More

hfmuehleisen · 2025-09-09T11:53:40 1757418820

DuckDB maintainer here, thanks for flagging this. Indeed the npm stats are delayed. We will know in a day or so what the actual count was. In the meantime, I've removed that statement.

belgattitude · 2025-09-09T12:02:45 1757419365

I think you should unpublish rather than deprecate... `npm unpublish package@version` ... It's possible within 72h. One reason is that the patched version contains -alpha... so tools like npm-check-updates would keep the 1.3.3 as the latest release for those who installed it

hfmuehleisen · 2025-09-09T12:05:46 1757419546

Yes we tried, but npm would not let us because of "dependencies". We've reached out to them and are waiting for a response. In the meantime, we re-published the packages with newer versions so people won't accidentally install the compromised version.

herpdyderp · 2025-09-09T12:42:34 1757421754

At least one thing is clear from this week: npm is too slow to respond.

diggan · 2025-09-09T13:25:55 1757424355

> npm is too slow to respond

Microsoft has been bravely saying "Security is top priority" since 2002 (https://www.cnet.com/tech/tech-industry/gates-security-is-to...) and every now and then reminds us that they put "security above all else" (latest in 2024: https://blogs.microsoft.com/blog/2024/05/03/prioritizing-sec...), yet things like this persists.

For how long time do Microsoft need to leave wide-open holes for the government to crack down on their wilful ignorance? Unless people go to jail, literally nothing will happen.

zahlman · 2025-09-10T05:57:48 1757483868

TIL that NPM is a subsidiary of GitHub, making this indeed Microsoft's responsibility.

hfmuehleisen · 2025-09-09T12:46:31 1757421991

they have now removed the affected versions!

hfmuehleisen · on March 12, 2025

SSH port forwarding?

pheeney · on March 12, 2025

It looks like the port is configurable, so that should make it easier to avoid conflicts but I wonder how the performance would be impacted.

pheeney · on March 12, 2025

I was able to get it working and it seemed fast enough. However I don't have any local databases of similar size to compare to.

ssh -F ssh.config -L 4213:localhost:4213 dev 'DUCKDB_HTTPPORT=4213 ~/.duckdb/cli/latest/duckdb -ui'

hfmuehleisen · on Feb 13, 2023

Yes we are working on it

krishadi · on Feb 13, 2023

Is there a roadmap on handling geographic data?

maxxen · on Feb 13, 2023

Yes! I'm working hard on it, I've been distracted with other work for some of our clients but hopefully have something to show soon.

hfmuehleisen · on May 13, 2022

It does, DuckDB supports recursive CTEs

hfmuehleisen · on March 7, 2022

DuckDB also works fine with R data frames so there is really no downside to using R in this case

hfmuehleisen · on Dec 4, 2021

DuckDB has its own Parquet reader

hfmuehleisen · on May 3, 2021

DuckDB can directly & selectively query Parquet files over HTTP/S3 as well. See here for examples: https://github.com/duckdb/duckdb/blob/6c7c9805fdf1604039ebed...

hfmuehleisen · on March 14, 2021

One of the DuckDB authors here. Can you open an issue wrt the import problem? Should not happen. Try setting a database file and a memory limit.

hfmuehleisen · on Sept 20, 2020

Yes, DuckDB has strict typing.

hfmuehleisen · on Sept 20, 2020

One of the DuckDB authors here. The answer is yes, but only in read-only mode at the same time.

davidgaleano · on Sept 20, 2020

What about one single client writing and multiple clients in read-only mode? Any problems with storing the file on network storage? Basically, how far can you push it before it is better to just use PostgreSQL?