
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
postgres-interval
Advanced tools
Parse Postgres interval columns
npm install --save postgres-interval
var parse = require('postgres-interval')
var interval = parse('01:02:03')
// => { hours: 1, minutes: 2, seconds: 3 }
interval.toPostgres()
// 1 hour 2 minutes 3 seconds
interval.toISOString()
// P0Y0M0DT1H2M3S
interval.toISOStringShort()
// PT1H2M3S
This package parses the default Postgres interval style. If you have changed intervalstyle, you will need to set it back to the default:
set intervalstyle to default;
parse(pgInterval) -> intervalRequired
Type: string
A Postgres interval string.
This package is focused on parsing Postgres outputs. It optimizes for performance by assuming that inputs follow the default interval format. It does not perform any validation on the input. If any interval field is not found, its value will be set to 0 in the returned interval.
interval.toPostgres() -> stringReturns an interval string. This allows the interval object to be passed into prepared statements.
interval.toISOString() -> stringReturns an ISO 8601 compliant string, for example P0Y0M0DT0H9M0S.
Also available as interval.toISO() for backwards compatibility.
interval.toISOStringShort() -> stringReturns an ISO 8601 compliant string shortened to minimum length, for example PT9M.
interval.toTemporalDuration() -> Temporal.DurationReturns a Temporal.Duration representing the interval.
Requires globalThis.Temporal. It ships unflagged in Node 26+. On older runtimes, install a polyfill such as @js-temporal/polyfill and assign it to globalThis.Temporal. The method throws if Temporal is unavailable.
Postgres mixed-sign intervals (e.g. 1 mon -1 days) throw a RangeError. Temporal.Duration requires all fields to share a single sign, which these intervals violate.
The Temporal types are not yet in the default TypeScript lib. To resolve the return type, your project needs Temporal lib types: the TypeScript lib once available, or the @js-temporal/polyfill types. This package adds no type dependency.
MIT © Ben Drucker
Moment.js is a comprehensive date handling library that can parse, validate, manipulate, and display dates and times in JavaScript. While it does not specifically target PostgreSQL interval types, it offers broad functionality for handling time-based data. Compared to postgres-interval, Moment.js is more versatile for general date and time manipulation but lacks the direct focus on PostgreSQL intervals.
Luxon is a powerful library for working with dates and times in JavaScript, offering a range of features similar to Moment.js, including parsing, formatting, and manipulating dates and times. Like Moment.js, Luxon does not specifically address PostgreSQL interval types but provides a rich set of tools for time-based data manipulation. It is a modern alternative to Moment.js with a focus on immutability and internationalization.
date-fns is a modular date utility library for JavaScript, offering over 200 functions for date manipulation, including parsing, formatting, and arithmetic operations. While it does not provide specific support for PostgreSQL interval types, its modular nature allows for lightweight inclusion of only the necessary functions. Compared to postgres-interval, date-fns offers a broader scope of date manipulation features without the direct focus on PostgreSQL intervals.
FAQs
Parse Postgres interval columns
The npm package postgres-interval receives a total of 36,474,079 weekly downloads. As such, postgres-interval popularity was classified as popular.
We found that postgres-interval demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.