Gathering detailed insights and metrics for mongodb
Gathering detailed insights and metrics for mongodb
Gathering detailed insights and metrics for mongodb
Gathering detailed insights and metrics for mongodb
@opentelemetry/instrumentation-mongodb
OpenTelemetry instrumentation for `mongodb` database client for MongoDB
mongoose
Mongoose MongoDB ODM
mongodb-connection-string-url
MongoDB connection strings, based on the WhatWG URL API
resolve-mongodb-srv
Resolve mongodb+srv:// URLs to mongodb:// URLs
The official MongoDB Node.js driver
npm install mongodb
Typescript
Module System
Min. Node Version
Node Version
NPM Version
65.3
Supply Chain
97.9
Quality
98.2
Maintenance
100
Vulnerability
98.2
License
Updated on 05 Dec 2024
Minified
Minified + Gzipped
TypeScript (80%)
JavaScript (18.68%)
Shell (0.91%)
Python (0.35%)
Makefile (0.06%)
Cumulative downloads
Total Downloads
Last day
27.4%
Compared to previous day
Last week
2.2%
Compared to previous week
Last month
7.1%
Compared to previous month
Last year
26.6%
Compared to previous year
7
50
The official MongoDB driver for Node.js.
Upgrading to version 6? Take a look at our upgrade guide here!
Site | Link |
---|---|
Documentation | www.mongodb.com/docs/drivers/node |
API Docs | mongodb.github.io/node-mongodb-native |
npm package | www.npmjs.com/package/mongodb |
MongoDB | www.mongodb.com |
MongoDB University | learn.mongodb.com |
MongoDB Developer Center | www.mongodb.com/developer |
Stack Overflow | stackoverflow.com |
Source Code | github.com/mongodb/node-mongodb-native |
Upgrade to v6 | etc/notes/CHANGES_6.0.0.md |
Contributing | CONTRIBUTING.md |
Changelog | HISTORY.md |
Releases are created automatically and signed using the Node team's GPG key. This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg:
1gpg --import node-driver.asc
The GitHub release contains a detached signature file for the NPM package (named
mongodb-X.Y.Z.tgz.sig
).
The following command returns the link npm package.
1npm view mongodb@vX.Y.Z dist.tarball
Using the result of the above command, a curl
command can return the official npm package for the release.
To verify the integrity of the downloaded package, run the following command:
1gpg --verify mongodb-X.Y.Z.tgz.sig mongodb-X.Y.Z.tgz
[!Note] No verification is done when using npm to install the package. The contents of the Github tarball and npm's tarball are identical.
Think you’ve found a bug? Want to see a new feature in node-mongodb-native
? Please open a
case in our issue management tool, JIRA:
Bug reports in JIRA for all driver projects (i.e. NODE, PYTHON, CSHARP, JAVA) and the Core Server (i.e. SERVER) project are public.
For issues with, questions about, or feedback for the Node.js driver, please look into our support channels. Please do not email any of the driver developers directly with issues or questions - you're more likely to get an answer on the MongoDB Community Forums.
Change history can be found in HISTORY.md
.
The driver currently supports 3.6+ servers.
** 3.6 support is deprecated and support will be removed in a future version **
For exhaustive server and runtime version compatibility matrices, please refer to the following links:
The following table describes add-on component version compatibility for the Node.js driver. Only packages with versions in these supported ranges are stable when used in combination.
Component | mongodb@3.x | mongodb@4.x | mongodb@5.x | mongodb@6.x |
---|---|---|---|---|
bson | ^1.0.0 | ^4.0.0 | ^5.0.0 | ^6.0.0 |
bson-ext | ^1.0.0 || ^2.0.0 | ^4.0.0 | N/A | N/A |
kerberos | ^1.0.0 | ^1.0.0 || ^2.0.0 | ^1.0.0 || ^2.0.0 | ^2.0.1 |
mongodb-client-encryption | ^1.0.0 | ^1.0.0 || ^2.0.0 | ^2.3.0 | ^6.0.0 |
mongodb-legacy | N/A | ^4.0.0 | ^5.0.0 | ^6.0.0 |
@mongodb-js/zstd | N/A | ^1.0.0 | ^1.0.0 | ^1.1.0 |
We recommend using the latest version of typescript, however we currently ensure the driver's public types compile against typescript@4.4.0
.
This is the lowest typescript version guaranteed to work with our driver: older versions may or may not work - use at your own risk.
Since typescript does not restrict breaking changes to major versions, we consider this support best effort.
If you run into any unexpected compiler failures against our supported TypeScript versions, please let us know by filing an issue on our JIRA.
Additionally, our Typescript types are compatible with the ECMAScript standard for our minimum supported Node version. Currently, our Typescript targets es2021.
The recommended way to get started using the Node.js 5.x driver is by using the npm
(Node Package Manager) to install the dependency in your project.
After you've created your own project using npm init
, you can run:
1npm install mongodb 2# or ... 3yarn add mongodb
This will download the MongoDB driver and add a dependency entry in your package.json
file.
If you are a Typescript user, you will need the Node.js type definitions to use the driver's definitions:
1npm install -D @types/node
The MongoDB driver can optionally be enhanced by the following feature packages:
Maintained by MongoDB:
Some of these packages include native C++ extensions. Consult the trouble shooting guide here if you run into compilation issues.
Third party:
This guide will show you how to set up a simple application using Node.js and MongoDB. Its scope is only how to set up the driver and perform the simple CRUD operations. For more in-depth coverage, see the official documentation.
package.json
fileFirst, create a directory where your application will live.
1mkdir myProject 2cd myProject
Enter the following command and answer the questions to create the initial structure for your new project:
1npm init -y
Next, install the driver as a dependency.
1npm install mongodb
For complete MongoDB installation instructions, see the manual.
mongod
process.1mongod --dbpath=/data
You should see the mongod process start up and print some status information.
Create a new app.js file and add the following code to try out some basic CRUD operations using the MongoDB driver.
Add code to connect to the server and the database myProject:
NOTE: Resolving DNS Connection issues
Node.js 18 changed the default DNS resolution ordering from always prioritizing IPv4 to the ordering returned by the DNS provider. In some environments, this can result in
localhost
resolving to an IPv6 address instead of IPv4 and a consequent failure to connect to the server.This can be resolved by:
- specifying the IP address family using the MongoClient
family
option (MongoClient(<uri>, { family: 4 } )
)- launching mongod or mongos with the ipv6 flag enabled (--ipv6 mongod option documentation)
- using a host of
127.0.0.1
in place of localhost- specifying the DNS resolution ordering with the
--dns-resolution-order
Node.js command line argument (e.g.node --dns-resolution-order=ipv4first
)
1const { MongoClient } = require('mongodb'); 2// or as an es module: 3// import { MongoClient } from 'mongodb' 4 5// Connection URL 6const url = 'mongodb://localhost:27017'; 7const client = new MongoClient(url); 8 9// Database Name 10const dbName = 'myProject'; 11 12async function main() { 13 // Use connect method to connect to the server 14 await client.connect(); 15 console.log('Connected successfully to server'); 16 const db = client.db(dbName); 17 const collection = db.collection('documents'); 18 19 // the following code examples can be pasted here... 20 21 return 'done.'; 22} 23 24main() 25 .then(console.log) 26 .catch(console.error) 27 .finally(() => client.close());
Run your app from the command line with:
1node app.js
The application should print Connected successfully to server to the console.
Add to app.js the following function which uses the insertMany method to add three documents to the documents collection.
1const insertResult = await collection.insertMany([{ a: 1 }, { a: 2 }, { a: 3 }]); 2console.log('Inserted documents =>', insertResult);
The insertMany command returns an object with information about the insert operations.
Add a query that returns all the documents.
1const findResult = await collection.find({}).toArray(); 2console.log('Found documents =>', findResult);
This query returns all the documents in the documents collection. If you add this below the insertMany example, you'll see the documents you've inserted.
Add a query filter to find only documents which meet the query criteria.
1const filteredDocs = await collection.find({ a: 3 }).toArray(); 2console.log('Found documents filtered by { a: 3 } =>', filteredDocs);
Only the documents which match 'a' : 3
should be returned.
The following operation updates a document in the documents collection.
1const updateResult = await collection.updateOne({ a: 3 }, { $set: { b: 1 } }); 2console.log('Updated documents =>', updateResult);
The method updates the first document where the field a is equal to 3 by adding a new field b to the document set to 1. updateResult
contains information about whether there was a matching document to update or not.
Remove the document where the field a is equal to 3.
1const deleteResult = await collection.deleteMany({ a: 3 }); 2console.log('Deleted documents =>', deleteResult);
Indexes can improve your application's performance. The following function creates an index on the a field in the documents collection.
1const indexName = await collection.createIndex({ a: 1 }); 2console.log('index name =', indexName);
For more detailed information, see the indexing strategies page.
If you need to filter certain errors from our driver, we have a helpful tree of errors described in etc/notes/errors.md.
It is our recommendation to use instanceof
checks on errors and to avoid relying on parsing error.message
and error.name
strings in your code.
We guarantee instanceof
checks will pass according to semver guidelines, but errors may be sub-classed or their messages may change at any time, even patch releases, as we see fit to increase the helpfulness of the errors.
Any new errors we add to the driver will directly extend an existing error class and no existing error will be moved to a different parent class outside of a major release.
This means instanceof
will always be able to accurately capture the errors that our driver throws.
1const client = new MongoClient(url); 2await client.connect(); 3const collection = client.db().collection('collection'); 4 5try { 6 await collection.insertOne({ _id: 1 }); 7 await collection.insertOne({ _id: 1 }); // duplicate key error 8} catch (error) { 9 if (error instanceof MongoServerError) { 10 console.log(`Error worth logging: ${error}`); // special case for some reason 11 } 12 throw error; // still want to crash 13}
If you need to test with a change from the latest main
branch, our mongodb
npm package has nightly versions released under the nightly
tag.
1npm install mongodb@nightly
Nightly versions are published regardless of testing outcome. This means there could be semantic breakages or partially implemented features. The nightly build is not suitable for production use.
© 2012-present MongoDB Contributors
© 2009-2012 Christian Amor Kvalheim
Stable Version
1
0/10
Summary
Denial of Service in mongodb
Affected Versions
< 3.1.13
Patched Versions
3.1.13
3
4.2/10
Summary
MongoDB Driver may publish events containing authentication-related data
Affected Versions
>= 5.0.0, < 5.8.0
Patched Versions
5.8.0
4.2/10
Summary
MongoDB Driver may publish events containing authentication-related data
Affected Versions
>= 4.0.0, < 4.17.0
Patched Versions
4.17.0
4.2/10
Summary
MongoDB Driver may publish events containing authentication-related data
Affected Versions
>= 3.6.0, < 3.6.10
Patched Versions
3.6.10
Reason
all changesets reviewed
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
Reason
no binaries found in the repo
Reason
SAST tool detected but not run on all commits
Details
Reason
5 out of the last 5 releases have a total of 5 signed artifacts.
Details
Reason
3 existing vulnerabilities detected
Details
Reason
branch protection is not maximal on development and all release branches
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More