Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
❤ It works both in Node or in the browser.
⭐ this repo if you like this package, it helps to motivate me :)
👉 See it in action with pg-mem playground
As always, it starts with an:
npm i pg-mem --save
Then, assuming you're using something like webpack, if you're targeting a browser:
import { newDb } from "pg-mem";
const db = newDb();
db.public.many(/* put some sql here */);
Pretty straightforward :)
import { newDb } from "https://deno.land/x/pg_mem/mod.ts";
const db = newDb();
db.public.many(/* put some sql here */);
❤ Head to the pgsql-ast-parser repo
The sql syntax parser is home-made. Which means that some features are not implemented, and will be considered as invalid syntaxes.
This lib is quite new, so forgive it if some obvious pg syntax is not supported !
... And open an issue if you feel like a feature should be implemented :)
Moreover, even if I wrote hundreds of tests, keep in mind that this implementation is a best effort to replicate PG. Keep an eye on your query results if you perform complex queries. Please file issues if some results seem incoherent with what should be returned.
Finally, I invite you to read the below section to have an idea of you can or cannot do.
pg-mem
uses immutable data structures (here and here),
which means that you can have restore points for free!
This is super useful if you intend to use pg-mem
to mock your database for unit tests.
You could:
backup.restore()
before each test (which instantly resets db to the state it has after creating the restore point)Usage:
const db = newDb();
db.public.none(`create table test(id text);
insert into test values ('value');`);
// create a restore point & mess with data
const backup = db.backup();
db.public.none(`update test set id='new value';`);
// restore it !
backup.restore();
db.public.many(`select * from test`); // => {test: 'value'}
You can declare custom functions like this:
db.public.registerFunction({
name: "say_hello",
args: [DataType.text],
returns: DataType.text,
implementation: (x) => "hello " + x,
});
And then use them like in SQL select say_hello('world')
.
Custom functions support overloading and variadic arguments.
⚠ However, the value you return is not type checked. It MUST correspond to the datatype you provided as 'returns' (it won't fail if not, but could lead to weird bugs).
Not all pg types are implemented in pg-mem. That said, most of the types are often equivalent to other types, with a format validation. pg-mem provides a way to register such types.
For instance, lets say you'd like to register the MACADDR type, which is basically a string, with a format constraint.
You can register it like this:
db.public.registerEquivalentType({
name: "macaddr",
// which type is it equivalent to (will be able to cast it from it)
equivalentTo: DataType.text,
isValid(val: string) {
// check that it will be this format
return isValidMacAddress(val);
},
});
Doing so, you'll be able to do things such as:
SELECT '08:00:2b:01:02:03:04:05'::macaddr; -- WORKS
SELECT 'invalid'::macaddr; -- will throw a conversion error
If you feel your implementation of a type matches the standard, and would like to include it in pg-mem for others to enjoy it, please consider filing a pull request ! (tip: see the INET type implementation as an example, and the pg_catalog index where supported types are registered)
No native extension is implemented (pull requests are welcome), but you can define kind-of extensions like this:
db.registerExtension("my-ext", (schema) => {
// install your ext in 'schema'
// ex: schema.registerFunction(...)
});
Statements like create extension "my-ext"
will then be supported.
pg-mem provides handy shortcuts to create instances of popular libraries that will be bound to pg-mem instead of a real postgres db.
If you would like to hook your database, and return ad-hoc results, you can do so like this:
const db = newDb();
db.public.interceptQueries((sql) => {
if (sql === "select * from whatever") {
// intercept this statement, and return something custom:
return [{ something: 42 }];
}
// proceed to actual SQL execution for other requests.
return null;
});
You can manually inspect a table content using the find()
method:
for (const item of db.public.getTable<TItem>("mytable").find(itemTemplate)) {
console.log(item);
}
If you'd like to insert items manually into a table, you can do this like that:
db.public.getTable<TItem>('mytable').insert({ /* item to insert */ }))
You can subscribe to some events, like:
const db = newDb();
// called on each successful sql request
db.on("query", (sql) => {});
// called on each failed sql request
db.on("query-failed", (sql) => {});
// called on schema changes
db.on("schema-change", () => {});
// called when a CREATE EXTENSION schema is encountered.
db.on("create-extension", (ext) => {});
pg-mem
implements a basic support for indices.
These handlers are called when a request cannot be optimized using one of the created indices.
However, a real postgres instance will be much smarter to optimize its requests... so when pg-mem
says "this request does not use an index", dont take my word for it.
// called when a table is iterated entirely (ex: 'select * from data where notIndex=3' triggers it)
db.on('seq-scan', () => {});
// same, but on a specific table
db.getTable('myTable').on('seq-scan', () = {});
// will be called if pg-mem did not find any way to optimize a join
// (which leads to a O(n*m) lookup with the current implementation)
db.on('catastrophic-join-optimization', () => {});
Detailed answers in the wiki
numeric(x,y)
could not behave as expected.Pull requests are welcome :)
To start hacking this lib, you'll have to:
npm start
... once done, tests should appear. HMR is on, which means that changes in your code are instantly propagated to unit tests. This allows for ultra fast development cycles (running tests takes less than 1 sec).
To debug tests: Just hit "run" (F5, or whatever)... VS Code should attach the mocha worker. Then run the test you want to debug.
Alternatively, you could just run npm run test
without installing anything, but this is a bit long.
FAQs
A memory version of postgres
The npm package pg-mem receives a total of 58,374 weekly downloads. As such, pg-mem popularity was classified as popular.
We found that pg-mem demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.