Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

type-sql

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

type-sql

A type-safe SQL query builder in TypeScript with Postgres and MySQL bindings.

  • 0.1.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
8
decreased by-46.67%
Maintainers
1
Weekly downloads
 
Created
Source

Type-safe SQL

This is a type-safe query builder for SQL written in TypeScript. It has built-in support for Postgres and MySQL, and it shouldn't be hard to adopt it for other database engines.

Installing

npm install type-sql

Examples
let result = await db.from(BOOK)
    .where(BOOK.author.lower().like('%john%')
        .and(BOOK.price.lt(10).or(BOOK.available.eq(true)))
        .and(BOOK.date.gte(new Date('2016-10-23T19:11:25.342Z'))))
    .groupBy(BOOK.author, BOOK.available)
    .having(BOOK.price.sum().between(1000, 2000))
    .orderBy(BOOK.author.asc().nullsFirst(), BOOK.price.sum().desc())
    .offset(20)
    .limit(10)
    .select(BOOK.author, BOOK.available, BOOK.price.sum().as('sum_price'));

await db.table(BOOK)
    .where(BOOK.author.eq('John Smith'), BOOK.price.lte(200))
    .update({
        author: 'John X.',
        available: false
    });

await db.table(BOOK).where(BOOK.title.isNull()).delete();

let generatedId = await db.table(BOOK).insert({ title: '...', author: '...' });
let book = await db.table(BOOK).get(generatedId);
Table definition

You have to define the structure of the tables with a table object, and optionally an entity interface. The table object is used for the builder, while the entity interface is used as an input type for INSERT and UPDATE queries, and as a result type of SELECT queries when all columns of a single table are queried.

(DDL generation from or to the table object is not supported)

import { QueryTable, StringColumn, NumberColumn, BooleanColumn, DateColumn, BasicColumn } from "type-sql";

export interface Book {
    id?: number,
    title: string,
    author: string,
    price?: number,
    available?: boolean,
    date?: Date,
    data?: { x: number, y: number }
}

export class BookTable extends QueryTable<Book, number> {
    id = new NumberColumn(this, 'id');
    title = new StringColumn(this, 'title');
    author = new StringColumn(this,'author');
    price = new NumberColumn(this, 'price');
    date = new DateColumn(this, 'date');
    available = new BooleanColumn(this, 'available');
    data = new BasicColumn<this, any>(this, 'data');

    $id = this.id
}

export const BOOK = new BookTable('Book');
Query executor

The database object that acts as the source of the query builder must be initialized with a Postgres or MySQL client:

PostgreSQL:

import { Client } from 'pg';
import { PgQuerySource } from "type-sql";

let client = new Client();
client.connect();

let db = new PgQuerySource(client);

MySQL:

import mysql = require('mysql');
import { MySqlQuerySource } from "type-sql";

let client = mysql.createConnection(...);
client.connect();

let db = new MySqlQuerySource(client);
Features

The are many more examples among the tests, with features including

  • joins
  • more functions on columns
  • composite ID
  • inserting multiple entities
  • shortcuts for deleting/updating/querying a single entity by ID
  • aliased column name, for example to map snake_case columns to camelCase JavaScript object fields
SQL injection

The library uses "parameterized" queries by default, so that the input parameters are passed to the client separately from the sql string.

If for some reason you want to switch off the parameter escaping, then you can do it by passing the "parameterized: false" flag to the query source. Note that the query builder will still throw an error if the parameter's type is incorrect, so for example you can't pass a string to a number column even if the parameters are not escaped.

let db = new PgQuerySource(client, { parameterized: false });
Logging

You can log the SQL queries performed by the library two different ways: By passing the logging flag to the query source object, and then the queries will be written to the console by the debug tool under the 'type-sql' tag:

let db = new PgQuerySource(client, { logging: true });

Or you can pass a custom logger function to the query source:

let db = new PgQuerySource(client, { logger: (sql: string, params?: any[]) => { console.log(sql, params); }})
Licensing

MIT License

Keywords

FAQs

Package last updated on 03 Jan 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc