TypeScript clients for databases that prevent SQL Injection

Related tags

Database nodejs javascript mysql postgres promises typescript sql sqlite databases expo
Overview

Safe From HTML Injection

Using tagged template literals for queries, e.g.

db.query(sql`SELECT * FROM users WHERE id=${userID}`);

makes it virtually impossible for SQL Injection attacks to slip in un-noticed. All the @databases libraries enforce the use of the sql tagged template literals, so you can't accidentally miss them.

The query is then passed to your database engine as a separate string and values:

{text: 'SELECT * FROM users WHERE id=?', values: [userID]}

Promises

All the @databases APIs are designed with promises in mind from the get go.

TypeScript

Written in TypeScript, so every module has type safety and type definitions built in.

Modular

Each database driver is published to npm as a separate module, so you don't need to install the ones you don't need.

Package Name Version Docs
@databases/connection-pool NPM version https://www.atdatabases.org/docs/connection-pool
@databases/escape-identifier NPM version https://www.atdatabases.org/docs/escape-identifier
@databases/expo NPM version https://www.atdatabases.org/docs/websql
@databases/lock NPM version https://www.atdatabases.org/docs/lock
@databases/mysql NPM version https://www.atdatabases.org/docs/mysql
@databases/mysql-test NPM version https://www.atdatabases.org/docs/mysql-test
@databases/pg NPM version https://www.atdatabases.org/docs/pg
@databases/pg-migrations NPM version https://www.atdatabases.org/docs/pg-migrations
@databases/pg-test NPM version https://www.atdatabases.org/docs/pg-test
@databases/pg-typed NPM version https://www.atdatabases.org/docs/pg-typed
@databases/queue NPM version https://www.atdatabases.org/docs/queue
@databases/split-sql-query NPM version https://www.atdatabases.org/docs/split-sql-query
@databases/sql NPM version https://www.atdatabases.org/docs/sql
@databases/sqlite NPM version https://www.atdatabases.org/docs/sqlite
@databases/validate-unicode NPM version https://www.atdatabases.org/docs/validate-unicode
@databases/websql NPM version https://www.atdatabases.org/docs/websql
@databases/migrations-base NPM version Not documented yet
@databases/mock-db NPM version Not documented yet
@databases/mock-db-typed NPM version Not documented yet
@databases/mysql-config NPM version Not documented yet
@databases/pg-config NPM version Not documented yet
@databases/pg-connection-string NPM version Not documented yet
@databases/pg-create NPM version Not documented yet
@databases/pg-data-type-id NPM version Not documented yet
@databases/pg-errors NPM version Not documented yet
@databases/pg-schema-cli NPM version Not documented yet
@databases/pg-schema-introspect NPM version Not documented yet
@databases/pg-schema-print-types NPM version Not documented yet
@databases/push-to-async-iterable NPM version Not documented yet
@databases/shared NPM version Not documented yet
@databases/websql-core NPM version Not documented yet
@databases/with-container NPM version Not documented yet

Check out the website to learn more: https://www.atdatabases.org/

Comments
  • SQL library code

    SQL library code

    Hi @calebmer - I can't keep track of a discussion in a large commit, so if you want to discuss it, let's talk here.

    Regarding the source of the code, the initial version is loosely based on the pg-sql implementation. I'd be happy to provide some sort of attribution if you'd like? I put this implementation into this code base for a few reasons though:

    • I wanted to use TypeScript for it natively, to match the rest of the code base
    • I wanted to also support generating slightly different output for different SQL dialects (not all of them support the explicit $1 style placeholder syntax)
    • The various db libraries here are very tightly integrated with that package, so I need to be able to manage version updates carefully.
    • I felt it was important that sql.raw had a value that was more obviously dangerous.

    Regarding the symbols in pg-sql2, this library uses instanceof, which is equivalently secure - you can't create an instance of SQLQuery via JSON.parse.

    Let me know if you have any other concerns/if you want specific attribution.

    opened by ForbesLindesay 7
  • Mysql queryNodeStream

    Mysql queryNodeStream

    Just a quick question. Does queryNodeStream kill the query if the connection is closed?

    If not, is their a way to get the thread id, so I can run db.query(sql`KILL ${thread_id}`) ?

    help wanted 
    opened by crisward 5
  • feat(pg-typed): route queries to primary or replica connections

    feat(pg-typed): route queries to primary or replica connections

    Closes #197

    This PR adds support for primary/replicas query routing in pg-typed.

    The unit test for this new feature is not using a primary+replica pg cluster, since it's more complex to setup in this testing environment, but I simulated having the primary connection closed while running read queries on the secondary connection.

    opened by avaly 4
  • Unhandled 'error' event

    Unhandled 'error' event

    I am using this library to stream data from the database however after running for a while it gives me the following error

    throw er; // Unhandled 'error' event ^ Error: Connection terminated unexpectedly at Connection.<anonymous> (/var/app/current/node_modules/pg/lib/client.js:132:73) at Object.onceWrapper (events.js:482:28) at Connection.emit (events.js:376:20) at Connection.emit (domain.js:470:12) TLSSocket.<anonymous> (/var/app/current/node_modules/pg/lib/connection.js:108:12)

    till now I suppose it was the issue of pg npm but I am not using that in my project. how to handle the error or any solution to take care of this error would be helpful. Please reply as soon as you can version - ^4.0.0

    help wanted 
    opened by bharatiprashant 4
  • unterminated dollar-quoted string at or near

    unterminated dollar-quoted string at or near "$$

    I'm using @databases/pg. I recently upgraded to 5.1.0 from 2.3.0, and started getting this error on function creation.

    Here's my setup (simplified):

    export default class Migration {
  static dbConnection: ConnectionPool

  runSingleUpMigration = async () => {
    const migration = sql.file('<path_to_sql_file>')
    await Migration.dbConnection.query(migration)
  }
}

    SQL file:

    CREATE OR REPLACE FUNCTION update_updated_at_column()
RETURNS TRIGGER AS $$
BEGIN
    NEW.updated_at = now();
    RETURN NEW;
END;
$$ language 'plpgsql';

CREATE TRIGGER <trigger_name> BEFORE UPDATE ON <table_name> FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();

    The error:

    unterminated dollar-quoted string at or near "$$
BEGIN
    NEW.updated_at = now()"

  1 | CREATE OR REPLACE FUNCTION update_updated_at_column()
> 2 | RETURNS TRIGGER AS $$
    |                    ^
  3 | BEGIN
  4 |     NEW.updated_at = now()

    Would appreciate any help here!

    Update: replacing $$ with single quotes is a workaround, but it still looks like a bug: $$ is a valid SQL syntax. and should be supported.

    bug 
    opened by mklimkin0190 4
  • chore(deps): bump prismjs from 1.22.0 to 1.23.0 in /website

    chore(deps): bump prismjs from 1.22.0 to 1.23.0 in /website

    Bumps prismjs from 1.22.0 to 1.23.0.

    Release notes

    Sourced from prismjs's releases.

    v1.23.0

    New components

    Updated components

    ... (truncated)

    Changelog

    Sourced from prismjs's changelog.

    1.23.0 (2020-12-31)

    New components

    Updated components

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 4
  • pg-test does not wait for postgres to be ready

    pg-test does not wait for postgres to be ready

    I'm using pg-test in conjunction with the existing node-pg library (partially since I only found this recently). However, it seems like its not waiting for the database to actually be ready before returning.

      const { databaseURL, kill } = await getDatabase();
  await new Promise((accept) => setTimeout(() => accept(), 1000));
  const client = new pg.Client(databaseURL);

  // Without the sleep (setTimeout) above, this throws an error because the database
  // can't be connected to yet
  await client.connect();

    An option might be just to poll the database connection until it connects successfully and/or run a sanity check query (e.g., verify that SELECT 1 returns 1).

    opened by travigd 4
  • Conditional query

    Conditional query

    Is there a way to do a conditional query, i.e. have the query be different based on a condition. An example (which I'm pretty sure doesn't work):

    await db.query(sql`
SELECT * FROM some_table
${someFilter != null ? sql`WHERE some_field = ${someFilter}` : ''}
`)

    My only option now, given that I couldn't find a way to do this, is to have two query statements: one with the "WHERE" and one without.

    opened by giltayar 3
  • Connection does not seem to be terminated

    Connection does not seem to be terminated

    When running the example code connecting to local mysql database https://www.atdatabases.org/docs/mysql it connects and queries fine but the node process doesn't automatically terminate so I have to use ctrl-c to do it. In other libraries like mysql you need to call connection.end(), I can't see that in this library but I tried db.dispose() and that failed saying there were no connections.

    There may be doing something I'm doing wrong here but I compared the behaviour against the mysql module and that terminates fine. I prefer the interface to this library so would be interested in using it but at the moment don't have the confidence to do so.

    MySQL Documentation 
    opened by obourne 3
  • INSERT complex types into a PostgreSQL table.

    INSERT complex types into a PostgreSQL table.

    I am able to select and insert text and numbers into a PostgreSQL table, but anything more complex fails.

    For example this template literal produces completely legit SQL which can copy into the command line for execution.

        db.query(sql`
        
    INSERT INTO dev.jack_wolfskin (id, city, store, lat, lng, geom)
    VALUES (
        ${parseInt(store.id)},
        '${store.city}',
        '${JSON.stringify(store)}',
        ${parseFloat(store.lat)},
        ${parseFloat(store.lng)},
        ${'ST_SetSRID(ST_Point(' + parseFloat(store.lng) + ',' + parseFloat(store.lat) + '),4326)'}
    )
    
    `)

    The table schema is as follows:

    create table if not exists dev.my_table
(
	id integer,
	city text,
	store json,
	lat double precision,
	lng double precision,
	geom geometry(Point, 4326)

);

    I have tried to break it down but I have no clue how to insert json type or geometry type generated from a function.

    This works pretty well node postgres so there must be something in the atdatabase wrapper which I don't understand.

    It would be great if you can provide an example as I would like to do more testing with this product.

    opened by dbauszus-glx 3
  • Missing await on transaction in sqlite breaks rollback

    Missing await on transaction in sqlite breaks rollback

    Here there should be an await https://github.com/ForbesLindesay/atdatabases/blob/master/packages/sqlite/src/index.ts#L128 Without it, result is a unresolved Promise, so the COMMIT is always executed. Added a small test to be sure that the rollback is done if fn throws.

    opened by marcopiraccini 2
  • documentation on insert ID

    documentation on insert ID

    Seems like an obvious feature, but I couldn't find anything in documentation. Once I do INSERT either with query() or with insert() via mysql typed, how do I get last inserted id?

    I looked at the code and looks like insert returns void.. I tried to use LAST_INSERT_ID() but that didn't work.

    opened by tot-ra 1
  • fix documentation of @databases/mysql-schema-cli with --schemaName param

    fix documentation of @databases/mysql-schema-cli with --schemaName param

    Problem

    Looks like by default, following the docs, @databases/mysql-schema-cli accesses all databases a user has and generates too much files/types, not taking into account specified schema name. Looks like there is a dedicated, not documented schemaName param now used for that..

    Screenshot_20221213_164155

    Changes

    update docs to use --schemaName param

    Before

    Screenshot_20221213_163136

    After

    Screenshot_20221213_163230

    opened by tot-ra 1
  • chore(deps): bump qs from 6.5.2 to 6.5.3

    chore(deps): bump qs from 6.5.2 to 6.5.3

    Bumps qs from 6.5.2 to 6.5.3.

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2

    chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • [Inquiry]: Supported SQLite connection protocols

    [Inquiry]: Supported SQLite connection protocols

    Hey 👋🏽

    What protocols does @adatabases support when connecting to an SQLite database?

    The information doesn't seem to be documented on the website.

    Is file:../dev.db supported? Should it be supported (if not)?

    opened by ruheni 0
  • sqlite: Any plans to add sqlite-typed?

    sqlite: Any plans to add sqlite-typed?

    This is a really great tool, and great to see the new implementation on better-sqlite3.

    Any plans to create a sqlite-typed module similar to those for pg and mySql? Or would you be open to contributions to add this?

    SQLite 
    opened by gmaclennan 1
Releases(@databases/[email protected])

  • @databases/[email protected](Oct 29, 2022)

  • @databases/[email protected](Oct 29, 2022)

  • @databases/[email protected](Aug 9, 2022)

    New Features

    • Sort generated type declarations alphabetically (#257)

      This makes the output more stable when adding & removing foreign keys

    • Add getIgnoreTest utility (#256)

      Given lists of tables to include and ignore, this returns a function to test if a given table should be ignored

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Aug 9, 2022)

  • @databases/[email protected](Aug 9, 2022)

  • @databases/[email protected](Aug 8, 2022)

    New Features

    • Add options to ignore tables when generating types (#254)

      • includeTables - if specified, types will only be generated for the tables listed
      • ignoreTables - if specified, types will not be generated for the tables listed, even if they are also listed in includeTables
    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Aug 8, 2022)

    Bug Fixes

    • Add options to ignore tables when generating types (#254)

      • types.includeTables - if specified, types will only be generated for the tables listed
      • types.ignoreTables - if specified, types will not be generated for the tables listed, even if they are also listed in types.includeTables
    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Aug 8, 2022)

    New Features

    • Add options to ignore tables when generating types (#254)

      • includeTables - if specified, types will only be generated for the tables listed
      • ignoreTables - if specified, types will not be generated for the tables listed, even if they are also listed in includeTables
    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Aug 8, 2022)

    New Features

    • Add options to ignore tables when generating types (#254)

      • types.includeTables - if specified, types will only be generated for the tables listed
      • types.ignoreTables - if specified, types will not be generated for the tables listed, even if they are also listed in types.includeTables
    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Aug 5, 2022)

  • @databases/[email protected](Aug 2, 2022)

    Bug Fixes

    • Force container to run with --platform linux/amd64 (#248)

      This ensures the container works when run on otherwise unsupported platforms such as M1 MacBooks

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Aug 2, 2022)

    Bug Fixes

    • Prioritise foreign keys over primary keys (#250)

      If a key was both a foreign key and a primary key, we would incorrectly generate a branded type for it, rather than referencing the column being referenced by the foreign key.

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Jul 28, 2022)

  • @databases/[email protected](Jun 29, 2022)

  • @databases/[email protected](Apr 25, 2022)

  • @databases/[email protected](Mar 21, 2022)

    New Features

    • Added .bulkInsertOrIgnore(options) (#229)

      Like bulkInsert except it will ignore conflicting inserts.

    • Added .bulkInsertOrUpdate(options) (#229)

      Like bulkInsert except it will update records where insert would conflict.

      async function setUserFavoriteColors(
  users: {
    email: string;
    favorite_color: string;
  }[],
) {
  await tables.users(db).bulkInsertOrUpdate({
    columnsToInsert: [`email`, `favorite_color`],
    columnsThatConflict: [`email`],
    columnsToUpdate: [`favorite_color`],
    records: users,
  });
}
    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Mar 21, 2022)

  • @databases/[email protected](Mar 21, 2022)

    New Features

    • Added bulkInsertStatement utility (#229)

      This returns the SQL statement, rather than immediately executing it. This can be useful because it lets you add ON CONFLICT handlers.

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Mar 21, 2022)

  • @databases/[email protected](Mar 21, 2022)

  • @databases/[email protected](Feb 15, 2022)

    Bug Fixes

    • pg-test run some-command always exited with code 0, even if the command failed (#227)

    • Help text for sub-commands was not shown correctly (#227)

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Feb 15, 2022)

  • @databases/[email protected](Feb 15, 2022)

  • @databases/[email protected](Feb 15, 2022)

    Bug Fixes

    • mysql-test run some-command always exited with code 0, even if the command failed (#227)

    • Help text for sub-commands was not shown correctly (#227)

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Feb 15, 2022)

  • @databases/[email protected](Feb 10, 2022)

    New Features

    • Add .andWhere to select queries (#225)

      This lets you add extra conditions to a .bulkFind query. e.g.

      import {gt} from '@databases/pg-typed';
import db, {users} from './database';

export async function getPostsSince(since: Date) {
  await tables
    .posts(db)
    .bulkFind({
      whereColumnNames: [`org_id`, `user_id`],
      whereConditions: [
        {org_id: 1, user_id: 10},
        {org_id: 2, user_id: 20},
      ],
    })
    .andWhere({created_at: gt(since)})
    .all();
}
    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Feb 9, 2022)

    Bug Fixes

    • If a connection was terminated unexpectedly while not fully idle (i.e. in the pool) but also not currently actively executing a query, it could crash the node.js process (#224)

      This happened because @databases/pg was only attaching the idle connection error handler while @databases/pg saw the connection as idle. The issue with this is that it's possible to do non-database async things within a transaction, such as reading and writing files. This could cause a connection to briefly be seen as "active" but not actually be executing a query. If a connection is terminated unexpectedly at that point (e.g. the Postgres server is rebooted) it would throw an unhandled exception.

      We now handle the error and remove the connection from the pool after the transaction.

    • We were recycling connections that had errored, providing that we could successfully execute a simple query on the connection. This is wasteful, but more importantly may fail to detect some edge cases where the connection is in an unexpected state (such as stuck in a read only transaction) but is still able to execute the test query. (#224)

      We now check the error that was thrown to determine whether the connection can still be recycled. If the error was anything other than a short list of common errors (various types of constraint violation) we close the connection and get a fresh connection for the pool.

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Feb 7, 2022)

    New Features

    • feat: allow using @databases/pg without a connection string (#222)

      This lets you use $PGHOST, $PGUSER etc. to configure your connection, which can work better in environments that expect you to connect using a unix socket and/or if you want to store only your database password in a secret manager.

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Feb 7, 2022)

    Performance Improvements

    • Skip quote escaping for identifiers that do not contain quotes (#223)

      The vast majority of identifiers in most applications do not include any quote characters. Since pg-typed & mysql-typed have to pass every table/column name to escapeDatabaseIdentifier, this could have been causing a significant performance penalty for some applications.

      On my local machine, escaping 10,000,000 Postgres identifiers goes from approximately 2,400ms to approximately 600ms.

    Source code(tar.gz)
    Source code(zip)

  • @databases/[email protected](Jan 21, 2022)

    New Features

    • Add utility for re-exporting a value or type declared in another file. (#211)

    • Add writeFile method to PrintContext to enable writing non-TypeScript files (e.g. .json files) (#212)

    Source code(tar.gz)
    Source code(zip)
Owner
Forbes Lindesay
Forbes Lindesay
GitHub https://www.atdatabases.org
ORM for TypeScript and JavaScript (ES7, ES6, ES5). Supports MySQL, PostgreSQL, MariaDB, SQLite, MS SQL Server, Oracle, SAP Hana, WebSQL databases. Works in NodeJS, Browser, Ionic, Cordova and Electron platforms.

TypeORM is an ORM that can run in NodeJS, Browser, Cordova, PhoneGap, Ionic, React Native, NativeScript, Expo, and Electron platforms and can be used

null 30.1k Jan 3, 2023
A simple UI client for most SQL Engines written in Electron. It is compatible with Windows, Mac, Ubuntu / Debian and Redhat. It supports most dialects of RMBDs like MySQL, Microsoft SQL Server, Postgres, SQLite and has limited supports for Cassandra, MongoDB and Redis.

sqlui-native sqlui-native is a simple UI client for most SQL Engines written in Electron. It is compatible with most desktop OS's and support most dia

Sy Le 49 Jan 1, 2023
Connect to private Google Cloud SQL instance through Cloud SQL Auth Proxy running in Kubernetes.

⛅ google-cloud-sql A CLI app which establishes a connection to a private Google Cloud SQL instance and port-forwards it to a local machine. Connection

Dinko Osrecki 10 Oct 16, 2022
TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, MariaDB, PostgreSQL and SQLite databases.

TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, MariaDB, PostgreSQL and SQLite datab

MikroORM 5.4k Dec 31, 2022
Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server & SQLite

Prisma Quickstart • Website • Docs • Examples • Blog • Slack • Twitter • Prisma 1 What is Prisma? Prisma is a next-generation ORM that consists of the

Prisma 28k Jan 2, 2023
Validate and auto-generate TypeScript types from raw SQL queries in PostgreSQL.

SafeQL Write SQL Queries With Confidence • Get started Install I would first recommend follow the instructions in the documentation. npm install --sav

null 747 Dec 28, 2022
Peer-to-Peer Databases for the Decentralized Web

OrbitDB OrbitDB is a serverless, distributed, peer-to-peer database. OrbitDB uses IPFS as its data storage and IPFS Pubsub to automatically sync datab

OrbitDB 7.4k Jan 1, 2023
This is the semester project for the course "Databases" at ECE-NTUA, in 2021.

Hotel Management project Semester Assignments for Databases course, summer semester 2021 Concept The project's concept is to create a system that mana

ApoGrs 4 Nov 28, 2022
Explore, create and deploy your SQLite databases right from your browser. Quick and easy, no installation required.

SQLighter (under development, alpha code) SQLighter is a database explorer born for SQLite that helps you design and deploy your application database

sqlighter 11 Sep 20, 2022
An easy-to-use multi SQL dialect ORM tool for Node.js

Sequelize Sequelize is a promise-based Node.js ORM tool for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. It features solid transaction s

Sequelize 27.3k Jan 4, 2023
Lovefield is a relational database for web apps. Written in JavaScript, works cross-browser. Provides SQL-like APIs that are fast, safe, and easy to use.

Lovefield Lovefield is a relational database written in pure JavaScript. It provides SQL-like syntax and works cross-browser (currently supporting Chr

Google 6.8k Jan 3, 2023
An SQL-friendly ORM for Node.js

Objection.js Objection.js is an ORM for Node.js that aims to stay out of your way and make it as easy as possible to use the full power of SQL and the

Vincit 6.9k Jan 5, 2023
AlaSQL.js - JavaScript SQL database for browser and Node.js. Handles both traditional relational tables and nested JSON data (NoSQL). Export, store, and import data from localStorage, IndexedDB, or Excel.

Please use version 1.x as prior versions has a security flaw if you use user generated data to concat your SQL strings instead of providing them as a

Andrey Gershun 6.1k Jan 9, 2023
An adapter-based ORM for Node.js with support for mysql, mongo, postgres, mssql (SQL Server), and more

Waterline is a next-generation storage and retrieval engine, and the default ORM used in the Sails framework. It provides a uniform API for accessing

Balderdash 5.4k Jan 4, 2023
Microsoft SQL Server client for Node.js

node-mssql Microsoft SQL Server client for Node.js Supported TDS drivers: Tedious (pure JavaScript - Windows/macOS/Linux, default) Microsoft / Contrib

null 2.1k Jan 4, 2023
Conjure SQL from GraphQL queries 🧙🔮✨

Sqlmancer Conjure SQL from your GraphQL queries ?? ?? ✨ ⚠️ This project is currently on hiatus. I am hoping to resume working on Sqlmancer once I have

Daniel Rearden 132 Oct 30, 2022
A simple url shorter API built with nodejs running on Kubernetes in Google Cloud, using PostgreSQL for storage and cloud sql proxy.

Simple URL Shorter - Google Cloud - Kubernetes A simple url shorter API built with nodejs running on Kubernetes in Google Cloud, using PostgreSQL for

null 3 Nov 25, 2021
Database manager for MySQL, PostgreSQL, SQL Server, MongoDB, SQLite and others. Runs under Windows, Linux, Mac or as web application

Database manager for MySQL, PostgreSQL, SQL Server, MongoDB, SQLite and others. Runs under Windows, Linux, Mac or as web application

DbGate 2k Dec 30, 2022
Postgres SQL RCE.js

Postgres-SQLi-RCE.js PostgreSQL Large Objects and UDF (User Defined Functions) RCE exploit re-written in javascript, for easy chaining with XSS Methdo

Amit 1 Jan 20, 2022