Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The db-contrib-tool
- MongoDB's tools for contributors.
The command line tool with various subcommands:
bisect
setup-repro-env
symbolize
mongod
and mongos
binaries compiled in Evergreen, including patch builds, mainline builds, and release/production builds.Make sure dependencies are installed. Use pipx to install db-contrib-tool that will be available globally on your machine:
python3 -m pip install pipx
python3 -m pipx ensurepath
Installing db-contrib-tool:
python3 -m pipx install db-contrib-tool
Upgrading db-contrib-tool:
python3 -m pipx upgrade db-contrib-tool
In case of installation errors, some of them may be related to pipx and could be fixed by re-installing pipx.
Removing pipx completely (WARNING! This will delete everything that is installed and managed by pipx):
python3 -m pip uninstall pipx
rm -rf ~/.local/pipx # in case you're using the default pipx home directory
Now you can try to install again from scratch.
Print out help message:
db-contrib-tool --help
For more information see description section.
This project uses poetry for dependency management.
poetry install
Some subcommands like bisect
and symbolize
could be tested from the db-contrib-tool repo root:
poetry run db-contrib-tool --help
For setup-repro-env
some features can also be tested from the db-contrib-tool repo root,
but full features are available when running from mongo repo root.
See testing changes locally section.
poetry run ruff format
poetry run ruff check
poetry run pytest
This project has pre-commit configured. Pre-commit will run
configured checks at git commit time.
To enable pre-commit on your local repository run:
poetry run pre-commit install
To run pre-commit manually:
poetry run pre-commit run
This tool is used to help run tests in the mongodb/mongo repository. On occasion, it may be desirable to run a mongodb-mongo-* patch build with in-flight changes to this repository. The following steps can be taken to accomplish that.
Create a branch with the changes you wish to test.
Push the branch to the origin repository: git push -u origin <branch_name>
.
In the "mongo" repository, edit the evergreen/prelude_db_contrib_tool.sh to install from the git repository instead of from pypi:
pipx install "git+ssh://git@github.com/10gen/db-contrib-tool.git@<branch_name>" || exit 1
Create a patch build.
The patch build should now pull down the changes from your branch instead of using the published db-contrib-tool.
Note: Since the db-contrib-tool is pulled from your branch, if you need to make additional changes to the tool, you can just push to the branch and then restart the desired tasks. There is no need to create an additional patch build unless you also need to make updates to the mongo repository.
Pipx installation recommendations can be found in installation section.
The tool can be installed via pipx from your local repo:
python3 -m pipx install /path/to/db-contrib-tool/repo/root/dir
If the tool is already installed you can force install an updated version using --force flag:
python3 -m pipx install --force /path/to/db-contrib-tool/repo/root/dir
After these steps you can run in-development version of db-contrib-tool from any directory:
db-contrib-tool --help
This project uses semver for versioning.
Please include a description what is added for each new version in CHANGELOG.md
.
This projects uses GitHub PRs for code reviews. You should assign any reviewers you would like to look at the PR to it.
This project uses the GitHub merge queue. Click "Merge when ready" as soon as you'd like.
Deployment to pypi is done by deploy
task of db-contrib-tool
project in Evergreen.
A new version in Evergreen is created on merges to main
branch.
FAQs
The `db-contrib-tool` - MongoDB's tool for contributors.
We found that db-contrib-tool demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.