Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
pg-introspection
Advanced tools
A strongly-typed PostgreSQL introspection library for PostgreSQL built automatically from the PostgreSQL system catalog documentation, with the TypeScript documentation for each attribute/type also pulled from the PostgreSQL documentation for easy reference directly in your editor.
To help us develop this software sustainably under the MIT license, we ask all individuals and businesses that use it to help support its ongoing maintenance and development via sponsorship.
And please give some love to our featured sponsors 🤩:
Surge * | The Guild * | Dovetail * | Qwick * |
Netflix * | Chad Furman * | Enzuzo * | Stellate * |
* Sponsors the entire Graphile suite
Issue the makeIntrospectionQuery()
SQL query to your database, then feed the
first row's introspection
field into parseIntrospectionResults()
to get your
strongly typed introspection results.
Example usage with pg
module:
import {
makeIntrospectionQuery,
parseIntrospectionResults,
} from "pg-introspection";
import { Pool } from "pg";
const pool = new Pool({
connectionString: "postgres://localhost:5432/my_database",
});
async function main() {
const sql = makeIntrospectionQuery();
const { rows } = await pool.query(sql);
const introspection = parseIntrospectionResults(row[0].introspection);
console.log(
`The ${introspection.database.datname} DBA is ${
introspection.database.getDba()?.rolname ?? "-"
}`,
);
}
main();
Into the introspection results we mix "accessor" functions to make following relationships easier. Note that these functions are typically evaluated lazily - the first time you call them they may need to do an expensive lookup (e.g. finding the relevant record from the list of records) but they cache the result so that the next call will be near-instant.
Examples:
const myTable = introspection.classes.find((rel) => rel.relname === "my_table");
const myTableAttributes = myTable.getAttributes();
const myColumn = myTable.getAttribute({ name: "my_column" });
const myColumnDescription = myColumn.getDescription();
You can use the TypeScript autocompletion to see what accessors are available,
or look in the index.ts
file.
Using the PostgreSQL column names is by design, even though some are hard to read if you're not familiar with the system catalog.
We use _id
rather than oid
because older versions of PostgreSQL did not
explicitly list the oid
columns when you select * from
so we explicitly list
them among the selection set.
FAQs
Strongly typed PostgreSQL introspection library
The npm package pg-introspection receives a total of 2,880 weekly downloads. As such, pg-introspection popularity was classified as popular.
We found that pg-introspection demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.