Supply Chain Security
Vulnerability
Quality
Maintenance
License
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
.. image:: https://github.com/MagicStack/asyncpg/workflows/Tests/badge.svg :target: https://github.com/MagicStack/asyncpg/actions?query=workflow%3ATests+branch%3Amaster :alt: GitHub Actions status .. image:: https://img.shields.io/pypi/v/asyncpg.svg :target: https://pypi.python.org/pypi/asyncpg
asyncpg is a database interface library designed specifically for
PostgreSQL and Python/asyncio. asyncpg is an efficient, clean implementation
of PostgreSQL server binary protocol for use with Python's asyncio
framework. You can read more about asyncpg in an introductory
blog post <http://magic.io/blog/asyncpg-1m-rows-from-postgres-to-python/>_.
asyncpg requires Python 3.8 or later and is supported for PostgreSQL versions 9.5 to 17. Other PostgreSQL versions or other databases implementing the PostgreSQL protocol may work, but are not being actively tested.
The project documentation can be found
here <https://magicstack.github.io/asyncpg/current/>_.
In our testing asyncpg is, on average, 5x faster than psycopg3.
.. image:: https://raw.githubusercontent.com/MagicStack/asyncpg/master/performance.png?fddca40ab0 :target: https://gistpreview.github.io/?0ed296e93523831ea0918d42dd1258c2
The above results are a geometric mean of benchmarks obtained with PostgreSQL
client driver benchmarking toolbench <https://github.com/MagicStack/pgbench>_
in June 2023 (click on the chart to see full details).
asyncpg implements PostgreSQL server protocol natively and exposes its features directly, as opposed to hiding them behind a generic facade like DB-API.
This enables asyncpg to have easy-to-use support for:
asyncpg is available on PyPI. When not using GSSAPI/SSPI authentication it has no dependencies. Use pip to install::
$ pip install asyncpg
If you need GSSAPI/SSPI authentication, use::
$ pip install 'asyncpg[gssauth]'
For more details, please see the documentation <https://magicstack.github.io/asyncpg/current/installation.html>_.
.. code-block:: python
import asyncio
import asyncpg
async def run():
conn = await asyncpg.connect(user='user', password='password',
database='database', host='127.0.0.1')
values = await conn.fetch(
'SELECT * FROM mytable WHERE id = $1',
10,
)
await conn.close()
asyncio.run(run())
asyncpg is developed and distributed under the Apache 2.0 license.
FAQs
An asyncio PostgreSQL driver
We found that asyncpg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.
Security News
The Node.js TSC opted not to endorse a feature bounty program, citing concerns about incentives, governance, and project neutrality.
Research
Security News
A look at the top trends in how threat actors are weaponizing open source packages to deliver malware and persist across the software supply chain.