Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Realm by MongoDB is an offline-first mobile database: an alternative to SQLite and key-value stores
[!NOTE] Realm is now Atlas Device SDK - Learn More
Realm is a mobile database that runs directly inside phones, tablets or wearables. This project hosts the JavaScript & TypeScript implementation of Realm. Currently, we support React Native (JSC & Hermes on iOS & Android), Node.js and Electron (on Windows, MacOS and Linux).
The Atlas Device SDKs are a collection of language and platform specific SDKs, each with a suite of app development tools optimized for data access and persistence on mobile and edge devices. Use the SDKs to build data-driven mobile, edge, web, desktop, and IoT apps.
It might help to think of the Realm database as the persistance layer of the Atlas Device SDKs.
Please see the detailed instructions in our docs to use Atlas Device SDK for Node.js and Atlas Device SDK for React Native. Please notice that currently only Node.js version 18 or later is supported. For React Native users, we have a compatibility matrix showing which versions are supported.
The documentation for the Atlas Device SDK for React Native can be found at mongodb.com/docs/atlas/device-sdks/sdk/react-native/. The documentation for the Atlas Device SDK for Node.js can be found at mongodb.com/docs/atlas/device-sdks/sdk/node/.
The API reference is located at docs.mongodb.com/realm-sdks/js/latest/.
If you are using React Native, please also take a look the README for @realm/react
, which provides React hooks to make working with Realm easier.
TypeScript is a popular alternative to pure JavaScript as it provide static typing. Our TypeScript support consists of two parts
@realm/babel-plugin
to transform TypeScript classes to Realm schemas. An example of a model class is:class Task extends Realm.Object<Task, "description"> {
_id = new Realm.BSON.ObjectId();
description!: string;
@index
isComplete = false;
static primaryKey = "_id";
constructor(realm, description: string) {
super(realm, { description });
}
}
The Atlas Device SDK for React Native provides persistence of objects and advanced queries for persisted objects. You can have easier integration with React Native by using @realm/react
.
We have TypeScript templates to help you get started using Realm. Follow the links to your desired template and follow the instructions there to get up and running fast.
See CONTRIBUTING.md for more details!
Debug with Chrome
in the Debug Menu.For instructions on building the SDK from the source, see the building.md file.
It's possible after installing and running Realm that one encounters the error Could not find the Realm binary
. Here are are some tips to help with this.
Consult our COMPATIBILITY.md
to ensure you are running compatible version of realm
with the supported versions of node
, react-native
or expo
.
Typically this error occurs when the pod dependencies haven't been updating. Try running the following command
npx pod-install
If that still doesn't help it's possible there are some caching errors with your build or your pod dependencies. The following commands can be used to safely clear these caches:
rm -rf ios/Pods
rm ios/Podfile.lock
rm -rf ~/Library/Developer/Xcode/DerivedData
Afterwards, reinstall pods and try again. If this still doesn't work, ensure that node_modules/realm/react-native/ios/realm-js-ios.xcframework
exists and contains a binary for your architecture. If this is missing, try reinstalling the `realm`` npm package.
This can occur when installing realm
and not performing a clean build. The following commands can be used to clear your cache:
cd android
./gradlew clean
Afterwards, try and rebuild for Android. If you are still encountering problems, ensure that node_moduels/realm/react-native/android/src/main/jniLibs
contains a realm binary for your architecture. If this is missing, try reinstalling the realm
npm package.
If you are using Expo, a common pitfall is not installing the expo-dev-client
and using the Development Client specific scripts to build and run your React Native project in Expo. The Development Client allows you to create a local version of Expo Go which includes 3rd party libraries such as Realm. If you would like to use realm
in an Expo project, the following steps can help.
expo-dev-client
:
npm install expo-dev-client
npx expo run:ios
npx expo run:android
npx expo start --dev-client
When running npm install realm
the realm binaries for the detected architecture are downloaded into node_modules/realm/prebuilds
. If this directory is missing or empty, ensure that there weren't any network issues reported on installation.
Asynchronously submits install information to Realm.
Why are we doing this? In short, because it helps us build a better product
for you. None of the data personally identifies you, your employer or your
app, but it will help us understand what language you use, what Node.js
versions you target, etc. Having this info will help prioritizing our time,
adding new features and deprecating old features. Collecting an anonymized
application path & anonymized machine identifier is the only way for us to
count actual usage of the other metrics accurately. If we don’t have a way to
deduplicate the info reported, it will be useless, as a single developer
npm install
-ing the same app 10 times would report 10 times more than another
developer that only installs once, making the data all but useless.
No one likes sharing data unless it’s necessary, we get it, and we’ve
debated adding this for a long long time. If you truly, absolutely
feel compelled to not send this data back to Realm, then you can set an env
variable named REALM_DISABLE_ANALYTICS
.
Currently the following information is reported:
Moreover, we unconditionally write various constants to a file which we might use at runtime.
This project adheres to the MongoDB Code of Conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to community-conduct@mongodb.com.
Realm JS and Realm Core are published under the Apache License 2.0.
If you use Realm and are happy with it, all we ask is that you please consider sending out a tweet mentioning @realm to share your thoughts
And if you don't like it, please let us know what you would like improved, so we can fix it!
Made with contrib.rocks.
12.10.0-rc.0 (2024-05-31)
counter
presentation data type has been introduced. The int
data type can now be used as a logical counter for performing numeric updates that need to be synchronized as sequentially consistent events rather than individual reassignments of the number. (#6694)
class MyObject extends Realm.Object {
_id!: BSON.ObjectId;
counter!: Realm.Types.Counter;
static schema: ObjectSchema = {
name: "MyObject",
primaryKey: "_id",
properties: {
_id: { type: "objectId", default: () => new BSON.ObjectId() },
counter: "counter",
// or: counter: { type: "int", presentation: "counter" },
},
};
}
const realm = await Realm.open({ schema: [MyObject] });
const object = realm.write(() => {
return realm.create(MyObject, { counter: 0 });
});
realm.write(() => {
object.counter.increment();
object.counter.value; // 1
object.counter.decrement(2);
object.counter.value; // -1
});
FAQs
Realm by MongoDB is an offline-first mobile database: an alternative to SQLite and key-value stores
The npm package realm receives a total of 28,930 weekly downloads. As such, realm popularity was classified as popular.
We found that realm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.