- 🚀 Fastest full-featured node & deno client
- 🏷 ES6 Tagged Template Strings at the core
- 🏄♀️ Simple surface API
- 🖊️ Dynamic query support
- 💬 Chat and help on Gitter
- 🐦 Follow on Twitter
$ npm install postgresCreate your sql database instance
// db.js
import postgres from 'postgres'
const sql = postgres({ /* options */ }) // will use psql environment variables
export default sqlSimply import for use elsewhere
// users.js
import sql from './db.js'
async function getUsersOver(age) {
const users = await sql`
select
name,
age
from users
where age > ${ age }
`
// users = Result [{ name: "Walter", age: 80 }, { name: 'Murray', age: 68 }, ...]
return users
}
async function insertUser({ name, age }) {
const users = await sql`
insert into users
(name, age)
values
(${ name }, ${ age })
returning name, age
`
// users = Result [{ name: "Murray", age: 68 }]
return users
}The library can be used with ESM dynamic imports as well as shown here.
const { default: postgres } = await import('postgres')- Connection
- Queries
- Building queries
- Advanced query methods
- Transactions
- Data Transformation
- Listen & notify
- Realtime subscribe
- Numbers, bigint, numeric
- Result Array
- Connection details
- Custom Types
- Teardown / Cleanup
- Error handling
- TypeScript support
- Reserving connections
- Changelog
You can use either a postgres:// url connection string or the options to define your database connection properties. Options in the object will override any present in the url. Options will fall back to the same environment variables as psql.
const sql = postgres('postgres://username:password@host:port/database', {
host : '', // Postgres ip address[s] or domain name[s]
port : 5432, // Postgres server port[s]
database : '', // Name of database to connect to
username : '', // Username of database user
password : '', // Password of database user
...and more
})More options can be found in the Connection details section.
Postgres.js utilizes Tagged template functions to process query parameters before interpolation. Using tagged template literals benefits developers by:
- Enforcing safe query generation
- Giving the
sql``function powerful utility and query building features.
Any generic value will be serialized according to an inferred type, and replaced by a PostgreSQL protocol placeholder $1, $2, .... The parameters are then sent separately to the database which handles escaping & casting.
All queries will return a Result array, with objects mapping column names to each row.
const xs = await sql`
insert into users (
name, age
) values (
'Murray', 68
)
returning *
`
// xs = [{ user_id: 1, name: 'Murray', age: 68 }]Please note that queries are first executed when
awaited– or instantly by using.execute().
Parameters are automatically extracted and handled by the database so that SQL injection isn't possible. No special handling is necessary, simply use tagged template literals as usual.
const name = 'Mur'
, age = 60
const users = await sql`
select
name,
age
from users
where
name like ${ name + '%' }
and age > ${ age }
`
// users = [{ name: 'Murray', age: 68 }]Be careful with quotation marks here. Because Postgres infers column types, you do not need to wrap your interpolated parameters in quotes like
'${name}'. This will cause an error because the tagged template replaces${name}with$1in the query string, leaving Postgres to do the interpolation. If you wrap that in a string, Postgres will see'$1'and interpret it as a string as opposed to a parameter.
const columns = ['name', 'age']
await sql`
select
${ sql(columns) }
from users
`
// Which results in:
select "name", "age" from usersconst user = {
name: 'Murray',
age: 68
}
await sql`
insert into users ${
sql(user, 'name', 'age')
}
`
// Which results in:
insert into users ("name", "age") values ($1, $2)
// The columns can also be given with an array
const columns = ['name', 'age']
await sql`
insert into users ${
sql(user, columns)
}
`You can omit column names and simply execute sql(user) to get all the fields from the object as columns. Be careful not to allow users to supply columns that you do not want to be inserted.
If you need to insert multiple rows at the same time it's also much faster to do it with a single insert. Simply pass an array of objects to sql().
const users = [{
name: 'Murray',
age: 68,
garbage: 'ignore'
},
{
name: 'Walter',
age: 80
}]
await sql`insert into users ${ sql(users, 'name', 'age') }`
// Is translated to:
insert into users ("name", "age") values ($1, $2), ($3, $4)
// Here you can also omit column names which will use object keys as columns
await sql`insert into users ${ sql(users) }`
// Which results in:
insert into users ("name", "age") values ($1, $2), ($3, $4)This is also useful for update queries
const user = {
id: 1,
name: 'Murray',
age: 68
}
await sql`
update users set ${
sql(user, 'name', 'age')
}
where user_id = ${ user.id }
`
// Which results in:
update users set "name" = $1, "age" = $2 where user_id = $3
// The columns can also be given with an array
const columns = ['name', 'age']
await sql`
update users set ${
sql(user, columns)
}
where user_id = ${ user.id }
`To create multiple updates in a single query, it is necessary to use arrays instead of objects to ensure that the order of the items correspond with the column names.
const users = [
[1, 'John', 34],
[2, 'Jane', 27],
]
await sql`
update users set name = update_data.name, age = (update_data.age)::int
from (values ${sql(users)}) as update_data (id, name, age)
where users.id = (update_data.id)::int
returning users.id, users.name, users.age
`Value lists can also be created dynamically, making where in queries simple too.
const users = await sql`
select
*
from users
where age in ${ sql([68, 75, 23]) }
`or
const [{ a, b, c }] = await sql`
select
*
from (values ${ sql(['a', 'b', 'c']) }) as x(a, b, c)
`Postgres.js features a simple dynamic query builder by conditionally appending/omitting query fragments.
It works by nesting sql`` fragments within other sql`` calls or fragments. This allows you to build dynamic queries safely without risking sql injections through usual string concatenation.
const olderThan = x => sql`and age > ${ x }`
const filterAge = true
await sql`
select
*
from users
where name is not null ${
filterAge
? olderThan(50)
: sql``
}
`
// Which results in:
select * from users where name is not null
// Or
select * from users where name is not null and age > 50await sql`
select
*
from users ${
id
? sql`where user_id = ${ id }`
: sql``
}
`
// Which results in:
select * from users
// Or
select * from users where user_id = $1const id = 1
const order = {
username: 'asc'
created_at: 'desc'
}
await sql`
select
*
from ticket
where account = ${ id }
order by ${
Object.entries(order).flatMap(([column, order], i) =>
[i ? sql`,` : sql``, sql`${ sql(column) } ${ order === 'desc' ? sql`desc` : sql`asc` }`]
)
}
`Using keywords or calling functions dynamically is also possible by using sql`` fragments.
const date = null
await sql`
update users set updated_at = ${ date || sql`now()` }
`
// Which results in:
update users set updated_at = now()Dynamic identifiers like table names and column names is also supported like so:
const table = 'users'
, column = 'id'
await sql`
select ${ sql(column) } from ${ sql(table) }
`
// Which results in:
select "id" from "users"Here's a quick oversight over all the ways to do interpolation in a query template string:
| Interpolation syntax | Usage | Example |
|---|---|---|
${ sql`` } |
for keywords or sql fragments | await sql`SELECT * FROM users ${sql`order by age desc` }` |
${ sql(string) } |
for identifiers | await sql`SELECT * FROM ${sql('table_name')` |
${ sql([] or {}, ...) } |
for helpers | await sql`INSERT INTO users ${sql({ name: 'Peter'})}` |
${ 'somevalue' } |
for values | await sql`SELECT * FROM users WHERE age = ${42}` |
Use cursors if you need to throttle the amount of rows being returned from a query. You can use a cursor either as an async iterable or with a callback function. For a callback function new results won't be requested until the promise / async callback function has resolved.
await sql`
select
*
from generate_series(1,4) as x
`.cursor(async([row]) => {
// row = { x: 1 }
await http.request('https://example.com/wat', { row })
})// for await...of
const cursor = sql`select * from generate_series(1,4) as x`.cursor()
for await (const [row] of cursor) {
// row = { x: 1 }
await http.request('https://example.com/wat', { row })
}A single row will be returned by default, but you can also request batches by setting the number of rows desired in each batch as the first argument to .cursor:
await sql`
select
*
from generate_series(1,1000) as x
`.cursor(10, async rows => {
// rows = [{ x: 1 }, { x: 2 }, ... ]
await Promise.all(rows.map(row =>
http.request('https://example.com/wat', { row })
))
})If an error is thrown inside the callback function no more rows will be requested and the outer promise will reject with the thrown error.
You can close the cursor early either by calling break in the for await...of loop, or by returning the token sql.CLOSE from the callback function.
await sql`
select * from generate_series(1,1000) as x
`.cursor(row => {
return Math.random() > 0.9 && sql.CLOSE // or sql.END
})If you want to handle rows returned by a query one by one, you can use .forEach which returns a promise that resolves once there are no more rows.
await sql`
select created_at, name from events
`.forEach(row => {
// row = { created_at: '2019-11-22T14:22:00Z', name: 'connected' }
})
// No more rowsRather than executing a given query, .describe will return information utilized in the query process. This information can include the query identifier, column types, etc.
This is useful for debugging and analyzing your Postgres queries. Furthermore, .describe will give you access to the final generated query string that would be executed.
Using .values will return rows as an array of values for each column, instead of objects.
This can be useful to receive identically named columns, or for specific performance/transformation reasons. The column definitions are still included on the result array, plus access to parsers for each column.
Using .raw will return rows as an array with Buffer values for each column, instead of objects.
This can be useful for specific performance/transformation reasons. The column definitions are still included on the result array, plus access to parsers for each column.
Using a file for a query is also supported with optional parameters to use if the file includes $1, $2, etc
const result = await sql.file('query.sql', ['Murray', 68])The postgres wire protocol supports "simple" and "extended" queries. "simple" queries supports multiple statements, but does not support any dynamic parameters. "extended" queries support parameters but only one statement. To use "simple" queries you can use
sql``.simple(). That will create it as a simple query.
await sql`select 1; select 2;`.simple()Postgres.js supports COPY ... queries, which are exposed as Node.js streams.
import { pipeline } from 'node:stream/promises'
// Stream of users with the default tab delimitated cells and new-line delimitated rows
const userStream = Readable.from([
'Murray\t68\n',
'Walter\t80\n'
])
const query = await sql`copy users (name, age) from stdin`.writable()
await pipeline(userStream, query);import { pipeline } from 'node:stream/promises'
import { createWriteStream } from 'node:fs'
const readableStream = await sql`copy users (name, age) to stdout`.readable()
await pipeline(readableStream, createWriteStream('output.tsv'))
// output.tsv content: `Murray\t68\nWalter\t80\n`const readableStream = await sql`
copy (
select name, age
from users
where age = 68
) to stdout
`.readable()
for await (const chunk of readableStream) {
// chunk.toString() === `Murray\t68\n`
}NOTE This is a low-level API which does not provide any type safety. To make this work, you must match your
copy queryparameters correctly to your Node.js stream read or write code. Ensure Node.js stream backpressure is handled correctly to avoid memory exhaustion.
Postgres.js supports, canceling queries in progress. It works by opening a new connection with a protocol level startup message to cancel the current query running on a specific connection. That means there is no guarantee that the query will be canceled, and due to the possible race conditions it might even result in canceling another query. This is fine for long running queries, but in the case of high load and fast queries it might be better to simply ignore results instead of canceling.
const query = sql`select pg_sleep 100`.execute()
setTimeout(() => query.cancel(), 100)
const result = await queryThe lazy Promise implementation in Postgres.js is what allows it to distinguish Nested Fragments from the main outer query. This also means that queries are always executed at the earliest in the following tick. If you have a specific need to execute the query in the same tick, you can call .execute()
Advanced unsafe use cases
If you know what you're doing, you can use unsafe to pass any string you'd like to postgres. Please note that this can lead to SQL injection if you're not careful.
sql.unsafe('select ' + danger + ' from users where id = ' + dragons)By default, sql.unsafe assumes the query string is sufficiently dynamic that prepared statements do not make sense, and so defaults them to off. If you'd like to re-enable prepared statements, you can pass { prepare: true }.
You can also nest sql.unsafe within a safe sql expression. This is useful if only part of your fraction has unsafe elements.
const triggerName = 'friend_created'
const triggerFnName = 'on_friend_created'
const eventType = 'insert'
const schema_name = 'app'
const table_name = 'friends'
await sql`
create or replace trigger ${sql(triggerName)}
after ${sql.unsafe(eventType)} on ${sql.unsafe(`${schema_name}.${table_name}`)}
for each row
execute function ${sql(triggerFnName)}()
`
await sql`
create role friend_service with login password ${sql.unsafe(`'${password}'`)}
`