Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-pg-migrate
Advanced tools
Node.js database migration management built exclusively for postgres.
$ npm install node-pg-migrate
Installing this module adds a runnable file into your node_modules/.bin
directory. If installed globally (with the -g option), you can run pg-migrate
and if not, you can run ./node_modules/.bin/pg-migrate
You must specify your database connection url by setting the environment variable DATABASE_URL
.
Depending on your project's setup, it may make sense to write some custom grunt tasks that set this env var and run your migration commands. More on that below.
The following are the available commands:
pg-migrate create {migration-name}
- creates a new migration file with the name you give it. Spaces and underscores will be replaced by dashes and a timestamp is prepended to your file name.pg-migrate up
- run all up migrations from the current statepg-migrate up {N}
- run N up migrations from the current positionpg-migrate down
- run a single down migrationpg-migrate down {N}
- run N down migrations from the current stateWhen you run pg-migrate create
a new migration file is created that looks like this:
exports.up = function(pgm, run){
run();
}
exports.down = function(pgm, run){
run();
}
pgm
is a helper object that provides migration operations and run
is the callback to call when you are done.
IMPORTANT
Generation of the up and down block is asynchronous, but each individal operation is not. Calling the migration functions on pgm
doesn't actually migrate your database. These functions just add sql commands to a stack that is run after you call the callback.
If exports.down
is not present in a migration, pg-migrate will try to automatically infer the operations that make up the down migration by reversing the operations of the up migration. Only some operations have automatically inferrable equivalents (details below on each operation). Sometimes, migrations are destructive and cannot be rolled back. In this case, you can set exports.down = false
to tell pg-migrate that the down migration is impossible.
The pgm
object that is passed to each up/down block has many different operations available. Each operation is simply a function that generates some sql and stores it in the current pgm context.
By default, each migration will be run in a transaction. To disable transactions for a specific migration, call pgm.noTransaction()
This is required for some SQL operations that cannot be run within a transaction. It should be used carefully.
pgm.createTable( tablename, columns, options )
Create a new table - postgres docs
Arguments:
tablename
[string] - name for the new tablecolumns
[object] - column names / options -- see column definitions sectionoptions
[object] - table options (optional)
inherits
[string] - table to inherit fromReverse Operation: dropTable
pgm.dropTable( tablename )
Drop existing table - postgres docs
Arguments:
tablename
[string] - name of the table to droppgm.renameTable( tablename, new_tablename )
Rename a table - postgres docs
Arguments:
tablename
[string] - name of the table to renamenew_table
[object] - new name of the tableReverse Operation: same operation in opposite direction
pgm.addColumns( tablename, new_columns )
Add columns to an existing table - postgres docs
Arguments:
tablename
[string] - name of the table to alternew_columns
[object] - column names / options -- see column definitions sectionAliases: addColumn
Reverse Operation: dropColumns
pgm.dropColumns( tablename, columns )
Drop columns from a table - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumns
[array of strings or object] - columns to drop (if object, uses keys)Aliases: dropColumn
pgm.renameColumn( tablename, old_column_name, new_column_name )
Rename a column - postgres docs
Arguments:
tablename
[string] - name of the table to alterold_column_name
[string] - current column namenew_column_name
[string] - new column nameReverse Operation: same operation in opposite direction
pgm.alterColumn( tablename, column_name, column_options )
Alter a column (default value, type, allow null) - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumn_name
[string] - column to altercolumn_options
[object] - optional new column options
default
[string or null] - null, stringtype
[string] - new datatypenotNull
[boolean] - sets NOT NULL if truepgm.addConstraint( tablename, constraint_name, expression )
Add a named column constraint - postgres docs
Arguments:
tablename
[string] - name of the table to alterconstraint_name
[string] - name for the constraintexpression
[string] - constraint expression (raw sql)Aliases: createConstraint
Reverse Operation: dropConstraint
pgm.dropConstraint( tablename, constraint_name )
Drop a named column constraint - postgres docs
Arguments:
tablename
[string] - name of the table to alterconstraint_name
[string] - name for the constraintpgm.createIndex( tablename, columns, options )
Create a new index - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumns
[string or array of strings] - columns to add to the indexoptions
[index options] - optional options:
name
[string] - name for the index (one will be inferred from table/columns if undefined)unique
[boolean] - set to true if this is a unique indexwhere
[string] - raw sql for where clause of indexconcurrently
[boolean] - create this index concurrentlymethod
[string] - btree | hash | gist | spgist | ginAliases: addIndex
Reverse Operation: dropIndex
pgm.dropIndex( tablename, columns, options )
Drop an index - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumns
[string or array of strings] - column names, used only to infer an index nameoptions
[index options] - optional options:
name
[string] - name of the index to droppgm.sql( sql )
Run raw sql -- with some optional very basic mustache templating
Arguments:
sql
[string] - name(s) of extensions to installargs
[object] - (optional) key/val of arguments to replaceAliases: addExtension
Reverse Operation: dropExtension
pgm.createExtension( extension )
Install postgres extension(s) - postgres docs
Arguments:
extension
[string or array of strings] - name(s) of extensions to installAliases: addExtension
Reverse Operation: dropExtension
pgm.dropExtension( extension )
Un-install postgres extension(s) - postgres docs
Arguments:
extension
[string or array of strings] - name(s) of extensions to installpgm.createType( type_name, values )
Create a new enum data type - postgres docs
Arguments:
type_name
[string] - name of the new typevalues
[array of strings] - possible valuesAliases: addType
Reverse Operation: dropType
pgm.dropType( type_name )
Drop a custom data type - postgres docs
Arguments:
type_name
[string] - name of the new typeThe createTable
and addColumns
methods both take a columns
argument that specifies column names and options. It is a object (key/value) where each key is the name of the column, and the value is another object that defines the options for the column.
type
[string] - data type (use normal postgres types)unique
[boolean] - set to true to add a unique constraint on this columnprimaryKey
[boolean] - set to true to make this column the primary keynotNull
[boolean] - set to true to make this column not nullcheck
[string] - sql for a check constraint for this columnreferences
[string] - a table name that this column is a foreign key toData type strings will be passed through directly to postgres, so write types as you would if you were writing the queries by hand.
There are some aliases on types to make things more foolproof: (int, string, float, double, datetime, bool)
There is a shorthand to pass only the type instead of an options object:
pgm.addColumns('myTable', { age: 'integer' });
is equivalent to
pgm.addColumns('myTable', { age: { type: 'integer' } });
There is a shorthand for normal auto-increment IDs:
pgm.addColumns('myTable', { id: 'id' });
is equivalent to
pgm.addColumns('myTable', { id: { type: 'serial', primaryKey: true } });
Why only Postgres? - By writing this migration tool specifically for postgres instead of accommadating many databases, we can actually provide a full featured tool that is much simpler to use and maintain. I was tired of using crippled database tools just in case one day we switch our database.
Async / Sync - Everything is async in node, and that's great, but a migration tool should really just be a fancy wrapper that generates SQL. Most other migration tools force you to bring in control flow libraries or wrap everything in callbacks as soon as you want to do more than a single operation in a migration. Plus by building up a stack of operations, we can automatically infer down migrations (sometimes) to save even more time.
Naming / Raw Sql - Many tools force you to use their constants to do things like specify data types. Again, this tool should be a fancy wrapper that generates SQL, so whenever possible, it should just pass through user values directly to the SQL. The hard part is remembering the syntax of the specific operation, not remembering how to type "timestamp"!
FAQs
PostgreSQL database migration management tool for node.js
The npm package node-pg-migrate receives a total of 51,121 weekly downloads. As such, node-pg-migrate popularity was classified as popular.
We found that node-pg-migrate demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.