Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
uuid-mongodb
Advanced tools
Generates and parses MongoDB BSON UUIDs. Plays nicely with others including the MongoDB native driver and Mongoose.
Generates and parses BSON UUIDs for use with MongoDB. BSON UUIDs provide better performance than their string counterparts.
Inspired by @srcagency's mongo-uuid
npm install uuid-mongodb
const MUUID = require('uuid-mongodb');
# Create a v1 binary UUID
const mUUID1 = MUUID.v1();
# Create a v4 binary UUID
const mUUID4 = MUUID.v4();
# Print a string representation of a binary UUID
mUUID1.toString()
# Create a binary UUID from a valid uuid string
const mUUID2 = MUUID.from('393967e0-8de1-11e8-9eb6-529269fb1459')
# Create a binary UUID from a MongoDb Binary
# This is useful to get MUUIDs helpful toString() method
const mUUID3 = MUUID.from(/** MongoDb Binary of SUBTYPE_UUID */)
UUIDs may be formatted using the following options:
Format | Description | Example |
---|---|---|
N | 32 digits | 00000000000000000000000000000000 |
D | 32 digits separated by hyphens | 00000000-0000-0000-0000-000000000000 |
B | 32 digits separated by hyphens, enclosed in braces | {00000000-0000-0000-0000-000000000000} |
P | 32 digits separated by hyphens, enclosed in parentheses | (00000000-0000-0000-0000-000000000000) |
example:
const mUUID4 = MUUID.v4();
mUUID1.toString(); // equivalent to `D` separated by hyphens
mUUID1.toString('P'); // enclosed in parens, separated by hypens
mUUID1.toString('B'); // enclosed in braces, separated by hyphens
mUUID1.toString('N'); // 32 digits
uuid-mongodb offers two modes:
The mode is set globally as such:
const mUUID = MUUID.mode('relaxed'); // use relaxed mode
Mode only impacts how JSON.stringify(...)
represents a UUID:
e.g. JSON.stringy(mUUID.v1())
outputs the following:
"DEol4JenEeqVKusA+dzMMA==" // when in 'canonical' mode
"1ac34980-97a7-11ea-8bab-b5327b548666" // when in 'relaxed' mode
Query using binary UUIDs
const uuid = MUUID.from('393967e0-8de1-11e8-9eb6-529269fb1459');
return collection.then(c =>
c.findOne({
_id: uuid,
})
);
Work with binary UUIDs returned in query results
return collection
.then(c => c.findOne({ _id: uuid }))
.then(doc => {
const uuid = MUUID.from(doc._id).toString();
// do stuff
});
snippet:
const insertResult = await collection.insertOne({
_id: MUUID.v1(),
name: 'carmine',
});
snippet:
const kittySchema = new mongoose.Schema({
_id: {
type: 'object',
value: { type: 'Buffer' },
default: () => MUUID.v1(),
},
title: String,
});
snippet:
// Define a simple schema
const kittySchema = new mongoose.Schema({
_id: {
type: 'object',
value: { type: 'Buffer' },
default: () => MUUID.v1(),
},
title: String,
});
// no need for auto getter for _id will add a virtual later
kittySchema.set('id', false);
// virtual getter for custom _id
kittySchema
.virtual('id')
.get(function() {
return MUUID.from(this._id).toString();
})
.set(function(val) {
this._id = MUUID.from(val);
});
const uuid = MUUID.v4();
// save record and wait for it to commit
await new Data({ uuid }).save();
// retrieve the record
const result = await Data.findOne({ uuid });
Currently supports UUID v1 and v4
Thanks goes to these wonderful people (emoji key):
Carmine DiMascio 💻 | Benjamin Dobell 💻 | David Pfeffer 💻 |
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
Generates and parses MongoDB BSON UUIDs. Plays nicely with others including the MongoDB native driver and Mongoose.
The npm package uuid-mongodb receives a total of 5,439 weekly downloads. As such, uuid-mongodb popularity was classified as popular.
We found that uuid-mongodb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.