Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
drizzle-orm
Advanced tools
Drizzle ORM is a TypeScript-first ORM for Node.js that focuses on type safety, performance, and simplicity. It provides a fluent API for defining and querying your database schema, making it easier to work with SQL databases in a type-safe manner.
Schema Definition
Drizzle ORM allows you to define your database schema using a fluent API. This makes it easy to create and manage your database tables with type safety.
const { defineSchema, types } = require('drizzle-orm');
const schema = defineSchema({
users: {
id: types.int().primaryKey().autoIncrement(),
name: types.string().notNull(),
email: types.string().unique().notNull()
}
});
Query Building
You can build and execute SQL queries using a fluent API. This example demonstrates how to select users with the name 'John Doe'.
const { select } = require('drizzle-orm');
const users = await select(schema.users)
.where(schema.users.name.eq('John Doe'))
.execute();
Type Safety
Drizzle ORM ensures type safety throughout your database operations. This example shows how to insert a new user into the users table with type-checked values.
const { insert } = require('drizzle-orm');
await insert(schema.users).values({
name: 'Jane Doe',
email: 'jane.doe@example.com'
}).execute();
Migrations
Drizzle ORM supports database migrations, allowing you to evolve your database schema over time. This example demonstrates how to create and drop a 'posts' table.
const { migrate } = require('drizzle-orm');
await migrate(schema, {
migrations: [
{
up: async (db) => {
await db.schema.createTable('posts', {
id: types.int().primaryKey().autoIncrement(),
title: types.string().notNull(),
content: types.text().notNull(),
userId: types.int().references(schema.users.id)
});
},
down: async (db) => {
await db.schema.dropTable('posts');
}
}
]
});
Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite, and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication, and more. Compared to Drizzle ORM, Sequelize has a larger community and more extensive documentation but may lack some of the type safety features that Drizzle ORM offers.
TypeORM is an ORM for TypeScript and JavaScript (ES7, ES6, ES5). It supports many database systems including MySQL, MariaDB, PostgreSQL, SQLite, and more. TypeORM is known for its extensive feature set and active community. It provides decorators for defining entities and supports advanced features like migrations, caching, and more. Compared to Drizzle ORM, TypeORM offers more features but may be more complex to set up and use.
Knex.js is a SQL query builder for PostgreSQL, MySQL, MariaDB, SQLite3, and Oracle. It features a flexible and powerful API for building SQL queries and managing database schema. While Knex.js is not a full-fledged ORM, it can be used in conjunction with other libraries to provide ORM-like functionality. Compared to Drizzle ORM, Knex.js offers more control over raw SQL queries but lacks the built-in type safety and higher-level abstractions.
FAQs
Drizzle ORM package for SQL databases
We found that drizzle-orm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.