Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
consistency_fail is a tool to detect missing unique indexes in Rails projects.
With more than one application server, validates_uniqueness_of
becomes a lie.
Two app servers -> two requests -> two near-simultaneous uniqueness checks ->
two processes that commit to the database independently, violating this faux
constraint. You'll need a database-level constraint for cases like these.
consistency_fail will find your missing unique indexes, so you can add them and stop ignoring the C in ACID.
Similar problems arise with has_one
, so consistency_fail finds places where
database-level enforcement is lacking there as well.
For more detail, see my blog post on the subject.
You can install the gem directly:
gem install consistency_fail
Or if you're using Bundler (which you probably are), add it to your Gemfile.
gem 'consistency_fail'
The master branch should work for the following ActiveRecord versions:
rails-2.3
branch)The known issue with views in ActiveRecord 4.x is that in this version, the
connection adapter's tables
method includes both tables and views. This means
that without additional monkeypatches to the various connection adapters, we
cannot reliably detect whether a given model is backed by a table or a view. I
wouldn't mind monkeypatching a bounded set of adapters, but I don't want to be
on the hook for arbitrary connection adapters that may require licenses to test
(e.g. SQL Server, Oracle).
consistency_fail depends on being able to find all your ActiveRecord::Base
subclasses with some $LOAD_PATH
trickery. If any models are in a path either
not on your project's load path or in a path that doesn't include the word
"models", consistency_fail won't be able to find or analyze them. I'm open to
making the text "models" configurable if people want that. Please open an issue
or pull request if so!
The normal run mode is to generate a report of the problematic spots in your application. From your Rails project directory, run:
consistency_fail
from your terminal / shell. This will spit a report to standard output, which
you can view directly, redirect to a file as evidence to embarrass a teammate,
or simply beam in happiness at your application's perfect record for
validates_uniqueness_of
and has_one
usage.
The somewhat more sinister and awesome run mode is to include an initializer that does this:
require 'consistency_fail/enforcer'
ConsistencyFail::Enforcer.enforce!
This will make it so that you can't save or load any ActiveRecord models until
you go back and add your unique indexes. Of course, you'll need to make it so
Rails can find consistency_fail/enforcer
by having consistency_fail
in your
Gemfile, or by some other mechanism.
This mega-fail mode is nice to have if you have a large team and want to ensure that new models or validations/associations follow the rules.
If you're using the Enforcer
, depending on your project, you may need to
delay the initializer until later, so that model files can be loaded only once
gem dependencies have been satisfied. One possible way is to move the code above
to the end of environment.rb
or to the more specific config/environment/*
files.
There is a guard integration plugin available. See guard-consistency_fail.
Released under the MIT License. See the LICENSE file for further details.
FAQs
Unknown package
We found that consistency_fail demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.