Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
TypeScript definitions for pg
The @types/pg package provides TypeScript type definitions for the pg (node-postgres) library, which is a collection of Node.js modules for interfacing with your PostgreSQL database. It enables TypeScript developers to work with pg more efficiently by offering compile-time type checking and IntelliSense support in code editors.
Client Connection
This feature allows you to connect to a PostgreSQL database using the Client class. The code sample demonstrates how to create a new client, connect to the database, execute a simple query, and then close the connection.
import { Client } from 'pg';
const client = new Client();
await client.connect();
await client.query('SELECT NOW()');
await client.end();
Pool Management
This feature enables efficient management of a pool of connections to the PostgreSQL database. The code sample shows how to create a pool, acquire a client from the pool, execute a query, release the client back to the pool, and finally close the pool.
import { Pool } from 'pg';
const pool = new Pool();
const client = await pool.connect();
try {
const res = await client.query('SELECT NOW()');
} finally {
client.release();
}
await pool.end();
Query with Parameters
This feature demonstrates how to execute a parameterized query to prevent SQL injection. The code sample illustrates inserting data into a table using parameters for the values.
import { Client } from 'pg';
const client = new Client();
await client.connect();
const text = 'INSERT INTO users(name, email) VALUES($1, $2) RETURNING *';
const values = ['Brian', 'brian@example.com'];
const res = await client.query(text, values);
await client.end();
Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite, and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication, and more. Compared to @types/pg, Sequelize offers a higher-level abstraction and includes built-in support for model definition and migrations, making it more suitable for complex applications with extensive database interactions.
TypeORM is an ORM that can run in Node.js, Browser, Cordova, PhoneGap, Ionic, React Native, NativeScript, Expo, and Electron platforms and can be used with TypeScript and JavaScript (ES5, ES6, ES7, ES8). It supports many SQL databases, including PostgreSQL, and provides a more feature-rich abstraction over the database compared to @types/pg. It includes features like data-mapper ORM, repository and entity manager, and supports automatic schema generation, migrations, and much more.
Knex.js is a SQL query builder for PostgreSQL, MySQL, and SQLite3, designed to be flexible, portable, and fun to use. It provides features for building complex SQL queries, schema migrations, and seed files. While @types/pg provides type definitions for using pg in TypeScript projects, Knex offers a more versatile query building capability, making it a good choice for applications that require complex queries without the need for an ORM.
npm install --save @types/pg
This package contains type definitions for pg (https://github.com/brianc/node-postgres).
Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pg.
These definitions were written by Phips Peter, and Ravi van Rooijen.
FAQs
TypeScript definitions for pg
The npm package @types/pg receives a total of 2,434,120 weekly downloads. As such, @types/pg popularity was classified as popular.
We found that @types/pg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.