Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ORM for nodejs.
Supports postgres, mySql and sqlite.
npm install rdb
Simple, flexible mapper.
Transaction with commit and rollback.
Persistence ignorance - no need for explicit saving, everything is handled by transaction.
Eager or lazy loading.
Based on promises.
Documentation and examples
3.0.13
Upgraded dependency uuid
3.0.12
Avoid page locking in ms sql in extreme concurrency situations when using patchTable
3.0.11
Null parameters are replaced with sql 'null' value. This is practical when calling stored procedures with raw sql.
3.0.10
PeerDependencies as optional with npm 7 and above - using peerDependenciesMeta.
3.0.9
Support for query without transaction.
3.0.8
Support for all, any and none filters.
3.0.7
Hosting in express with typescript support.
3.0.6
insertAndForget() for situations where you INSERT privileges, but no SELECT privileges.
3.0.5
Fixed typescript methods: insert-methods should be async and return Promise<..>
3.0.4
Support for offset
3.0.3
Exposed typescript methods for rdb-client: query, insert and bulk deletes.
3.0.2
Binary as base64.
3.0.1
Small fixes.
3.0.0
Support for Sybase SAP and MsSql.
2.6.28
Support for rdb in the browser. Docs will come later.
2.6.27
Bugfix: JSON patching could result in duplicate DTO when run in same transaction.
2.6.26
Bugfix: changing a dto on nested property would also change the jsonb column.
Default value accepts function
2.6.25
Possible to indirectly update JSONB column by setting a nested property
2.6.24
Temporary lock with func as an alternative to transaction locks (pg only)
2.6.23
Bugfix when JSON patching nested relations.
2.6.22
Bugfix JSON patch.
2.6.21
Added JSON patch strategy 'skipOnConflict' to skip update if conflict.
2.6.20
Upgraded to pg@8.
2.6.19
Wrong location of module.
2.6.18
Using domains instead of async_hooks for continution local context because async_hooks is unstable and experimental.
2.6.17
More bugfixes with array patching.
2.6.16
Bugfix. Did not properly apply json patch with new arrays.
2.6.15
Downgraded to pg@7 because pg@8 messes up async hooks
2.6.14
Possible to send in types for custom parsing
2.6.13
Upgraded to pg@8.
2.6.12
Bugfix. Delete many relations in JSON patch did delete all.
2.6.11
Bugfix. Delete related row in JSON patch.
2.6.10
Bugfix. Did not apply patch properly on arrays inside json.
2.6.9
Bugfix. Inserts inside update hooks did not execute when last command in transaction.
2.6.8
Bugfix. Update hooks were sometimes incomplete.
2.6.7
Hooks on insert, update and delete.
2.6.6
Return status 204 instead of 200 when json patching.
2.6.5
Make this version the latest in npm.
2.6.4
Patching on row no longer modifies patch, but uses a clone instead.
2.6.3
Bugfix in JSON patching when null on object.
2.6.2
Bugfix in JSON patching with many relations.
2.6.1
Experimental JSON patching: patch returns dto of last operation.
2.6.0
Experimental JSON patching with metadata and single row patching.
2.5.1
Experimental JSON patching with concurrency strategy.
2.5.0
Experimental JSON patching and express adapter.
2.4.0
Supporting native bindings for postgres. The package pg-native must be installed as a peer dependency
2.3.0
Added column validation with JSON Schema or plain validator.
2.2.0
Throw meaningful error when getById gives no match.
2.1.1
Bugfix with insert and hasOne relation.
2.1.0
Pooling is disabled when there is no pool option object sent in. Previously, a pool with default size 10 was always created.
2.0.1
Ignoring tests when packing for npm
2.0.0
Domains are replaced by node-cls which is based upon async_hooks. Beware that async_hooks are still experimental. Requires node >= 8.
1.9.0
Throw meaningful error when getById gives no match.
1.8.1
Bugfix with insert and hasOne relation.
1.8.0
Pooling is disabled when there is no pool option object sent in. Previously, a pool with default size 10 was always created.
1.7.7
Commit/rollback are implicit if sending a callback to the transaction function. See example
The callback must return a promise or be an async function.
1.7.6
Order By now supports jsonb-fields.
1.7.5
GetManyDto bugfix: crashing on empty result.
1.7.4
GetManyDto strips nulls.
1.7.3
GetManyDto. For read-only scenario. A lot faster than getMany.
1.7.2
Upgraded to pg@7.4.3 and pg-query-stream@1.1.1
1.7.1
Support for schemas (postgres only).
1.7.0
sqlite3 is now a peer dependency. Add it to your own package.json if you intend to use it.
1.6.9
Bugfix: one-to-many relation returns empty if strategy is included.
1.6.8
Bugfix: one-to-many relation returns empty if insert/update is done earlier in transaction.
1.6.7
Bugfix in relations.
1.6.6
Bugfix.
1.6.5
Improved performance on relations.
1.6.4
Bugfix.
1.6.3
Bugfix: potential incorrect timeZoneOffset when serializing date to JSON. Got timeZoneOffset from now() instead of on actual date.
1.6.2
Removed es6 syntax to ensure backwards compatability.
Fixed global var leak.
1.6.1
Now supporting sqlite.
1.6.0
Bugfix: potential ambigous column error when using limit and relating to other tables.
1.5.9
Bugfix: using multipleStatements in mySql could sometimes cause an error when updates are run right before a select.
Improved performance on limit when relating to other tables.
Using uuid instead of node-uuid
Updated all dependencies but generic-pool to latest. (Generic-pool has some breaking changes in latest. I will update it in next release.)
1.5.8
Cleanup line breaks in documentation.
1.5.7
Bugfix: getById.exclusive and tryGetById.exclusive did not lock if row was cached.
Improved performance on tryGetFirst.
1.5.6
Raw sql filters can accept sql both as string and as function. E.g. var filter = {sql: function() {return 'foo > 1';}}.
1.5.5
Optional locks for getMany, tryGetFirst and tryGetById. Instead of calling getMany(params) just call getMany.exclusive(params). Same syntax goes for tryGetFirst and tryGetById. This will result in SELECT FOR UPDATE.
Bugfix: bulk deletes now accepts raw sql filters too.
1.5.4
Transaction locks. Postgres only.
1.5.3
Upgraded to pg 6.0.3
1.5.2
Improved performance and reduced memory footprint.
1.5.1
Documented JSON column type. Bug fix: Insert and foreign key violation.
1.5.0
JSON column type. Postgres json type does not support rdb filters.
1.4.1
Empty filter would sometimes cause invalid filter.
1.4.0
Raw SQL query.
1.3.0
getMany() now supports limit and orderBy - same syntax as in streaming.
1.2.3
Bugfix: iEqual gave incorrect sql when parameterized.
1.2.2
Exlusive no longer returns a clone of table. It has changes current table to exclusive locking.
1.2.1
Bugfix: Exclusive row locks
1.2.0
Exclusive row locks
1.1.0
Now supporting streaming. Requires postgres or MySQL >=5.7.7
1.0.8
README fixup.
1.0.7
Better performance on insert and update.
1.0.6
Bugfix: Transaction domain should not forward rdb singleton from old domain.
1.0.5
Documentation cleanup.
1.0.4
orderBy in toDto().
1.0.3
toDto() using next tick on every thousandth row to avoid maximum call stack size exceeded.
1.0.2
Reduced number of simultaneous promises in order to avoid maximum call stack size exceeded.
1.0.1
Bugfix: Incorrect insert/updates on timestamp without timezone. The time was converted utc instead of stripping the timezone.
1.0.0
Transaction domain forwards properties from old domain.
Semantic versioning from now on.
0.5.1
Improved performance
0.5.0
Logging: rdb.log(someFunc) logs sql and parameters.
Raw sql filters.
0.4.9
New method: tryGetById.
New filter: iEqual, postgres only.
Bugfix: rows.toJSON() without strategy did not include any children.
0.4.8
Explicit pooling with size and end().
Bugfix: mySql did not release client to pool.
0.4.7
Upgraded to pg 4.3.0
Upgraded to mysql 2.5.5
0.4.6
Upgraded pg 4.2.0.
0.4.5
Oops. Forgot to use pg.js instead of pg.
0.4.4
Upgraded all dependencies to latest. Using pg.js instead of pg.
0.4.3
Can ignore columns when serializing to dto.
0.4.2
Bugfix: update on a row crashes when a delete occurs earlier in same transaction.
0.4.1
Bugfix: more global leaks.
0.4.0
Bugfix: global leak.
0.3.9
Bugfix: eager loading joins/hasOne with non unique column names was not handled correctly.
0.3.8
Supports mySql.
Bulk deletes.
0.3.7
Bugfix: eager loading manyRelation on a join/hasOne returned empty array #11
0.3.6
Fixed sql injection vulnerability.
0.3.5
Built-in fetching strategies for lazy loading. Works best in readonly scenarios.
0.3.4
Docs and examples split moved to separate file.
0.3.3
Fixed documentation layout again.
0.3.2
Fixed documentation layout.
0.3.1
Case insensitive filters: iStartsWith, iEndsWith and iContains.
0.3.0
Fix broken links in docs.
0.2.9
Support for row.delete().
Rollback only throws when error is present.
0.2.8
Guid accepts uppercase letters.
Bugfix: null inserts on guid columns yielded wrong sql.
0.2.7
New method, toDto(), converts row to data transfer object.
Bugfix: toJSON returned incorrect string on hasMany relations.
0.2.6
Fixed incorrect links in README.
0.2.5
Bugfix: caching on composite keys could give a crash #7.
Improved sql compression on insert/update.
0.2.4
Bugfix: getMany with many-strategy and shallowFilter yields incorrect query #6.
0.2.3
Reformatted documentation. No code changes.
FAQs
Object Relational Mapper
The npm package rdb receives a total of 111 weekly downloads. As such, rdb popularity was classified as not popular.
We found that rdb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.