Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update memdb examples #26

Open
baal-lgln opened this issue Sep 19, 2024 · 4 comments
Open

Update memdb examples #26

baal-lgln opened this issue Sep 19, 2024 · 4 comments

Comments

@baal-lgln
Copy link

The memdb project repo states that it is superseded by level-mem which itself will soon be deprecated because it is superseded by memory-level.

Is there any way to update kappa-core (and the examples) to use memory-level?
Or is this project dead and can anybody lead me to a good alternative?
@hackergrrl
Copy link
Member

hackergrrl commented Sep 19, 2024
edited
Loading

Hi @baal-lgln. Do you have some reason want to move away from memdb?

memdb continues to work fine, and there aren't any open security vulnerabilities. I don't see a reason to use a new module just for the sake of "it is newer".

@baal-lgln
Copy link
Author

I can't confirm that there are no open security vulnerabilites. npm audit shows this for me:

semver  <5.7.2
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/levelup/node_modules/semver
node_modules/semver
  levelup  0.9.0 - 1.3.9
  Depends on vulnerable versions of semver
  node_modules/levelup
    memdb  *
    Depends on vulnerable versions of levelup
    node_modules/memdb

memdb itself depends on levelup which itself has also been deprecated because it is superseded by abstract-level and has therefore not seen an update in three years.
We can't use dependencies that are failing our security pipelines and packages that depend on deprecated software (which depend on even more deprecated packages) will sooner or later become a security risk.

@hackergrrl
Copy link
Member

Is there any way to update kappa-core (and the examples) to use memory-level?

Yes, I'm sure it's possible, but I haven't looked into it specifically.

Or is this project dead and can anybody lead me to a good alternative?

I can't speak to "dead" (since I'm here responding!) but I would not say that this stack is being actively maintained.

@telamon
Copy link

telamon commented Sep 22, 2024

@baal-lgln I'd probably dismiss the output of npm-audit, it's mostly designed to keep servers alive.
I only hacked briefly with kappa, but abstract-level has a quite a small/simple API, so i don't think it would take much to edit the calls.
Can you see which module depends on mem-db?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@telamon @hackergrrl @baal-lgln