Credentials Leak with Knex

1. Knex

   1 105 19,660 5.7 JavaScript

   A query builder for PostgreSQL, MySQL, CockroachDB, SQL Server, SQLite3 and Oracle, designed to be flexible, portable, and fun to use.

   

   This article will be focused on a security issue that I found in Knex and how to mitigate it, but I'll also talk briefly about the social aspects of this problem.

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. patch-package

   2 66 10,670 1.0 TypeScript

   Fix broken node modules instantly 🏃🏽‍♀️💨

   

   NPM doesn't have a patch command, but you can use patch-package to achieve the same result.

4. PostgreSQL

   3 58 12,544 8.4 JavaScript

   PostgreSQL client for node.js.

   

   This was a known issue for pg developers, and they managed to fix it a long time ago (at the pg level), but the knowledge of this problem didn't reach Knex maintainers.

Suggest a related project