Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
pg-introspection
Advanced tools
A strongly-typed PostgreSQL introspection library for PostgreSQL built automatically from the PostgreSQL system catalog documentation, with the TypeScript documentation for each attribute/type also pulled from the PostgreSQL documentation for easy reference directly in your editor.
To help us develop this software sustainably under the MIT license, we ask all individuals and businesses that use it to help support its ongoing maintenance and development via sponsorship.
And please give some love to our featured sponsors 🤩:
Surge * | Story.ai * | Chad Furman * | Fanatics * |
Qwick * | The Guild * | Dovetail * | Enzuzo * |
Stellate * |
* Sponsors the entire Graphile suite
Issue the makeIntrospectionQuery()
SQL query to your database, then feed the
first row's introspection
field into parseIntrospectionResults()
to get your
strongly typed introspection results.
Example usage with pg
module:
import {
makeIntrospectionQuery,
parseIntrospectionResults,
} from "pg-introspection";
import { Pool } from "pg";
const pool = new Pool({
connectionString: "postgres://localhost:5432/my_database",
});
async function main() {
const sql = makeIntrospectionQuery();
const { rows } = await pool.query(sql);
const introspection = parseIntrospectionResults(row[0].introspection);
console.log(
`The ${introspection.database.datname} DBA is ${
introspection.database.getDba()?.rolname ?? "-"
}`,
);
}
main();
Into the introspection results we mix "accessor" functions to make following relationships easier. Note that these functions are typically evaluated lazily - the first time you call them they may need to do an expensive lookup (e.g. finding the relevant record from the list of records) but they cache the result so that the next call will be near-instant.
Examples:
const myTable = introspection.classes.find((rel) => rel.relname === "my_table");
const myTableAttributes = myTable.getAttributes();
const myColumn = myTable.getAttribute({ name: "my_column" });
const myColumnDescription = myColumn.getDescription();
You can use the TypeScript autocompletion to see what accessors are available,
or look in the index.ts
file.
Using the PostgreSQL column names is by design, even though some are hard to read if you're not familiar with the system catalog.
We use _id
rather than oid
because older versions of PostgreSQL did not
explicitly list the oid
columns when you select * from
so we explicitly list
them among the selection set.
FAQs
Strongly typed PostgreSQL introspection library
The npm package pg-introspection receives a total of 2,507 weekly downloads. As such, pg-introspection popularity was classified as popular.
We found that pg-introspection demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.