Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
node-pg-migrate
Advanced tools
Node.js database migration management built exclusively for postgres.
$ npm install node-pg-migrate
Installing this module adds a runnable file into your node_modules/.bin
directory. If installed globally (with the -g option), you can run pg-migrate
and if not, you can run ./node_modules/.bin/pg-migrate
You can specify your database connection information using config.
// config/default.json
{
"db": "postgres://postgres:password@localhost:5432/name"
}
or
// config/default.json
{
"db": {
"user": "postgres",
"password": "",
"host": "localhost",
"port": 5432,
"name": "name"
}
}
You could also specify your database url by setting the environment variable DATABASE_URL
.
DATABASE_URL=postgres://postgres@localhost/name node-pg-migrate
If a .env file exists, it will be loaded using dotenv (if installed) when running the pg-migrate binary.
Depending on your project's setup, it may make sense to write some custom grunt tasks that set this env var and run your migration commands. More on that below.
The following are the available commands:
pg-migrate create {migration-name}
- creates a new migration file with the name you give it. Spaces and underscores will be replaced by dashes and a timestamp is prepended to your file name.pg-migrate up
- runs all up migrations from the current state.pg-migrate up {N}
- runs N up migrations from the current state.pg-migrate down
- runs a single down migration.pg-migrate down {N}
- runs N down migrations from the current state.You can adjust defaults by passing arguments to pg-migrate
:
schema
(s
) - The schema on which migration will be run (defaults to public
)
database-url-var
(d
) - Name of env variable with database url string (defaults to DATABASE_URL
)
migrations-dir
(m
) - The directory containing your migration files (defaults to migrations
)
migrations-schema
- The schema storing table which migrations have been run (defaults to same value as schema
)
migrations-table
(t
) - The table storing which migrations have been run (defaults to pgmigrations
)
check-order
- Check order of migrations before running them (defaults to true
, to switch it off supply --no-check-order
on command line).
(There should be no migration with timestamp lesser than last run migration.)
See all by running pg-migrate --help
.
Most of configuration options can be also specified in node-config
configuration file.
For SSL connection to DB you can set PGSSLMODE
environment variable to value from list other then disable
.
e.g. PGSSLMODE=require pg-migrate up
(pg will take it into account)
When you run pg-migrate create
a new migration file is created that looks like this:
exports.up = function up(pgm) {
}
exports.down = function down(pgm) {
}
pgm
is a helper object that provides migration operations and run
is the callback to call when you are done.
IMPORTANT
Calling the migration functions on pgm
doesn't actually migrate your database. These functions just add sql commands to a stack that is run.
If exports.down
is not present in a migration, pg-migrate will try to automatically infer the operations that make up the down migration by reversing the operations of the up migration. Only some operations have automatically inferrable equivalents (details below on each operation). Sometimes, migrations are destructive and cannot be rolled back. In this case, you can set exports.down = false
to tell pg-migrate that the down migration is impossible.
In some cases, you may want to perform some async operation during a migration, for example fetching some information from an external server, or inserting some data into the database. To make a migration block operate in async mode, just add another callback argument to the function signature. However, be aware that NONE of the pgm operations will be executed until run()
is called. Here's an example:
exports.up = function up(pgm, run) {
doSomethingAsync(function() {
run();
});
}
Another way how to perform some async operation is to return Promise from up
or down
function. Example:
exports.up = function(pgm) {
return new Promise(resolve => {
// doSomethingAsync
resolve();
});
}
The pgm
object that is passed to each up/down block has many different operations available. Each operation is simply a function that generates some sql and stores it in the current pgm context.
By default, each migration will be run in a transaction. To disable transactions for a specific migration, call pgm.noTransaction()
This is required for some SQL operations that cannot be run within a transaction. It should be used carefully.
pgm.createTable( tablename, columns, options )
Create a new table - postgres docs
Arguments:
tablename
[string] - name for the new tablecolumns
[object] - column names / options -- see column definitions sectionoptions
[object] - table options (optional)
inherits
[string] - table to inherit fromReverse Operation: dropTable
pgm.dropTable( tablename )
Drop existing table - postgres docs
Arguments:
tablename
[string] - name of the table to droppgm.renameTable( tablename, new_tablename )
Rename a table - postgres docs
Arguments:
tablename
[string] - name of the table to renamenew_table
[object] - new name of the tableReverse Operation: same operation in opposite direction
pgm.addColumns( tablename, new_columns )
Add columns to an existing table - postgres docs
Arguments:
tablename
[string] - name of the table to alternew_columns
[object] - column names / options -- see column definitions sectionAliases: addColumn
Reverse Operation: dropColumns
pgm.dropColumns( tablename, columns )
Drop columns from a table - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumns
[array of strings or object] - columns to drop (if object, uses keys)Aliases: dropColumn
pgm.renameColumn( tablename, old_column_name, new_column_name )
Rename a column - postgres docs
Arguments:
tablename
[string] - name of the table to alterold_column_name
[string] - current column namenew_column_name
[string] - new column nameReverse Operation: same operation in opposite direction
pgm.alterColumn( tablename, column_name, column_options )
Alter a column (default value, type, allow null) - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumn_name
[string] - column to altercolumn_options
[object] - optional new column options
default
[string or null] - null, stringtype
[string] - new datatypenotNull
[boolean] - sets NOT NULL if truepgm.addConstraint( tablename, constraint_name, expression )
Add a named column constraint - postgres docs
Arguments:
tablename
[string] - name of the table to alterconstraint_name
[string] - name for the constraintexpression
[string] - constraint expression (raw sql)Aliases: createConstraint
Reverse Operation: dropConstraint
pgm.dropConstraint( tablename, constraint_name )
Drop a named column constraint - postgres docs
Arguments:
tablename
[string] - name of the table to alterconstraint_name
[string] - name for the constraintpgm.createIndex( tablename, columns, options )
Create a new index - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumns
[string or array of strings] - columns to add to the indexoptions
[index options] - optional options:
name
[string] - name for the index (one will be inferred from table/columns if undefined)unique
[boolean] - set to true if this is a unique indexwhere
[string] - raw sql for where clause of indexconcurrently
[boolean] - create this index concurrentlymethod
[string] - btree | hash | gist | spgist | ginAliases: addIndex
Reverse Operation: dropIndex
pgm.dropIndex( tablename, columns, options )
Drop an index - postgres docs
Arguments:
tablename
[string] - name of the table to altercolumns
[string or array of strings] - column names, used only to infer an index nameoptions
[index options] - optional options:
name
[string] - name of the index to droppgm.sql( sql )
Run raw sql -- with some optional very basic mustache templating
Arguments:
sql
[string] - SQL query to runargs
[object] - (optional) key/val of arguments to replacepgm.createExtension( extension )
Install postgres extension(s) - postgres docs
Arguments:
extension
[string or array of strings] - name(s) of extensions to installAliases: addExtension
Reverse Operation: dropExtension
pgm.dropExtension( extension )
Un-install postgres extension(s) - postgres docs
Arguments:
extension
[string or array of strings] - name(s) of extensions to installpgm.createType( type_name, values )
Create a new data type - postgres docs
Arguments:
type_name
[string] - name of the new typevalues
[array of strings or object] if an array the contents are possible values for an enum type, if an object names and types for a composite typeAliases: addType
Reverse Operation: dropType
pgm.dropType( type_name )
Drop a custom data type - postgres docs
Arguments:
type_name
[string] - name of the new typeThe createTable
and addColumns
methods both take a columns
argument that specifies column names and options. It is a object (key/value) where each key is the name of the column, and the value is another object that defines the options for the column.
type
[string] - data type (use normal postgres types)unique
[boolean] - set to true to add a unique constraint on this columnprimaryKey
[boolean] - set to true to make this column the primary keynotNull
[boolean] - set to true to make this column not nullcheck
[string] - sql for a check constraint for this columnreferences
[string] - a table name that this column is a foreign key toonDelete
[string] - adds ON DELETE constraint for a reference columnonUpdate
[string] - adds ON UPDATE constraint for a reference columnData type strings will be passed through directly to postgres, so write types as you would if you were writing the queries by hand.
There are some aliases on types to make things more foolproof: (int, string, float, double, datetime, bool)
There is a shorthand to pass only the type instead of an options object:
pgm.addColumns('myTable', { age: 'integer' });
is equivalent to
pgm.addColumns('myTable', { age: { type: 'integer' } });
There is a shorthand for normal auto-increment IDs:
pgm.addColumns('myTable', { id: 'id' });
is equivalent to
pgm.addColumns('myTable', { id: { type: 'serial', primaryKey: true } });
Instead of passing string as name to pgm
functions, you can pass an object with keys schema
and name
. E.g.
pgm.createTable( {schema: 'my_schema', name: 'my_table_name'}, {id: 'serial'});
will generate
CREATE TABLE "my_schema"."my_table_name" (
"id" serial
);
Why only Postgres? - By writing this migration tool specifically for postgres instead of accommadating many databases, we can actually provide a full featured tool that is much simpler to use and maintain. I was tired of using crippled database tools just in case one day we switch our database.
Async / Sync - Everything is async in node, and that's great, but a migration tool should really just be a fancy wrapper that generates SQL. Most other migration tools force you to bring in control flow libraries or wrap everything in callbacks as soon as you want to do more than a single operation in a migration. Plus by building up a stack of operations, we can automatically infer down migrations (sometimes) to save even more time.
Naming / Raw Sql - Many tools force you to use their constants to do things like specify data types. Again, this tool should be a fancy wrapper that generates SQL, so whenever possible, it should just pass through user values directly to the SQL. The hard part is remembering the syntax of the specific operation, not remembering how to type "timestamp"!
FAQs
PostgreSQL database migration management tool for node.js
The npm package node-pg-migrate receives a total of 37,615 weekly downloads. As such, node-pg-migrate popularity was classified as popular.
We found that node-pg-migrate demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.