Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
snowflake-sdk
Advanced tools
The snowflake-sdk npm package is a Node.js driver for connecting to Snowflake, a cloud-based data warehousing service. It allows you to execute SQL queries, manage transactions, and handle various database operations programmatically.
Connecting to Snowflake
This feature allows you to establish a connection to a Snowflake database using the provided account credentials and connection details.
const snowflake = require('snowflake-sdk');
const connection = snowflake.createConnection({
account: 'your_account',
username: 'your_username',
password: 'your_password',
warehouse: 'your_warehouse',
database: 'your_database',
schema: 'your_schema'
});
connection.connect((err, conn) => {
if (err) {
console.error('Unable to connect: ' + err.message);
} else {
console.log('Successfully connected to Snowflake.');
}
});
Executing SQL Queries
This feature allows you to execute SQL queries against the connected Snowflake database and handle the results.
connection.execute({
sqlText: 'SELECT * FROM your_table',
complete: (err, stmt, rows) => {
if (err) {
console.error('Failed to execute statement due to the following error: ' + err.message);
} else {
console.log('Number of rows produced: ' + rows.length);
console.log(rows);
}
}
});
Managing Transactions
This feature allows you to manage transactions by beginning, committing, and rolling back transactions within the Snowflake database.
connection.execute({
sqlText: 'BEGIN TRANSACTION',
complete: (err, stmt, rows) => {
if (err) {
console.error('Failed to begin transaction: ' + err.message);
} else {
console.log('Transaction started.');
// Perform other operations within the transaction
connection.execute({
sqlText: 'COMMIT',
complete: (err, stmt, rows) => {
if (err) {
console.error('Failed to commit transaction: ' + err.message);
} else {
console.log('Transaction committed.');
}
}
});
}
}
});
The pg package is a PostgreSQL client for Node.js. It provides similar functionalities for connecting to and interacting with PostgreSQL databases, including executing SQL queries and managing transactions. However, it is specific to PostgreSQL and does not support Snowflake.
The mysql package is a Node.js client for MySQL databases. It offers similar capabilities for connecting to MySQL databases, executing queries, and managing transactions. Like pg, it is specific to MySQL and does not support Snowflake.
The mssql package is a Microsoft SQL Server client for Node.js. It provides functionalities for connecting to SQL Server databases, executing queries, and managing transactions. It is specific to SQL Server and does not support Snowflake.
NodeJS Driver for Snowflake
:exclamation: | For production-affecting issues related to the driver, please create a case with Snowflake Support. |
---|
Run npm i snowflake-sdk
in your existing NodeJs project.
For detailed documentation and basic usage examples, please see the documentation at NodeJS Driver for Snowflake.
This driver starts supporting the GCS regional endpoint starting from version 2.0.0. Please ensure that any workloads using through this driver below the version 2.0.0 do not require support for regional endpoints on GCP. If you have questions about this, please contact Snowflake Support.
Specify env variables:
export SNOWFLAKE_TEST_USER=<your_user>
export SNOWFLAKE_TEST_PASSWORD=<your_password>
export SNOWFLAKE_TEST_ACCOUNT=<your_account>
export SNOWFLAKE_TEST_WAREHOUSE=<your_warehouse>
export SNOWFLAKE_TEST_DATABASE=<your_database>
export SNOWFLAKE_TEST_SCHEMA=<your_schema>
export SNOWFLAKE_TEST_PROTOCOL=<your_snowflake_protocol>
export SNOWFLAKE_TEST_HOST=<your_snowflake_host>
export SNOWFLAKE_TEST_PORT=<your_snowflake_port>
Run hang webserver:
python3 ci/container/hang_webserver.py 12345 &
Run unit tests:
npm test
or
npm run test:unit
To run a single test file use test:single
script, e.g. run tests in test/unit/snowflake_test.js
only:
npm run test:single -- test/unit/snowflake_test.js
Run integration tests:
npm run test:integration
Specify env variables:
export RUN_MANUAL_TESTS_ONLY=true
export SNOWFLAKE_TEST_OKTA_USER=<your_okta_user>
export SNOWFLAKE_TEST_OKTA_PASS=<your_okta_password>
export SNOWFLAKE_TEST_OKTA_AUTH=<your_okta_auth>
export SNOWFLAKE_TEST_OAUTH_TOKEN=<your_oauth_accesstoken>
export SNOWFLAKE_TEST_BROWSER_USER=<your_browser_user>
Run manual connection test for different authenticators
npm run test:manual
Run tests and show code coverage report
npm run test:ci:coverage
The npm package can be built by the command:
npm pack
Note it is not required to build a package to run tests blow.
Check formatting on all files:
npm run lint:check:all
Check formatting of single file or directory e.g. test/unit/snowflake_test.js
:
npm run lint:check -- test/unit/snowflake_test.js
Fix potentially fixable formatting errors and warnings of single file or directory e.g. test/unit/logger
:
npm run lint:fix -- test/unit/logger
FAQs
Node.js driver for Snowflake
We found that snowflake-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.