
Research
/Security News
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Opinionated data loading with SQLite.
While most distributed application runtimes will use a networked data store for mutable state, the usage patterns of data that is read-only at runtime are great fit for SQLite.
In particular, microcosm-sqlite
assumes that applications will
Persistent data is expected to use SQLAlchemy's declarative base classes. Because different data sets
may be shipped in different SQLite databases, each declarative base class needs to have a unique
name and a separate engine configuration, which is achieved by adding DataSet
as the base of the
declarative base class:
Base = DataSet.create("some_name")
class SomeModel(Base):
__tablename__ = "sometable"
id = Column(Integer, primary_key=True)
Basic persistence operations are abstracted through a store:
class SomeStore(Store):
@property
def model_class(self):
return SomeModel
store = SomeStore()
results = store.search()
Each DataSet
defaults to using :memory:
storage, but can be customized in two ways:
The SQLiteBindFactory
can be configured with custom paths:
loader = load_from_dict(
sqlite=dict(
paths={
"some_name": "/path/to/database",
},
),
)
graph = create_object_graph("example", loader=loader)
The microcosm.sqlite
entrypoint can contain a mapping from a data set name to a
function that returns a path.
FAQs
Opinionated persistence with SQLite
We found that microcosm-sqlite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.