Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
node-postgres
Non-blocking PostgreSQL client for Node.js. Pure JavaScript and optional native libpq bindings.
Install
$ npm install pg
:star: Documentation :star:
Features
- Pure JavaScript client and native libpq bindings share the same API
- Connection pooling
- Extensible JS ↔ PostgreSQL data-type coercion
- Supported PostgreSQL features
- Parameterized queries
- Named statements with query plan caching
- Async notifications with
LISTEN/NOTIFY - Bulk import & export with
COPY TO/COPY FROM
Extras
node-postgres is by design pretty light on abstractions. These are some handy modules we've been using over the years to complete the picture. The entire list can be found on our wiki.
Support
node-postgres is free software. If you encounter a bug with the library please open an issue on the GitHub repo. If you have questions unanswered by the documentation please open an issue pointing out how the documentation was unclear & I will do my best to make it better!
When you open an issue please provide:
- version of Node
- version of Postgres
- smallest possible snippet of code to reproduce the problem
You can also follow me @briancarlson if that's your thing. I try to always announce noteworthy changes & developments with node-postgres on Twitter.
Sponsorship :two_hearts:
node-postgres's continued development has been made possible in part by generous financial support from the community.
If you or your company are benefiting from node-postgres and would like to help keep the project financially sustainable please consider supporting its development.
Featured sponsor
Special thanks to medplum for their generous and thoughtful support of node-postgres!
Contributing
:heart: contributions!
I will happily accept your pull request if it:
- has tests
- looks reasonable
- does not break backwards compatibility
If your change involves breaking backwards compatibility please please point that out in the pull request & we can discuss & plan when and how to release it and what type of documentation or communicate it will require.
Troubleshooting and FAQ
The causes and solutions to common errors can be found among the Frequently Asked Questions (FAQ)
License
Copyright (c) 2010-2020 Brian Carlson (brian.m.carlson@gmail.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Other packages similar to pg
mysql
The mysql package is a client for MySQL databases. It provides similar functionalities to pg, such as connecting to a database, executing queries, and managing transactions. However, it is designed specifically for MySQL and not PostgreSQL.
sequelize
Sequelize is an ORM (Object-Relational Mapping) library for Node.js. It supports multiple database systems, including PostgreSQL. Unlike pg, which is a lower-level client, Sequelize provides a higher-level abstraction with features like model definition, associations, and migrations.
typeorm
TypeORM is another ORM for TypeScript and JavaScript that runs on Node.js. It supports PostgreSQL among other databases. It provides an even higher level of abstraction compared to Sequelize and includes features like data-mapper patterns, repositories, and automatic schema generation.
knex
Knex.js is a SQL query builder for Node.js that supports PostgreSQL, MySQL, SQLite3, and more. It provides chainable query building capabilities and can be used as a query client without the full ORM features. It's a middle ground between pg and full ORMs like Sequelize and TypeORM.
FAQs
PostgreSQL client - pure javascript & libpq with the same API
The npm package pg receives a total of 7,037,128 weekly downloads. As such, pg popularity was classified as popular.
We found that pg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025