Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The pg npm package is a PostgreSQL client for Node.js. It provides functionalities to connect to a PostgreSQL database server and execute queries, manage transactions, and listen to notifications from the database.
Connecting to a PostgreSQL database
This code sample demonstrates how to connect to a PostgreSQL database using the pg package. It includes creating a new client instance and connecting to the database with a connection string.
const { Client } = require('pg');
const client = new Client({
connectionString: 'postgresql://user:password@localhost:5432/database'
});
client.connect();
Executing a query
This code sample shows how to execute a SQL query to select all records from a table and print the results. It also handles any potential errors and closes the connection.
client.query('SELECT * FROM my_table', (err, res) => {
console.log(err ? err.stack : res.rows);
client.end();
});
Using async/await for queries
This code sample uses async/await syntax to execute a query and print the results. It's a more modern approach to handling asynchronous operations in Node.js.
async function fetchData() {
const res = await client.query('SELECT * FROM my_table');
console.log(res.rows);
client.end();
}
fetchData();
Managing transactions
This code sample illustrates how to manage a transaction with the pg package. It begins a transaction, attempts to insert data, commits the transaction if successful, or rolls back if an error occurs.
async function transactionExample() {
await client.query('BEGIN');
try {
await client.query('INSERT INTO my_table (col) VALUES ($1)', ['data']);
await client.query('COMMIT');
} catch (e) {
await client.query('ROLLBACK');
throw e;
}
}
transactionExample();
Listening to notifications
This code sample demonstrates how to listen for notifications from the PostgreSQL server. It sets up an event listener for 'notification' events and executes the LISTEN command to subscribe to a specific notification.
const client = new Client();
client.connect();
client.on('notification', (msg) => {
console.log('New notification:', msg);
});
client.query('LISTEN my_notification');
The mysql package is a client for MySQL databases. It provides similar functionalities to pg, such as connecting to a database, executing queries, and managing transactions. However, it is designed specifically for MySQL and not PostgreSQL.
Sequelize is an ORM (Object-Relational Mapping) library for Node.js. It supports multiple database systems, including PostgreSQL. Unlike pg, which is a lower-level client, Sequelize provides a higher-level abstraction with features like model definition, associations, and migrations.
TypeORM is another ORM for TypeScript and JavaScript that runs on Node.js. It supports PostgreSQL among other databases. It provides an even higher level of abstraction compared to Sequelize and includes features like data-mapper patterns, repositories, and automatic schema generation.
Knex.js is a SQL query builder for Node.js that supports PostgreSQL, MySQL, SQLite3, and more. It provides chainable query building capabilities and can be used as a query client without the full ORM features. It's a middle ground between pg and full ORMs like Sequelize and TypeORM.
#node-postgres
PostgreSQL client for node.js. Pure JavaScript and optional native libpq bindings.
$ npm install pg
Generally you will access the PostgreSQL server through a pool of clients. A client takes a non-trivial amount of time to establish a new connection. A client also consumes a non-trivial amount of resources on the PostgreSQL server - not something you want to do on every http request. Good news: node-postgres ships with built in client pooling.
var pg = require('pg');
var conString = "postgres://username:password@localhost/database";
pg.connect(conString, function(err, client, done) {
if(err) {
return console.error('error fetching client from pool', err);
}
client.query('SELECT $1::int AS number', ['1'], function(err, result) {
//call `done()` to release the client back to the pool
done();
if(err) {
return console.error('error running query', err);
}
console.log(result.rows[0].number);
//output: 1
});
});
Check this out for the get up and running quickly example
Sometimes you may not want to use a pool of connections. You can easily connect a single client to a postgres instance, run some queries, and disconnect.
var pg = require('pg');
var conString = "postgres://username:password@localhost/database";
var client = new pg.Client(conString);
client.connect(function(err) {
if(err) {
return console.error('could not connect to postgres', err);
}
client.query('SELECT NOW() AS "theTime"', function(err, result) {
if(err) {
return console.error('error running query', err);
}
console.log(result.rows[0].theTime);
//output: Tue Jan 15 2013 19:12:47 GMT-600 (CST)
client.end();
});
});
To install the native bindings:
$ npm install pg pg-native
node-postgres contains a pure JavaScript protocol implementation which is quite fast, but you can optionally use native bindings for a 20-30% increase in parsing speed. Both versions are adequate for production workloads.
To use the native bindings, first install pg-native. Once pg-native is installed, simply replace require('pg')
with require('pg').native
.
node-postgres abstracts over the pg-native module to provide exactly the same interface as the pure JavaScript version. No other code changes are required. If you find yourself having to change code other than the require statement when switching from require('pg')
to require('pg').native
please report an issue.
LISTEN/NOTIFY
COPY TO/COPY FROM
We love contributions!
If you need help getting the tests running locally or have any questions about the code when working on a patch please feel free to email me or gchat me.
I will happily accept your pull request if it:
Information about the testing processes is in the wiki.
Open source belongs to all of us, and we're all invited to participate!
If at all possible when you open an issue please provide
Usually I'll pop the code into the repo as a test. Hopefully the test fails. Then I make the test pass. Then everyone's happy!
If you need help or run into any issues getting node-postgres to work on your system please report a bug or contact me directly. I am usually available via google-talk at my github account public email address.
I usually tweet about any important status updates or changes to node-postgres on twitter.
Follow me @briancarlson to keep up to date.
node-postgres is by design pretty light on abstractions. These are some handy modules we've been using over the years to complete the picture:
Copyright (c) 2010-2014 Brian Carlson (brian.m.carlson@gmail.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
PostgreSQL client - pure javascript & libpq with the same API
We found that pg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.