Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
sequelize
Advanced tools
Sequelize is a promise-based Node.js ORM (Object-Relational Mapping) library for Postgres, MySQL, MariaDB, SQLite, and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication and more. Sequelize follows the Active Record paradigm and allows developers to define models and their relationships in a way that abstracts database access, making it easier to maintain and evolve the application codebase.
Model Definition
This feature allows you to define models in Sequelize, which represent tables in the database. Each model can have various attributes and their respective data types.
const User = sequelize.define('user', { username: Sequelize.STRING, birthday: Sequelize.DATE });
CRUD Operations
Sequelize provides methods for creating, reading, updating, and deleting records in the database, which correspond to the CRUD operations.
User.create({ username: 'alice', birthday: new Date(1986, 6, 20) }); User.findAll(); User.update({ username: 'alicejr' }, { where: { id: 1 } }); User.destroy({ where: { id: 1 } });
Associations
This feature allows you to define associations between models. For example, a user can have many posts, and a post belongs to a user.
User.hasMany(Post); Post.belongsTo(User);
Transactions
Sequelize supports transactions which allow you to execute multiple queries in an atomic way, ensuring data integrity.
sequelize.transaction(transaction => { return User.create({ username: 'bob' }, { transaction }); });
Migrations
Sequelize has a migration tool that allows you to define changes to the database schema, which can be applied and rolled back programmatically.
module.exports = { up: (queryInterface, Sequelize) => { return queryInterface.createTable('users', { id: { allowNull: false, autoIncrement: true, primaryKey: true, type: Sequelize.INTEGER }, username: { type: Sequelize.STRING } }); }, down: (queryInterface, Sequelize) => { return queryInterface.dropTable('users'); } };
Mongoose is an ODM (Object Data Modeling) library for MongoDB and Node.js. It manages relationships between data, provides schema validation, and is used to translate between objects in code and the representation of those objects in MongoDB. Compared to Sequelize, Mongoose is specific to MongoDB, whereas Sequelize supports multiple SQL databases.
TypeORM is an ORM that can run in Node.js and be used with TypeScript and JavaScript (ES5, ES6, ES7, ES8). It supports the Data Mapper pattern, unlike Sequelize which is more Active Record. TypeORM is highly influenced by other ORMs, such as Hibernate, Doctrine, and Entity Framework.
Knex.js is a SQL query builder for Postgres, MSSQL, MySQL, MariaDB, SQLite3, Oracle, and Amazon Redshift, designed to be flexible, portable, and fun to use. It does not provide full ORM capabilities but allows you to build and run SQL queries in a more programmatic and database-agnostic way. It is often used with objection.js, which is an ORM built on top of Knex.
Bookshelf.js is a JavaScript ORM for Node.js, built on the Knex SQL query builder. It features transaction support, eager/nested-eager relation loading, and polymorphic associations. Bookshelf follows a somewhat similar pattern to Sequelize but is built on top of Knex, which gives it a different flavor in terms of query building.
Sequelize is a promise-based Node.js ORM tool for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication and more.
Sequelize follows Semantic Versioning and supports Node v10 and above.
New to Sequelize? Take a look at the Tutorials and Guides. You might also be interested in the API Reference.
Would you like to contribute? Read our contribution guidelines to know more. There are many ways to help.
You can find the detailed changelog here.
Recently, a bigger part of the former core maintainers (thanks to all your hard work!) have been rather busy. Hence, the available time to look after our beloved ORM has been shrinking and shrinking drastically, generating a great chance for you:
We are looking for more core maintainers who are interested in improving/fixing our TypeScript typings, improving the documentation, organizing issues, reviewing PRs, streamlining the overall code base and planning the future roadmap.
If that sounds interesting to you, please reach out to us on our Slack channel by sending a direct message to Pedro A P B. If you don't have access, get yourself an invite automatically via this link. We are looking forward to meet you!
$ npm i sequelize # This will install v6
# And one of the following:
$ npm i pg pg-hstore # Postgres
$ npm i mysql2
$ npm i mariadb
$ npm i sqlite3
$ npm i tedious # Microsoft SQL Server
If you have security issues to report, please refer to our Responsible Disclosure Policy for more details.
FAQs
Sequelize is a promise-based Node.js ORM tool for Postgres, MySQL, MariaDB, SQLite, Microsoft SQL Server, Amazon Redshift and Snowflake’s Data Cloud. It features solid transaction support, relations, eager and lazy loading, read replication and more.
We found that sequelize demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.