Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@planetscale/database
Advanced tools
A Fetch API-compatible PlanetScale database driver for serverless and edge compute platforms that require HTTP external connections, such as Cloudflare Workers or Vercel Edge Functions
npm install @planetscale/database
import { connect } from '@planetscale/database'
const config = {
host: '<host>',
username: '<user>',
password: '<password>'
}
const conn = connect(config)
const results = await conn.execute('select 1 from dual where 1=?', [1])
console.log(results)
A single database URL value can be used to configure the host
, username
, and password
values.
import { connect } from '@planetscale/database'
const config = {
url: process.env['DATABASE_URL'] || 'mysql://user:pass@host'
}
const conn = connect(config)
Use the Client
connection factory class to create fresh connections for each transaction or web request handler.
import { Client } from '@planetscale/database'
const client = new Client({
host: '<host>',
username: '<user>',
password: '<password>'
})
const conn = client.connection()
const results = await conn.execute('select 1 from dual')
console.log(results)
Use the transaction
function to safely perform database transactions. If any unhandled errors are thrown during execution of the transaction, the transaction will be rolled back.
The following example is based on the Slotted Counter Pattern.
import { connect } from '@planetscale/database'
const config = {
host: '<host>',
username: '<user>',
password: '<password>'
}
const conn = connect(config)
const results = await conn.transaction(async (tx) => {
const whenBranch = await tx.execute('INSERT INTO branches (database_id, name) VALUES (?, ?)', [42, "planetscale"])
const whenCounter = await tx.execute('INSERT INTO slotted_counters(record_type, record_id, slot, count) VALUES (?, ?, RAND() * 100, 1) ON DUPLICATE KEY UPDATE count = count + 1', ['branch_count', 42])
return [whenBranch, whenCounter]
})
console.log(results)
To enable PlanetScale Boost, run SET @@boost_cached_queries = true
once. All subsequent queries run on the same connection will use boost if it's enabled for the query pattern. Non-matching queries will run as normal.
To learn more, visit: Query caching with PlanetScale Boost
const conn = client.connection()
// Enable boost for the connection
await conn.execute('SET @@boost_cached_queries = true')
const results = await conn.execute('...')
// Optionally, you may disable boost for the connection by setting to false
await conn.execute('SET @@boost_cached_queries = false')
Node.js version 18 includes a built-in global fetch
function. When using an older version of Node.js, you can provide a custom fetch function implementation. We recommend the undici
package on which Node's built-in fetch is based.
import { connect } from '@planetscale/database'
import { fetch } from 'undici'
const config = {
fetch,
host: '<host>',
username: '<user>',
password: '<password>'
}
const conn = connect(config)
const results = await conn.execute('select 1 from dual')
console.log(results)
To leverage HTTP/2, you can use the fetch-h2
shim. fetch-h2
also supports Node.js 12+.
import { connect } from '@planetscale/database'
import { context } from 'fetch-h2'
const { fetch, disconnectAll } = context()
const config = {
fetch,
host: '<host>',
username: '<user>',
password: '<password>'
}
const conn = connect(config)
const results = await conn.execute('select 1 from dual')
console.log(results)
await disconnectAll()
Query replacement parameters identified with ?
are replaced with escaped values. Named replacement parameters are supported with a colon prefix.
const results1 = await conn.execute('select 1 from dual where 1=?', [42])
const results2 = await conn.execute('select 1 from dual where 1=:id', { id: 42 })
Providing a custom format function overrides the built-in escaping with an external library, like sqlstring
.
import { connect } from '@planetscale/database'
import SqlString from 'sqlstring'
const config = {
format: SqlString.format,
host: '<host>',
username: '<user>',
password: '<password>'
}
const conn = connect(config)
const results = await conn.execute('select 1 from dual where 1=?', [42])
console.log(results)
Column values are converted to their corresponding JavaScript data types. This can be customized by providing a cast
function.
import { connect, cast } from '@planetscale/database'
function inflate(field, value) {
if (field.type === 'INT64' || field.type === 'UINT64') {
return BigInt(value)
}
return cast(field, value)
}
const config = {
cast: inflate,
host: '<host>',
username: '<user>',
password: '<password>'
}
const conn = connect(config)
You can also pass a custom cast
function to execute
. If present, this will override the cast
function set by the connection:
const result = await conn.execute(
'SELECT userId, SUM(balance) AS balance FROM UserBalanceItem GROUP BY userId',
{},
{
cast: (field, value) => {
if (field.name === 'balance') {
return BigInt(value)
}
return cast(field, value)
}
}
)
Rows can be returned as an object or an array of column values by passing an as
option to execute
.
const query = 'select 1 as one, 2 as two where 1=?'
const objects = conn.execute(query, [1], { as: 'object' })
// objects.rows => [{one: '1', two: '2'}]
const arrays = conn.execute(query, [1], { as: 'array' })
// arrays.rows => [['1', '2']]
npm install
npm test
Get help from the PlanetScale support team, or join our community on Discord or GitHub discussion board to see how others are using PlanetScale.
Distributed under the Apache 2.0 license. See LICENSE for details.
FAQs
A Fetch API-compatible PlanetScale database driver
The npm package @planetscale/database receives a total of 68,514 weekly downloads. As such, @planetscale/database popularity was classified as popular.
We found that @planetscale/database demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.