Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
slite-change
Advanced tools
A simple change management system for SQLite3 written in pure JavaScript/TypeScript.
A simple change management system for SQLite3 written in pure JavaScript/TypeScript. This is for on server programs like backend services or utilities.
From within your project directory were package.json
is found, simply run this.
npm install slite-change
This library reads a sequence of SQL files and applies those as changes to an SQLite3 database.
Only new changes are applied. A change log table maintains the tracking of what changes are already applied.
Change files are simple SQL, because XML sucks!
Each change must begin with a comment line starting with --changeset <Author Name>:<change ID>
Each change set file is read in order of directory listing. Change ID values are integers. They must never repeat. They are applied in order as they are found with the changeset file.
NOTE: Always start the SQL with BEGIN; and end it with COMMIT;. This provides transactions so that no changes are made if there is an error in the SQL.
This is an example of a simple change set.
--changeset Royce:1
BEGIN;
CREATE TABLE 'users' (
'id' int NOT NULL,
'firstname' VARCHAR(50),
'lastname' VARCHAR(50),
'username' VARCHAR(50),
'passwd' VARCHAR(50),
'emailAddress' VARCHAR(50),
PRIMARY KEY ('id'));
-- Coment lines are supported
INSERT INTO 'users' (id, firstname, lastname, username, passwd, emailAddress) VALUES (0, 'admin', 'admin', 'admin', 'password', 'roo@localhost');
CREATE TABLE 'config' (
'parameter' VARCHAR(45) NULL,
'value' VARCHAR(45) NULL,
PRIMARY KEY ('parameter'));
INSERT INTO 'config' ('parameter','value') VALUES ('db_version', '1');
COMMIT;
Once a change set has been appled to a database, no more changes should be made to that change ID
, additional changes should be
added to a new changeset file with the next value of change ID
.
Example changes can be found in db-changes
Put SQL files into a resources directory and create an instance of slite-change with the arguments of the DB instance and change directory.
import SliteChange from 'slite-change';
...
this.Sql = new sqlite.Database('my_database.db', (err) => {
if (err) {
console.log('Could not connect to database', err)
} else {
console.log('Connected to database');
new SliteChange(this.Sql, './src/resources/db-changes/', (ReturnMsg) => {
if(ReturnMsg != '') {
console.log('Error: %s', ReturnMsg);
}
});
}
});
Sqlite does not support stored procedures but slite-change does. Stored procedures are written to the SQL files and can be called using the tag @Procedure followed by the function name and arguments to be passed to the function.
@Procedure AddUser guest guest guest guest guest
import SliteChange from 'slite-change';
...
this.Sql = new sqlite.Database('my_database.db', (err) => {
if (err) {
console.log('Could not connect to database', err)
} else {
console.log('Connected to database');
new SliteChange(this.Sql, './src/resources/db-changes/', (ReturnMsg) => {
if(ReturnMsg != '') {
console.log('Error: %s', ReturnMsg);
}
});
}
}, [
{ procName: 'AddUser', procFunc: (args: string) => { this.AddUser(args); } }
]);
...
private AddUser(args: string) {
let argsArray = args.split(' ');
this.Sql.all('INSERT INTO users (firstname, lastname, username, password, emailAddress) \
VALUES (?, ?, ?, ?, ?)', argsArray, (error) => {
if(error) {
console.error(error.message);
}
});
}
Send emails to osgnuru@gmail.com
Buttons generated by Shields IO
Anyone is welcome to fork this project on GitLab slite-change
Submit a pull request and it will be reviewed.
SQLite3 team!!! 🍺🍺🍺
Copyright (C) 2021 Silicon Tao Technology Systems
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; GPL-2.0-only.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to
Free Software Foundation
51 Franklin Street, Fifth Floor
Boston, MA 02110
USA
This is a new project and the authors first time posting to NPM. If something is not working please send an email to the contact above.
Unit tests have been added to validate features.
One time only install and setup.
npm install --global np
npm i -g typescript -D
npm i -g typings -D
tsc --init
tsc
is configured to compile in package.json
in scripts
.
To compile
tsc
Commit to GitLab.com
git commit
git push
Publishing is done by np
np
To publish a beta version for testing a branch in development.
npm run beta
Testing testing with Mocha. Installing gloabally because the library user will have their own tests.
npm install mocha -g
npm install ts-mocha -g
npm install --save-dev @types/mocha
To run the tests.
npm run tests
# Or as defined in package.json
ts-mocha test/*.spec.ts
FAQs
A simple change management system for SQLite3 written in pure JavaScript/TypeScript.
We found that slite-change demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.