Security News
The Nightmare Before Deployment
Season’s greetings from Socket, and here’s to a calm end of year: clean dependencies, boring pipelines, no surprises.
By Ahmad Nassri - Dec 16, 2025
@neondatabase/vite-plugin-postgres
Advanced tools
@neondatabase/vite-plugin-postgres
This Vite plugin instantly provisions a Postgres instance (via Neon) and injects the connection string into your `.env` file, so you can start developing immediately.
Vite-Plugin-Postgres by Neon
This Vite plugin instantly provisions a Postgres instance (via Neon) and injects the connection string into your .env file, so you can start developing immediately.
How it works
- On first
vite dev, the plugin checks for aDATABASE_URL(or your configured key) in your.env. - If not found, it creates a claimable Neon database and writes the connection string to your
.env. - The plugin is a noop in production builds.
Installation
npm add @neondatabase/vite-plugin-postgres
Usage
Add the plugin as the first entry in your Vite config:
import postgresPlugin from "@neondatabase/vite-plugin-postgres";
import react from "@vitejs/plugin-react";
import { defineConfig } from "vite";
export default defineConfig({
plugins: [postgresPlugin(), react()],
});
Configuration
You can pass an options object to customize the .env file path and the environment variable name:
postgresPlugin({
env: ".env.local", // Path to your .env file (default: ".env")
envKey: "DATABASE_URL", // Name of the env variable (default: "DATABASE_URL")
});
| Option | Type | Description | Default |
|---|---|---|---|
env | string | Path to the .env file | .env |
envKey | string | Name of the environment variable | DATABASE_URL |
What gets written
- The plugin writes both a direct connection string and a pooled connection string to your
.env. - It also provides a claim URL (valid for 7 days) to take ownership of the database.
Type Definitions
interface PostgresPluginOptions {
env: string; // Path to the .env file
envKey: string; // Name of the environment variable
}
FAQ
What if I already have a DATABASE_URL env var?
The plugin will not overwrite it. Remove the variable if you want to generate a new Neon database.
Is this safe to run on CI when building for production?
The plugin is a noop in production mode (vite build), so it won't create databases or modify your .env in CI.
Can I use this with other frameworks?
Yes, this plugin is framework-agnostic. The example uses React, but you can use it with any Vite-compatible framework.
Advanced
If you want to generate claimable databases outside of Vite, use the neondb library directly.
See documentation on Neon for more.
FAQs
[DEPRECATED] This package has been renamed to 'vite-plugin-db'. Please use 'vite-plugin-db' instead.
The npm package @neondatabase/vite-plugin-postgres receives a total of 610 weekly downloads. As such, @neondatabase/vite-plugin-postgres popularity was classified as not popular.
We found that @neondatabase/vite-plugin-postgres demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 09 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords
Impostor NuGet package Tracer.Fody.NLog typosquats Tracer.Fody and its author, using homoglyph tricks, and exfiltrates Stratis wallet JSON/passwords to a Russian IP address.
By Kirill Boychenko - Dec 15, 2025
Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025