (because only its parent is stored).
reload is a helper method that always fetches the latest model from the database, updating the cache if enabled. Once the method completes the original object is updated with the latest values from the DB.
loadDbRef is an extension to the mongodb API, it allows to quickly load a Id or array of Ids, the functionality is that the response array will have the same length as the ids array and the result will be in the same order. Because of this the complexity of this call is O(2n), the bigger the array the longer it will take.
Internal arrays of Objects mock the behavior of mongoDB, in other words internal arrays have the following methods:
Mofifying a array element modified the underlying document. On top of this the arrays have 3 extra helper methods:
Using these 3 methods will make sure the objects being returned are instantiated as defined in the schema. If you decide
to use indexes e.g.: array[
i]
then you will only get the json object due to limitation of javascript now allowing me
to overwrite the indexing function.
Since array finders are simplified versions of the mongo finder, you can only search for equality, not equality and in/not in array.
{field: value_to_match}
{field: {$ne: value_not_to_match}}
{field: $in: [element1, element2]}}
{field: $nin: [element1, element2]}}
Since arrays are plain extensions of JavaScript arrays you have all the other array functions available such as splice, some, etc....
Embedded Documents behave just like other documents but have one extra property:
$parent
This property allows an embedded document to reference its parent document, it is only set if a document is created from
an ODM call, if you create a embedded document object with new
the property will not be available (unless you create
the full top level object).
Models and embedded documents can be checked if they contain a specific property using the same signature as the Object object.
model.hasOwnPropery(property_name)
returns True if the property_name is present
If the Object has any properties can be checked with:
model.isEmpty()
undefined Arrays and Object properties are always initialized to [``]
|{} on get
FAQs
ODM mongodb library for node.js
The npm package p-odm receives a total of 21 weekly downloads. As such, p-odm popularity was classified as not popular.
We found that p-odm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.