@cli4ai/snowflake
Advanced tools
Official @cli4ai package • https://cli4ai.com • Install cli4ai:
npm i -g cli4ai
Snowflake explorer with read-only SQL (blocks writes by default).
npm i -g cli4ai
cli4ai add -g snowflake
Create ~/.snowflake/connections.toml (required). Example:
[dev]
account = "xy12345.us-east-1"
user = "YOUR_USER"
password = "YOUR_PASSWORD"
warehouse = "COMPUTE_WH"
role = "SYSADMIN"
database = "MY_DB"
schema = "PUBLIC"
Then verify:
cli4ai run snowflake connections
cli4ai run snowflake connections
cli4ai run snowflake warehouses <conn>
cli4ai run snowflake databases <conn>
cli4ai run snowflake schemas <conn> [database]
cli4ai run snowflake tables <conn> [database] [schema]
cli4ai run snowflake views <conn> [database] [schema]
cli4ai run snowflake columns <conn> <table>
cli4ai run snowflake ddl <conn> <table>
cli4ai run snowflake sample <conn> <table> [limit]
cli4ai run snowflake count <conn> <table>
cli4ai run snowflake query <conn> <sql>
cli4ai run snowflake context <conn>
cli4ai run snowflake stages <conn>
cli4ai run snowflake formats <conn>
cli4ai run snowflake functions <conn>
cli4ai run snowflake procedures <conn>
cli4ai run snowflake tasks <conn>
cli4ai run snowflake streams <conn>
cli4ai run snowflake search <conn> <pattern>
Store your ~/.snowflake/connections.toml file with restricted permissions:
chmod 600 ~/.snowflake/connections.toml
Consider using Snowflake key-pair authentication instead of passwords for production use. See Snowflake Key-Pair Authentication.
This tool blocks destructive SQL commands (INSERT, UPDATE, DELETE, DROP, etc.) at the application layer. However, this is defense-in-depth only.
Best practice: Use a role with minimal privileges for maximum protection. Snowflake allows creating roles with restricted privileges:
CREATE ROLE readonly_role;
GRANT USAGE ON WAREHOUSE MY_WH TO ROLE readonly_role;
GRANT USAGE ON DATABASE MY_DB TO ROLE readonly_role;
GRANT USAGE ON ALL SCHEMAS IN DATABASE MY_DB TO ROLE readonly_role;
GRANT SELECT ON ALL TABLES IN DATABASE MY_DB TO ROLE readonly_role;
GRANT SELECT ON FUTURE TABLES IN DATABASE MY_DB TO ROLE readonly_role;
The application-layer filtering may have edge cases (e.g., stored procedures, unusual syntax). Database-level permissions are the authoritative security boundary.
FAQs
Snowflake read-only queries
We found that @cli4ai/snowflake demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.