Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
The pg npm package is a PostgreSQL client for Node.js. It provides functionalities to connect to a PostgreSQL database server and execute queries, manage transactions, and listen to notifications from the database.
Connecting to a PostgreSQL database
This code sample demonstrates how to connect to a PostgreSQL database using the pg package. It includes creating a new client instance and connecting to the database with a connection string.
const { Client } = require('pg');
const client = new Client({
connectionString: 'postgresql://user:password@localhost:5432/database'
});
client.connect();
Executing a query
This code sample shows how to execute a SQL query to select all records from a table and print the results. It also handles any potential errors and closes the connection.
client.query('SELECT * FROM my_table', (err, res) => {
console.log(err ? err.stack : res.rows);
client.end();
});
Using async/await for queries
This code sample uses async/await syntax to execute a query and print the results. It's a more modern approach to handling asynchronous operations in Node.js.
async function fetchData() {
const res = await client.query('SELECT * FROM my_table');
console.log(res.rows);
client.end();
}
fetchData();
Managing transactions
This code sample illustrates how to manage a transaction with the pg package. It begins a transaction, attempts to insert data, commits the transaction if successful, or rolls back if an error occurs.
async function transactionExample() {
await client.query('BEGIN');
try {
await client.query('INSERT INTO my_table (col) VALUES ($1)', ['data']);
await client.query('COMMIT');
} catch (e) {
await client.query('ROLLBACK');
throw e;
}
}
transactionExample();
Listening to notifications
This code sample demonstrates how to listen for notifications from the PostgreSQL server. It sets up an event listener for 'notification' events and executes the LISTEN command to subscribe to a specific notification.
const client = new Client();
client.connect();
client.on('notification', (msg) => {
console.log('New notification:', msg);
});
client.query('LISTEN my_notification');
The mysql package is a client for MySQL databases. It provides similar functionalities to pg, such as connecting to a database, executing queries, and managing transactions. However, it is designed specifically for MySQL and not PostgreSQL.
Sequelize is an ORM (Object-Relational Mapping) library for Node.js. It supports multiple database systems, including PostgreSQL. Unlike pg, which is a lower-level client, Sequelize provides a higher-level abstraction with features like model definition, associations, and migrations.
TypeORM is another ORM for TypeScript and JavaScript that runs on Node.js. It supports PostgreSQL among other databases. It provides an even higher level of abstraction compared to Sequelize and includes features like data-mapper patterns, repositories, and automatic schema generation.
Knex.js is a SQL query builder for Node.js that supports PostgreSQL, MySQL, SQLite3, and more. It provides chainable query building capabilities and can be used as a query client without the full ORM features. It's a middle ground between pg and full ORMs like Sequelize and TypeORM.
Non-blocking PostgreSQL client for Node.js. Pure JavaScript and optional native libpq bindings.
$ npm install pg
LISTEN/NOTIFY
COPY TO/COPY FROM
node-postgres is by design pretty light on abstractions. These are some handy modules we've been using over the years to complete the picture. The entire list can be found on our wiki.
node-postgres is free software. If you encounter a bug with the library please open an issue on the GitHub repo. If you have questions unanswered by the documentation please open an issue pointing out how the documentation was unclear & I will do my best to make it better!
When you open an issue please provide:
You can also follow me @briancarlson if that's your thing. I try to always announce noteworthy changes & developments with node-postgres on Twitter.
node-postgres's continued development has been made possible in part by generous finanical support from the community and these featured sponsors:
If you or your company are benefiting from node-postgres and would like to help keep the project financially sustainable please consider supporting its development.
:heart: contributions!
I will happily accept your pull request if it:
If your change involves breaking backwards compatibility please please point that out in the pull request & we can discuss & plan when and how to release it and what type of documentation or communicate it will require.
The causes and solutions to common errors can be found among the Frequently Asked Questions (FAQ)
Copyright (c) 2010-2020 Brian Carlson (brian.m.carlson@gmail.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
PostgreSQL client - pure javascript & libpq with the same API
The npm package pg receives a total of 5,067,680 weekly downloads. As such, pg popularity was classified as popular.
We found that pg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.