Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
kysely-postgres-js
Advanced tools
kysely-postgres-js
Kysely dialect for PostgreSQL using the Postgres.js client under the hood.
Installation
NPM 7+
npm i kysely-postgres-js
NPM <7
npm i kysely-postgres-js kysely postgres
Yarn
yarn add kysely-postgres-js kysely postgres
PNPM
pnpm add kysely-postgres-js kysely postgres
Deno
This package uses/extends some Kysely types and classes, which are imported using its NPM package name -- not a relative file path or CDN url. It also uses [Postgres.js] which is imported using its NPM package name -- not a relative file path or CDN url.
To fix that, add an import_map.json file.
{
"imports": {
"kysely": "https://cdn.jsdelivr.net/npm/kysely@0.23.5/dist/esm/index.js",
"postgres": "https://deno.land/x/postgres@3.3.4"
}
}
Usage
import {type GeneratedAlways, Kysely} from 'kysely'
import {PostgresJSDialect} from 'kysely-postgres-js'
import postgres from 'postgres'
interface Database {
person: {
id: GeneratedAlways<number>
first_name: string | null
last_name: string | null
age: number
}
}
const db = new Kysely<Database>({
dialect: new PostgresJSDialect({
connectionString: 'postgres://admin@localhost:5434/test',
options: {
max: 10,
},
postgres,
}),
})
// or...
const db = new Kysely<Database>({
dialect: new PostgresJSDialect({
options: {
database: 'test',
host: 'localhost',
max: 10,
port: 5434,
user: 'admin',
},
postgres,
}),
})
Caveats
Single connection
Postgres.js doesn't provide single connection getter method/s. To get a single connection, you have to create an instance with a pool that has at most one connection (max: 1). This is not aligned with Kysely's current design. As a result, db.connection() will not work as expected when using a pool with more than one connection.
If you need to use a single connection, you should instantiate a new Kysely
instance with a pool that has at most one connection.
Transactions
For transactions, this dialect creates additional pools with at most one connection, so db.transaction().execute(...) will work as expected. Keep in mind, this means that total number of connections to the database might exceed the pool size passed to Kysely initially.
License
MIT License, see LICENSE
FAQs
Kysely dialect for PostgreSQL using the Postgres.js client
The npm package kysely-postgres-js receives a total of 13,078 weekly downloads. As such, kysely-postgres-js popularity was classified as popular.
We found that kysely-postgres-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 26 Apr 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025