Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
TypeScript definitions for pg
The @types/pg package provides TypeScript type definitions for the pg (node-postgres) library, which is a collection of Node.js modules for interfacing with your PostgreSQL database. It enables TypeScript developers to work with pg more efficiently by offering compile-time type checking and IntelliSense support in code editors.
Client Connection
This feature allows you to connect to a PostgreSQL database using the Client class. The code sample demonstrates how to create a new client, connect to the database, execute a simple query, and then close the connection.
import { Client } from 'pg';
const client = new Client();
await client.connect();
await client.query('SELECT NOW()');
await client.end();
Pool Management
This feature enables efficient management of a pool of connections to the PostgreSQL database. The code sample shows how to create a pool, acquire a client from the pool, execute a query, release the client back to the pool, and finally close the pool.
import { Pool } from 'pg';
const pool = new Pool();
const client = await pool.connect();
try {
const res = await client.query('SELECT NOW()');
} finally {
client.release();
}
await pool.end();
Query with Parameters
This feature demonstrates how to execute a parameterized query to prevent SQL injection. The code sample illustrates inserting data into a table using parameters for the values.
import { Client } from 'pg';
const client = new Client();
await client.connect();
const text = 'INSERT INTO users(name, email) VALUES($1, $2) RETURNING *';
const values = ['Brian', 'brian@example.com'];
const res = await client.query(text, values);
await client.end();
Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite, and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication, and more. Compared to @types/pg, Sequelize offers a higher-level abstraction and includes built-in support for model definition and migrations, making it more suitable for complex applications with extensive database interactions.
TypeORM is an ORM that can run in Node.js, Browser, Cordova, PhoneGap, Ionic, React Native, NativeScript, Expo, and Electron platforms and can be used with TypeScript and JavaScript (ES5, ES6, ES7, ES8). It supports many SQL databases, including PostgreSQL, and provides a more feature-rich abstraction over the database compared to @types/pg. It includes features like data-mapper ORM, repository and entity manager, and supports automatic schema generation, migrations, and much more.
Knex.js is a SQL query builder for PostgreSQL, MySQL, and SQLite3, designed to be flexible, portable, and fun to use. It provides features for building complex SQL queries, schema migrations, and seed files. While @types/pg provides type definitions for using pg in TypeScript projects, Knex offers a more versatile query building capability, making it a good choice for applications that require complex queries without the need for an ORM.
npm install --save @types/pg
This package contains type definitions for pg (https://github.com/brianc/node-postgres).
Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pg.
These definitions were written by Phips Peter, and Ravi van Rooijen.
FAQs
TypeScript definitions for pg
The npm package @types/pg receives a total of 4,088,176 weekly downloads. As such, @types/pg popularity was classified as popular.
We found that @types/pg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.