Validate Postgres SQL queries in source code against your schema at build time.
Validate SQL queries in JavaScript and TypeScript code against your schema at build time 🚀
Locates SQL template strings and schema definitions in your code. Evaluates the queries, matching them against your database schema. Supports type-checking via TypeScript, so you get statically typed SQL queries validated against your database schema 😱😱
Use with squid. It provides SQL tagged template strings, auto-escapes dynamic expressions to prevent SQL injections and comes with some syntactic sugar to write short, explicit SQL queries.
🦄 Validates SQL template strings in code
🚀 Checks SQL queries syntax and semantics
⚡️ Works statically, without additional runtime overhead
⚙️ Built on top of Babel & TypeScript
🛠 Uses libpg_query, the actual Postgres SQL parser
npm install --save-dev postguard
# or using yarn:
yarn add --dev postguard
Run the tool like this:
postguard src/models/*
We can use npm's npx tool to run the locally installed package:
npx postguard src/models/*
Usage
$ postguard ./path/to/source/*.ts
Options
--help Print this help
-w, --watch Watch files and re-evaluate on change
Let's quickly compare the options you got when writing code that uses a relational database.
Our sample use case is updating project rows that are owned by a certain user.
Sample:
const { rows } = await database.query(`
UPDATE projects SET
last_opened = NOW(),
open_count = open_count + 1
WHERE
projects.id IN (
SELECT project_id FROM project_members WHERE user_id = $1
)
RETURNING *
`,
[ userId ]
)
Pro:
Con:
Sample:
// (Model definitions not included)
const user = await User.findById(userId)
const projects = await user.getProjects()
const updatedProjects = await Promise.all(
projects.map(async project => {
project.last_opened = new Date(Date.now())
project.open_count++
return project.save()
})
)
Pro:
Con:
Sample:
// (Model definitions not included)
const usersProjects = await prisma.user({ id: userId }).projects()
const updatedProjects = await Promise.all(
projects.map(project =>
prisma.updateProject({
data: {
last_opened: new Date(Date.now()),
open_count: project.open_count + 1
},
where: {
id: project.id
}
})
)
)
Pro:
Con:
Sample:
// (Schema definition not included)
const { rows } = await database.query<ProjectRecord>(sql`
UPDATE projects SET
last_opened = NOW(),
open_count = open_count + 1
WHERE
projects.id IN (
SELECT project_id FROM project_members WHERE user_id = ${userId}
)
RETURNING *
`)
Pro:
Con:
Set the environment variable DEBUG to postguard:* to enable debug logging. You can also narrow debug logging down by setting DEBUG to postguard:table or postguard:query, for instance.
Feedback is welcome, as always. Feel free to comment what's on your mind 👉 here.
MIT
FAQs
Validate Postgres SQL queries in source code against your schema at build time.
The npm package postguard receives a total of 1 weekly downloads. As such, postguard popularity was classified as not popular.
We found that postguard demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.