Faker.js
PostgreSQL
Faker.js | PostgreSQL | |
---|---|---|
66 | 57 | |
1,569 | 11,922 | |
- | - | |
1.7 | 8.0 | |
over 2 years ago | 1 day ago | |
JavaScript | JavaScript | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Faker.js
-
JavaScript News and Updates of January 2022
Early this month, the malicious attack on free-to-use libraries, namely color.js and faker.js, created a real uproar in the development community. These tools are used in thousands of projects and their downloading rate from npm is estimated in millions per week. To everyone’s surprise, it turned out to be an inside job. Marak Squires, the creator of these libraries, intentionally committed malicious code to his projects and published updated codebases on GitHub and npm. It is said that this sabotage was caused by unsuccessful attempts of Mr. Squires to monetize his projects. Fortunately, malicious packages were quickly removed and the attacker’s account was suspended. The story sparked a new wave of discussion in the development community on possible steps to make the development and maintenance of open-source projects more sustainable.
-
Unofficial Faker.js fork positions itself as official successor and assumes name and Open Collective sponsors
For anyone else curious about the allusion to Aaron Swartz, it can be found here and reads (as of posting):
-
This is not normal.
Sorry little boy--- I needed to update my LinkedIn profile, hire a professional to write my resume and photograph me, and work on an open-source project no one will use (or worse- work on something everyone uses)"
-
Is there something wrong with OpenSource model?
So people, I've been reading the news regarding some great packages on GitHub, like the Colors and the Faker. I understand that this isn't related entirely with the linux community, but it is something that we should pay attention.
-
Re: the faker.js debacle: A daily reminder that htmx & hyperscript are dependency free
A developer appears to have purposefully corrupted a pair of open-source libraries on GitHub and software registry npm — “faker.js” and “colors.js” — that thousands of users depend on, rendering any project that contains these libraries useless, as reported by Bleeping Computer.
-
Open source developer corrupts widely-used libraries, affecting tons of projects
I mean he also maliciously changed all of the links on a faker.js issue to point to conspiracy theories (which I am pretty sure is against Github's TOS): https://github.com/Marak/faker.js/pull/2
- What happened with fakerjs
-
The EndGame - Fakerjs
About Four (4) Days Ago, the Author of Fakerjs a popular JavaScript library with more than 2 million weekly Download from NPM Deleted the repository and replaced it with one that only has the modified ReadMe "What really happened with Aaron Swartz?" and no content, and pushed an empty package to npm as the latest version (6.6.6).
- Marak, creator of faker.js who recently deleted the project due to lack of funding and abuse of open source projects/developers pushed some strange Anti American update which has an infinite loop
- Marak adds infinite loop test to popular colors.js
PostgreSQL
-
Neon Is Generally Available: Serverless Postgres
pg doesn't do too well with serverless, dead connections are left in the pool (or something)
https://github.com/brianc/node-postgres/issues/2112
-
NodeJS Security Best Practices
If you don't want to use ORM then there are some other packages as well! For PostgreSQL we have node-postgres
-
Building Secure Neon-Infused Web Apps with Auth0, Express, and EJS
Interface with PostgreSQL database
-
Drizzle is just as unready for prime-time as Prisma, what else is there?
(Instead of the following with pg.)
-
Nile, Serverless Postgres for Modern SaaS
So far every JS framework that uses https://node-postgres.com works great and so no reason to think Drizzle wouldn't.
-
We migrated to SQL. Our biggest learning? Don't use Prisma
One thing that keeps coming up is that SQL equals low productivity. I don't think this is true. I think the culprit is that most developers are using to heavily abstracting SQL using ORMs like Prisma that hides the database and SQL logic.
Since building a SQL generator (https://aihelperbot.com) as a side project, I have become much more proficient in SQL and even though I am also locked into Prisma, I use the `queryRaw` all the time to execute raw SQL queries. You can understand the code without knowing Prisma API. It is more performant. For more complex SQL queries, I use the SQL generator for initial suggestions and adapt if needed.
For the next projects I build I want to use the minimal Postgres client (https://github.com/brianc/node-postgres) combined with a lightweight migration library.
-
Using AI I have departed from ORM and embraced SQL
For newer projects I use the small Postgres client. Initially my leap into SQL was lead by AI but as I refreshed and relearned SQL, I now use a mixture of AI and self-written SQL queries. Something like this is just easier to have AI do the grunt work and then adjustment as needed.
-
Credentials Leak with Knex
This was a known issue for pg developers, and they managed to fix it a long time ago (at the pg level), but the knowledge of this problem didn't reach Knex maintainers.
-
Why SQL is right for Infrastructure Management
Integrate the database into your application itself with a postgres client library allowing your applications to make infrastructure changes (like provisioning sharded resources for a client that wants isolation, or using a more accurate forecasting model to pre-allocate more resources before the storm hits).
-
What is your development stack for 2023?
node-postgres (raw sql, without ORM)
What are some alternatives?
jest-playwright - Running tests using Jest & Playwright
Prisma - Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite, MongoDB and CockroachDB
simplecrawler - Flexible event driven crawler for node.
MySQL - A pure node.js JavaScript Client implementing the MySQL protocol.
casual - Fake data generator for javascript
TypeORM - ORM for TypeScript and JavaScript. Supports MySQL, PostgreSQL, MariaDB, SQLite, MS SQL Server, Oracle, SAP Hana, WebSQL databases. Works in NodeJS, Browser, Ionic, Cordova and Electron platforms.
fake-store-api - FakeStoreAPI is a free online REST API that provides you fake e-commerce JSON data
MongoDB - The official MongoDB Node.js driver
Electron - :electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS
Aerospike - Node.js client for the Aerospike database
msw - Seamless REST/GraphQL API mocking library for browser and Node.js.
Redis - 🚀 A robust, performance-focused, and full-featured Redis client for Node.js.