node-sql-template-strings
slonik
Our great sponsors
node-sql-template-strings | slonik | |
---|---|---|
6 | 71 | |
598 | 4,328 | |
- | - | |
0.0 | 9.2 | |
2 months ago | about 22 hours ago | |
JavaScript | TypeScript | |
ISC License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
node-sql-template-strings
-
Write SQL Queries With Confidence (TypeScript + Postgres)
Ah, I see it. I'm assuming node-sql-template-strings or an equivalent?
-
I thought I knew what I was doing
There is also some other interesting use cases.
- DenoDB
-
Slonik: A PostgreSQL client with strict types, detailed logging, and assertions
Any pitfalls that you encountered?
I'm trying to decide between this, or writing my own helpers around https://github.com/felixfbecker/node-sql-template-strings.
Also, have you found anything the solves typechecking of embedded expressions inside the SQL template?
For example, Webstorm will help you autocomplete your SQL, but you can still type:
SELECT * FROM foo WHERE barInt = ${bazStr}
Any reason you chose that over node-sql-template-strings [1], which looks very similar?
[1] https://github.com/felixfbecker/node-sql-template-strings
-
How do I prevent SQL injection in this function? I am using pg-promise
sql-template-strings is a really simple and elegant solution for parameterized queries.
slonik
-
Drizzle is just as unready for prime-time as Prisma, what else is there?
I'd push you to consider using postgres, slonik or similar for database queries. With these libraries, you just write SQL, but they perform input sanitization for you. So you can safely write:
-
PostgresJs: The Fastest full featured PostgreSQL client for Node.js and Deno
You can already use postgres with Slonik.
https://github.com/gajus/slonik#user-content-slonik-how-are-...
It is not going to be the default because it is way slower.
https://github.com/gajus/slonik/actions/runs/6616647651
Test node_version:18 test_only:postgres-integration is taking 3 minutes.
Test node_version:18 test_only:pg-integration is taking 38 seconds.
-
Integrating Slonik with Express.js
For those uninitiated, Slonik is a battle-tested SQL query building and execution library for Node.js. Its primary goal is to allow you to write and compose SQL queries in a safe and convenient way. Now, let's see how it pairs with Express.js.
-
We use TypeScript not based on preference, but because we want to make money
I've found libraries like Zod useful when interacting with external data sources like a database. Slonik[1] uses Zod to define the types expected from a SQL query and then performs runtime validation on the data to ensure that the query is yielding the expected type.
I don't think it's necessary to use Zod/runtime validation everywhere, but it's a nice tool to have on hand.
-
Is ORM still an anti-pattern?
Demonstrate how easily and accidentally one can make an SQL injection with these:
-
The Epic Stack by Kent C. Dodds
Have you tried Slonik (https://github.com/gajus/slonik)? It won't generate types from queries automatically, but it encourages writing SQL vs. a query builder and allows type annotations of queries with Zod. Query results are validated at runtime to ensure the queries are typed correctly.
- TIL that you don’t shouldn’t be generating TypeScript declarations for a distributable library
-
All JavaScript and TypeScript features of the last 3 years explained
Definitely a lot of misconceptions around how this would work. Just check out something like slonik, https://github.com/gajus/slonik, which is an excellent implementation.
The example you gave actually isn't valid, because what you're doing is generating SQL dynamically, and that doesn't work the way prepared statements work. That is, you can't have a prepared statement like "select foo from bar where zed = ? order by ? asc", because with prepared statements the question marks can only substitute for VALUES, not schema names. So if you wanted to do something like that it slonik, it would fail. With slonik you CAN do dynamic SQL, that is guaranteed to be safe and checked at compile time with TypeScript, because you can nest SQL tagged template. That is you can do this:
const colToSortBy = useFoo ? sql`foo` : sql`bar`;
-
Working with TypeORM 0.3x with Nestjs - I wasn't aware so many people were facing issues with it
In general with ORMs, you will face a problem in one way or another. I ended up simply using https://github.com/gajus/slonik and https://github.com/amacneil/dbmate for migrations. My life is way much better since then.
What are some alternatives?
Knex - A query builder for PostgreSQL, MySQL, CockroachDB, SQL Server, SQLite3 and Oracle, designed to be flexible, portable, and fun to use.
TypeORM - ORM for TypeScript and JavaScript. Supports MySQL, PostgreSQL, MariaDB, SQLite, MS SQL Server, Oracle, SAP Hana, WebSQL databases. Works in NodeJS, Browser, Ionic, Cordova and Electron platforms.
Prisma - Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite, MongoDB and CockroachDB
Sequelize - Feature-rich ORM for modern Node.js and TypeScript, it supports PostgreSQL (with JSON and JSONB support), MySQL, MariaDB, SQLite, MS SQL Server, Snowflake, Oracle DB (v6), DB2 and DB2 for IBM i.
pgtyped - pgTyped - Typesafe SQL in TypeScript
pg-promise - PostgreSQL interface for Node.js
denodb - MySQL, SQLite, MariaDB, PostgreSQL and MongoDB ORM for Deno
ts-sql - A SQL database implemented purely in TypeScript type annotations.
PostgreSQL - PostgreSQL client for node.js.
postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
zapatos - Zero-abstraction Postgres for TypeScript: a non-ORM database library
drizzle-orm - Headless TypeScript ORM with a head. Runs on Node, Bun and Deno. Lives on the Edge and yes, it's a JavaScript ORM too 😅