Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
Sorry we don't scan binary artifacts yet
- Maintainers
- 3
db-contrib-tool
The db-contrib-tool - MongoDB's tools for contributors.
Table of contents
Description
The command line tool with various subcommands:
bisect- README.md
- performs an evergreen-aware git-bisect to find the 'last passing version' and 'first failing version' of mongo
setup-repro-env- README.md
- downloads and installs:
- particular MongoDB versions
- debug symbols
- artifacts (including resmoke, python scripts etc)
- python venv for resmoke, python scripts etc
symbolize- README.md
- Symbolizes stacktraces from recent
mongodandmongosbinaries compiled in Evergreen, including patch builds, mainline builds, and release/production builds. - Requires authenticating to an internal MongoDB symbol mapping service.
Dependencies
- Python 3.9 or later (python3 from the MongoDB Toolchain is highly recommended)
Installation
Make sure dependencies are installed. Use pipx to install db-contrib-tool that will be available globally on your machine:
python3 -m pip install pipx
python3 -m pipx ensurepath
Installing db-contrib-tool:
python3 -m pipx install db-contrib-tool
Upgrading db-contrib-tool:
python3 -m pipx upgrade db-contrib-tool
In case of installation errors, some of them may be related to pipx and could be fixed by re-installing pipx.
Removing pipx completely (WARNING! This will delete everything that is installed and managed by pipx):
python3 -m pip uninstall pipx
rm -rf ~/.local/pipx # in case you're using the default pipx home directory
Now you can try to install again from scratch.
Usage
Print out help message:
db-contrib-tool --help
For more information see description section.
Contributor's Guide (local development)
Install project dependencies
This project uses poetry for dependency management.
poetry install
Run command line tool (local development)
Some subcommands like bisect and symbolize could be tested from the db-contrib-tool repo root:
poetry run db-contrib-tool --help
For setup-repro-env some features can also be tested from the db-contrib-tool repo root,
but full features are available when running from mongo repo root.
See testing changes locally section.
Run linters
poetry run ruff format
poetry run ruff check
Run tests
poetry run pytest
Pre-commit
This project has pre-commit configured. Pre-commit will run
configured checks at git commit time.
To enable pre-commit on your local repository run:
poetry run pre-commit install
To run pre-commit manually:
poetry run pre-commit run
Testing changes in mongo
This tool is used to help run tests in the mongodb/mongo repository. On occasion, it may be desirable to run a mongodb-mongo-* patch build with in-flight changes to this repository. The following steps can be taken to accomplish that.
-
Create a branch with the changes you wish to test.
-
Push the branch to the origin repository:
git push -u origin <branch_name>. -
In the "mongo" repository, edit the evergreen/prelude_db_contrib_tool.sh to install from the git repository instead of from pypi:
pipx install "git+ssh://git@github.com/10gen/db-contrib-tool.git@<branch_name>" || exit 1 -
Create a patch build.
The patch build should now pull down the changes from your branch instead of using the published db-contrib-tool.
Note: Since the db-contrib-tool is pulled from your branch, if you need to make additional changes to the tool, you can just push to the branch and then restart the desired tasks. There is no need to create an additional patch build unless you also need to make updates to the mongo repository.
Testing changes locally
Pipx installation recommendations can be found in installation section.
The tool can be installed via pipx from your local repo:
python3 -m pipx install /path/to/db-contrib-tool/repo/root/dir
If the tool is already installed you can force install an updated version using --force flag:
python3 -m pipx install --force /path/to/db-contrib-tool/repo/root/dir
After these steps you can run in-development version of db-contrib-tool from any directory:
db-contrib-tool --help
Versioning
This project uses semver for versioning.
Please include a description what is added for each new version in CHANGELOG.md.
Code Review
This projects uses GitHub PRs for code reviews. You should assign any reviewers you would like to look at the PR to it.
This project uses the GitHub merge queue. Click "Merge when ready" as soon as you'd like.
Deployment
Deployment to pypi is done by deploy
task of db-contrib-tool project in Evergreen.
A new version in Evergreen is created on merges to main branch.
FAQs
The `db-contrib-tool` - MongoDB's tool for contributors.
We found that db-contrib-tool demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024