Socket
Socket
Sign inDemoInstall

type-sql

Package Overview
Dependencies
2
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

type-sql

A type-safe SQL query builder in TypeScript with Postgres and MySQL bindings.


Version published
Maintainers
1
Weekly downloads
21
increased by5%

Weekly downloads

Readme

Source

Type-safe SQL

This is a type-safe query builder for SQL written in TypeScript. It has built-in support for Postgres and MySQL, and it shouldn't be hard to adopt it for other database engines.

Installing

npm install type-sql

Examples
let result = await db.from(BOOK)
    .where(BOOK.author.lower().like('%john%')
        .and(BOOK.price.lt(10).or(BOOK.available.eq(true)))
        .and(BOOK.date.gte(new Date('2016-10-23T19:11:25.342Z'))))
    .groupBy(BOOK.author, BOOK.available)
    .having(BOOK.price.sum().between(1000, 2000))
    .orderBy(BOOK.author.asc().nullsFirst(), BOOK.price.sum().desc())
    .offset(20)
    .limit(10)
    .select(BOOK.author, BOOK.available, BOOK.price.sum().as('sum_price'));

await db.table(BOOK)
    .where(BOOK.author.eq('John Smith'), BOOK.price.lte(200))
    .update({
        author: 'John X.',
        available: false
    });

await db.table(BOOK).where(BOOK.title.isNull()).delete();

let generatedId = await db.table(BOOK).insert({ title: '...', author: '...' });
let book = await db.table(BOOK).get(generatedId);
Table definition

You have to define the structure of the tables with a table object, and optionally an entity interface. The table object is used for the builder, while the entity interface is used as an input type for INSERT and UPDATE queries, and as a result type of SELECT queries when all columns of a single table are queried.

(DDL generation from or to the table object is not supported)

import { QueryTable, StringColumn, NumberColumn, BooleanColumn, DateColumn, BasicColumn } from "type-sql";

export interface Book {
    id?: number,
    title: string,
    author: string,
    price?: number,
    available?: boolean,
    date?: Date,
    data?: { x: number, y: number }
}

export class BookTable extends QueryTable<Book, number> {
    id = new NumberColumn(this, 'id');
    title = new StringColumn(this, 'title');
    author = new StringColumn(this,'author');
    price = new NumberColumn(this, 'price');
    date = new DateColumn(this, 'date');
    available = new BooleanColumn(this, 'available');
    data = new BasicColumn<this, any>(this, 'data');

    $id = this.id
}

export const BOOK = new BookTable('Book');
Query executor

The database object that acts as the source of the query builder must be initialized with a Postgres or MySQL client:

PostgreSQL:

import { Client } from 'pg';
import { PgQuerySource } from "type-sql";

let client = new Client();
client.connect();

let db = new PgQuerySource(client);

MySQL:

import mysql = require('mysql');
import { MySqlQuerySource } from "type-sql";

let client = mysql.createConnection(...);
client.connect();

let db = new MySqlQuerySource(client);
Features

The are many more examples among the tests, with features including

  • joins
  • more functions on columns
  • composite ID
  • inserting multiple entities
  • shortcuts for deleting/updating/querying a single entity by ID
  • aliased column name, for example to map snake_case columns to camelCase JavaScript object fields
SQL injection

The library uses "parameterized" queries by default, so that the input parameters are passed to the client separately from the sql string.

If for some reason you want to switch off the parameter escaping, then you can do it by passing the "parameterized: false" flag to the query source. Note that the query builder will still throw an error if the parameter's type is incorrect, so for example you can't pass a string to a number column even if the parameters are not escaped.

let db = new PgQuerySource(client, { parameterized: false });
Logging

You can log the SQL queries performed by the library two different ways: By passing the logging flag to the query source object, and then the queries will be written to the console by the debug tool under the 'type-sql' tag:

let db = new PgQuerySource(client, { logging: true });

Or you can pass a custom logger function to the query source:

let db = new PgQuerySource(client, { logger: (sql: string, params?: any[]) => { console.log(sql, params); }})
Licensing

MIT License

Keywords

FAQs

Last updated on 03 Jan 2017

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc