Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
🔥 The perfect ORM to work with complex databases 🔥
Documentation: https://edgy.dymmond.com 📚
Source Code: https://github.com/dymmond/edgy
From the same author of Saffier, Edgy is also an ORM but different from its predecessor. Saffier is more of a Generic ORM for probably 99.9% of every single day application and works perfectly well with it, whereas Edgy is also that and more.
Edgy comes with batteries included thanks to Pydantic so that means your models are 100% Pydantic which also means you get all the benefits of the technology (like automatic validations...) out of the box with the need of building independent schemas to validate those fields before injest them into a database.
Was it already mentioned that Edgy is extremely fast? Well, it is!
Almost every project, in one way or another uses one (or many) databases. An ORM is simply an mapping of the top of an existing database. ORM extends for Object Relational Mapping and bridges object-oriented programs and relational databases.
Two of the most well known ORMs are from Django and SQLAlchemy. Both have their own strenghts and weaknesses and specific use cases.
This ORM is built on the top of SQLAlchemy core and aims to simplify the way the setup and queries are done into a more common and familiar interface with the power of Pydantic.
Edgy is some sort of a fork from Saffier but rewritten at its core fully in Pydantic 🔥.
This was necessary because Saffier although serving 99.9% of the daily use cases, there was still a great need to add automatic validations and performance, so instead of rewritting Saffier and risking breaking existing use cases already in place, a brand new shiny ORM came to be 😁.
Edgy leverages the power of Pydantic while offering a friendly, familiar and easy to use interface.
This ORM was designed to be flexible and compatible with pretty much every ASGI framework, like Esmerald, Starlette, FastAPI, Sanic, Quart... With simple pluggable design thanks to its origins.
While adopting a familiar interface, it offers some cool and powerful features on the top of SQLAlchemy core.
update
, get
, get_or_none
, bulk_create
,
bulk_update
, values
, values_list
, only
, defer
and a lot more.OneToOne
, ForeignKey
and ManyToMany
in the same Django style.And a lot more you can do here.
Since Edgy, like Saffier, it is built on the top of SQLAlchemy core and brings its own native migration system running on the top of Alembic but making it a lot easier to use and more pleasant for you.
Have a look at the migrations for more details.
To install Edgy, simply run:
$ pip install edgy
You can pickup your favourite database driver by yourself or you can run:
Postgres
$ pip install edgy[postgres]
MySQL/MariaDB
$ pip install edgy[mysql]
SQLite
$ pip install edgy[sqlite]
MSSQL
$ pip install edgy[mssql]
The following is an example how to start with Edgy and more details and examples can be found throughout the documentation.
Use ipython
to run the following from the console, since it supports await
.
import edgy
from edgy import Database, Registry
database = Database("sqlite:///db.sqlite")
models = Registry(database=database)
class User(edgy.Model):
"""
The User model to be created in the database as a table
If no name is provided the in Meta class, it will generate
a "users" table for you.
"""
id: int = edgy.IntegerField(primary_key=True)
is_active: bool = edgy.BooleanField(default=False)
class Meta:
registry = models
# Create the db and tables
# Don't use this in production! Use Alembic or any tool to manage
# The migrations for you
await models.create_all() # noqa
await User.query.create(is_active=False) # noqa
user = await User.query.get(id=1) # noqa
print(user)
# User(id=1)
As stated in the example, if no tablename
is provided in the Meta
class, Edgy automatically
generates the name of the table for you by pluralising the class name.
Edgy model declaration with typing
is merely visual. The validations of the fields
are not done by the typing of the attribute of the models but from the edgy fields.
Which means you don't need to worry about the wrong typing as long as you declare the correct field type.
So does that mean pydantic won't work if you don't declare the type? Absolutely not. Internally Edgy runs those validations through the declared fields and the Pydantic validations are done exactly in the same way you do a normal Pydantic model.
Nothing to worry about!
Let us see an example.
With field typing
import edgy
from edgy import Database, Registry
database = Database("sqlite:///db.sqlite")
models = Registry(database=database)
class User(edgy.Model):
"""
The User model to be created in the database as a table
If no name is provided the in Meta class, it will generate
a "users" table for you.
"""
id: int = edgy.IntegerField(primary_key=True)
is_active: bool = edgy.BooleanField(default=False)
class Meta:
registry = models
Without field typing
import edgy
from edgy import Database, Registry
database = Database("sqlite:///db.sqlite")
models = Registry(database=database)
class User(edgy.Model):
"""
The User model to be created in the database as a table
If no name is provided the in Meta class, it will generate
a "users" table for you.
"""
id = edgy.IntegerField(primary_key=True)
is_active = edgy.BooleanField(default=False)
class Meta:
registry = models
It does not matter if you type or not, Edgy knows what and how to validate via edgy fields
like
IntegerField
or BooleanField
or any other field.
Do you want to have more complex structures and connect to your favourite framework? Have a look at connections to understand how to do it properly.
Esmerald
ecosystemThis does not mean that only works with Esmerald! Edgy is also framework agnostic but the author of Edgy is the same of Saffier and Esmerald which makes it nicer to integrate directly with Esmerald.
How could you integrate Edgy
with Esmerald (or any other framework)?
Let us see an example. Since Edgy is fully Pydantic that means we can perform tasks directly.
from esmerald import Esmerald, Gateway, post
import edgy
from edgy.testclient import DatabaseTestClient as Database
database = Database("sqlite:///db.sqlite")
models = edgy.Registry(database=database)
class User(edgy.Model):
id: int = edgy.IntegerField(primary_key=True)
name: str = edgy.CharField(max_length=100)
email: str = edgy.EmailField(max_length=100)
language: str = edgy.CharField(max_length=200, null=True)
description: str = edgy.TextField(max_length=5000, null=True)
class Meta:
registry = models
@post("/create")
async def create_user(data: User) -> User:
"""
You can perform the same directly like this
as the validations for the model (nulls, mandatories, @field_validators)
already did all the necessary checks defined by you.
"""
user = await data.save()
return user
app = Esmerald(
routes=[Gateway(handler=create_user)],
on_startup=[database.connect],
on_shutdown=[database.disconnect],
)
The response of the API /create
should have a format similar to this (assuming the post with the following payload as well):
{
"id": 1,
"name": "Edgy",
"email": "edgy@esmerald.dev",
"language": "EN",
"description": "A description",
}
All the examples of this documentation will be using field typing but it is up to you if you want to use them or not.
Exciting!
In the documentation we go deeper in explanations and examples, this was just to warm up. 😁
FAQs
🔥 The perfect ORM to work with complex databases 🔥
We found that edgy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.