Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Reqlite is an implementation of a ReQL server in JavaScript. Meaning that you can connect to reqlite with the RethinkDB driver and send queries (create a table, insert documents, filter them, open a chanfeed etc.
./bin/reqlite
Most of the methods work. There are currently 2000+ tests passing.
The main reasons why this project was started were:
It currently tries to match RethinkDB 2.2.x.
Most of the tests run queries against RethinkDB and reqlite at the same time, and compare the output.
Start RethinkDB on port 28015
rethinkdb
And reqlite on port 28016
:
node ./lib/node.js --port-offset 1
If you are developing on reqlite, you may want to use
nodemon lib/node.js -- -L --port-offset 1 --debug
Then run:
npm test
Run in the reqlite repository:
npm run browserify
You then need a driver to connect to reqlite. Clone rethinkdbdash and run:
npm run browserify
Note: The official JavaScript driver currently doesn't work with reqlite because it cannot use a fake tcp connection (yet).
Import rethinkdbdash.js
and reqlite.js
in your page. Then you can write:
var Reqlite = require('reqlite');
// You cannot use a pool with reqlite
var r = require('rethinkdbdash')({pool: false});
var server = new Reqlite();
// This simulate a fake tcp connection
var fakeTcpConnection = server.createConnection();
// Create a rethinkdbdash connection by providing the fake tcp connection
r.connect({
connection: fakeTcpConnection
}).bind({}).then(function(connection) {
return r.expr('Ok').run(connection);
}).then(function(result) {
// result === 'Ok'
}).error(function(error) {
// Handle error
});
There are tons of things left to do! See the issues tracker
Mostly Michel Tu, but hopefully people will love this project and send tons of pull requests!
See CONTRIBUTING.md, don't be shy :)
Huge thanks to the contributors
Michel Tu:
MIT, see the LICENSE FILE
This is a personal project and has nothing to do with my current employer (whoever that is) or a previous one (whoever that is).
FAQs
Reqlite - RethinkDB in JavaScript =====
The npm package reqlite receives a total of 19 weekly downloads. As such, reqlite popularity was classified as not popular.
We found that reqlite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.