Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/jackc/pgx/v5
pgx is a pure Go driver and toolkit for PostgreSQL.
The pgx driver is a low-level, high performance interface that exposes PostgreSQL-specific features such as LISTEN
/
NOTIFY
and COPY
. It also includes an adapter for the standard database/sql
interface.
The toolkit component is a related set of packages that implement PostgreSQL functionality such as parsing the wire protocol and type mapping between PostgreSQL and Go. These underlying packages can be used to implement alternative drivers, proxies, load balancers, logical replication clients, etc.
package main
import (
"context"
"fmt"
"os"
"github.com/jackc/pgx/v5"
)
func main() {
// urlExample := "postgres://username:password@localhost:5432/database_name"
conn, err := pgx.Connect(context.Background(), os.Getenv("DATABASE_URL"))
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to connect to database: %v\n", err)
os.Exit(1)
}
defer conn.Close(context.Background())
var name string
var weight int64
err = conn.QueryRow(context.Background(), "select name, weight from widgets where id=$1", 42).Scan(&name, &weight)
if err != nil {
fmt.Fprintf(os.Stderr, "QueryRow failed: %v\n", err)
os.Exit(1)
}
fmt.Println(name, weight)
}
See the getting started guide for more information.
COPY
protocol support for faster bulk data loadsLISTEN
/ NOTIFY
hstore
supportjson
and jsonb
supportinet
and cidr
PostgreSQL types to netip.Addr
and netip.Prefix
database/sql.Scanner
and database/sql/driver.Valuer
interfaces for custom typesThe pgx interface is faster. Many PostgreSQL specific features such as LISTEN
/ NOTIFY
and COPY
are not available
through the database/sql
interface.
The pgx interface is recommended when:
database/sql
are in use.It is also possible to use the database/sql
interface and convert a connection to the lower-level pgx interface as needed.
See CONTRIBUTING.md for setup instructions.
See the presentation at Golang Estonia, PGX Top to Bottom for a description of pgx architecture.
pgx supports the same versions of Go and PostgreSQL that are supported by their respective teams. For Go that is the two most recent major releases and for PostgreSQL the major releases in the last 5 years. This means pgx supports Go 1.21 and higher and PostgreSQL 12 and higher. pgx also is tested against the latest version of CockroachDB.
pgx follows semantic versioning for the documented public API on stable releases. v5
is the latest stable major version.
pglogrepl provides functionality to act as a client for PostgreSQL logical replication.
pgmock offers the ability to create a server that mocks the PostgreSQL wire protocol. This is used internally to test pgx by purposely inducing unusual errors. pgproto3 and pgmock together provide most of the foundational tooling required to implement a PostgreSQL proxy or MitM (such as for a custom connection pooler).
tern is a stand-alone SQL migration system.
pgerrcode contains constants for the PostgreSQL error codes.
These adapters can be used with the tracelog package.
pgxmock is a mock library implementing pgx interfaces. pgxmock has one and only purpose - to simulate pgx behavior in tests, without needing a real database connection.
Library for scanning data from a database into Go structs and more.
A carefully designed SQL client for making using SQL easier, more productive, and less error-prone on Golang.
Adds GSSAPI / Kerberos authentication support.
Explicit data mapping and scanning library for Go structs and slices.
Type safe and flexible package for scanning database data into Go types. Supports, structs, maps, slices and custom mapping functions.
Code first migration library for native pgx (no database/sql abstraction).
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.