Company News
Meet the Socket Team at RSAC and BSidesSF 2026
Join Socket for live demos, rooftop happy hours, and one-on-one meetings during BSidesSF and RSA 2026 in San Francisco.
By Sarah Gooding - Mar 03, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
pg-migration
Advanced tools
pg-migration
Apply changesets of your data structure for Postgresql easily from your node application
pg-migration
What is it?
NodeJS lacks support for good proper ORMs, and most ORMs tend to suck a bit in the end anyway. For inventid I therefore developed this simple nodejs version for postgresql of Liquibase. It is based on the excellent node-postgres library.
The database changelog table
pg-migration will automatically create the table (dbchangelog) for you.
How to use
- Import the library
import migrateAndStart from 'pg-migration'; - Create a valid database client connection
- Create the migration, with that client, and a callback to the server start (e.g.
migrateAndStart(db, './migrations', startServer);)
Files called README.md and dbchangelog.sql from the migrations folder are ignored.
Since the changeset id is derived from the file name, you can use the following command to create a new one
touch `date +%Y%m%d%H%M%S`.sql
Please be careful that the files will be executed in a alphabetically sorted fashion, so ensure that files do not depend on anything later (it's really a poor mans Liquibase).
FAQs
Apply changesets of your data structure for Postgresql easily from your node application
The npm package pg-migration receives a total of 1 weekly downloads. As such, pg-migration popularity was classified as not popular.
We found that pg-migration demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 19 Sep 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT
Malicious Packagist packages disguised as Laravel utilities install an encrypted PHP RAT via Composer dependencies, enabling remote access and C2 callbacks.
By Kush Pandya - Mar 03, 2026
Research
/Security News
Unauthorized AI Agent Execution Code Published to OpenVSX in Aqua Trivy VS Code Extension
OpenVSX releases of Aqua Trivy 1.8.12 and 1.8.13 contained injected natural-language prompts that abuse local AI coding agents for system inspection and potential data exfiltration.
By Peter van der Zee, Philipp Burckhardt - Mar 02, 2026