Gathering detailed insights and metrics for knex
Gathering detailed insights and metrics for knex
A query builder for PostgreSQL, MySQL, CockroachDB, SQL Server, SQLite3 and Oracle, designed to be flexible, portable, and fun to use.
Installations
npm install knexDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, UMD
Min. Node Version
>=16
Node Version
20.9.0
NPM Version
10.1.0
Score
93
Supply Chain
98.6
Quality
81.3
Maintenance
100
Vulnerability
99.3
License
Releases
58
Languages
3
JavaScript
TypeScript
Shell
JavaScript (95.24%)
TypeScript (4.63%)
Shell (0.12%)
Developer
Download Statistics
Total Downloads
371,177,738
Last Day
97,238
Last Week
2,117,107
Last Month
9,566,332
Last Year
98,172,927
GitHub Statistics
MIT License
19,899 Stars
3,082 Commits
2,155 Forks
206 Watchers
33 Branches
614 Contributors
Updated on Jun 30, 2025
Bundle Size
311.97 kB
Minified
86.27 kB
Minified + Gzipped
Maintainers
5
Package Meta Information
Latest Version
3.1.0
Package Id
knex@3.1.0
Unpacked Size
853.40 kB
Size
208.67 kB
File Count
191
NPM Version
10.1.0
Node Version
20.9.0
Published on
Dec 07, 2023
Total Downloads
Cumulative downloads
Total Downloads
371,177,738
Last Day
-3.7%
97,238
Compared to previous day
Last Week
-8.6%
2,117,107
Compared to previous week
Last Month
-1.1%
9,566,332
Compared to previous month
Last Year
17.2%
98,172,927
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
14
Dev Dependencies
40
@tsconfig/recommended@types/nodebetter-sqlite3chaichai-as-promisedchai-subset-in-ordercli-testlabcoverallscross-envdtslinteslinteslint-config-prettiereslint-plugin-importeslint-plugin-mocha-no-onlyeslint-plugin-prettierhuskyjakeJSONStreamlint-stagedmochamock-fsmysqlmysql2nycoracledbpgpg-query-streamprettierrimrafsinonsinon-chaisource-map-supportsqlite3tap-spectapetedioustoxiproxy-node-clientts-nodetsdtypescript
knex.js
A SQL query builder that is flexible, portable, and fun to use!
A batteries-included, multi-dialect (PostgreSQL, MySQL, CockroachDB, MSSQL, SQLite3, Oracle (including Oracle Wallet Authentication)) query builder for Node.js, featuring:
- transactions
- connection pooling
- streaming queries
- both a promise and callback API
- a thorough test suite
Node.js versions 12+ are supported.
- Take a look at the full documentation to get started!
- Browse the list of plugins and tools built for knex
- Check out our recipes wiki to search for solutions to some specific problems
- In case of upgrading from an older version, see migration guide
You can report bugs and discuss features on the GitHub issues page or send tweets to @kibertoad.
For support and questions, join our Gitter channel.
For knex-based Object Relational Mapper, see:
- https://github.com/Vincit/objection.js
- https://github.com/mikro-orm/mikro-orm
- https://bookshelfjs.org
To see the SQL that Knex will generate for a given query, you can use Knex Query Lab
Examples
We have several examples on the website. Here is the first one to get you started:
1const knex = require('knex')({ 2 client: 'sqlite3', 3 connection: { 4 filename: './data.db', 5 }, 6}); 7 8try { 9 // Create a table 10 await knex.schema 11 .createTable('users', (table) => { 12 table.increments('id'); 13 table.string('user_name'); 14 }) 15 // ...and another 16 .createTable('accounts', (table) => { 17 table.increments('id'); 18 table.string('account_name'); 19 table.integer('user_id').unsigned().references('users.id'); 20 }); 21 22 // Then query the table... 23 const insertedRows = await knex('users').insert({ user_name: 'Tim' }); 24 25 // ...and using the insert id, insert into the other table. 26 await knex('accounts').insert({ 27 account_name: 'knex', 28 user_id: insertedRows[0], 29 }); 30 31 // Query both of the rows. 32 const selectedRows = await knex('users') 33 .join('accounts', 'users.id', 'accounts.user_id') 34 .select('users.user_name as user', 'accounts.account_name as account'); 35 36 // map over the results 37 const enrichedRows = selectedRows.map((row) => ({ ...row, active: true })); 38 39 // Finally, add a catch statement 40} catch (e) { 41 console.error(e); 42}
TypeScript example
1import { Knex, knex } from 'knex'; 2 3interface User { 4 id: number; 5 age: number; 6 name: string; 7 active: boolean; 8 departmentId: number; 9} 10 11const config: Knex.Config = { 12 client: 'sqlite3', 13 connection: { 14 filename: './data.db', 15 }, 16}; 17 18const knexInstance = knex(config); 19 20try { 21 const users = await knex<User>('users').select('id', 'age'); 22} catch (err) { 23 // error handling 24}
Usage as ESM module
If you are launching your Node application with --experimental-modules, knex.mjs should be picked up automatically and named ESM import should work out-of-the-box.
Otherwise, if you want to use named imports, you'll have to import knex like this:
1import { knex } from 'knex/knex.mjs';
You can also just do the default import:
1import knex from 'knex';
If you are not using TypeScript and would like the IntelliSense of your IDE to work correctly, it is recommended to set the type explicitly:
1/** 2 * @type {Knex} 3 */ 4const database = knex({ 5 client: 'mysql', 6 connection: { 7 host: '127.0.0.1', 8 user: 'your_database_user', 9 password: 'your_database_password', 10 database: 'myapp_test', 11 }, 12}); 13database.migrate.latest();
Critical
9.8/10
Summary
SQL Injection in knex
Affected Versions
< 0.19.5
Patched Versions
0.19.5
High
7.5/10
Summary
Knex.js has a limited SQL injection vulnerability
Affected Versions
< 2.4.0
Patched Versions
2.4.0
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 20/27 approved changesets -- score normalized to 7
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 3 commits out of 26 are checked with a SAST tool
Reason
0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:17
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:18
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/coverage.yml:13
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/coverage.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/coverage.yml:7
- Warn: no topLevel permission defined: .github/workflows/docs-deploy.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/integration-tests.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/linting.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/unit-tests.yml:13
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/coverage.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/coverage.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/coverage.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linting.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/linting.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linting.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/linting.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/unit-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/unit-tests.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/integration-tests.yml:60
- Warn: npmCommand not pinned by hash: .github/workflows/integration-tests.yml:71
- Warn: npmCommand not pinned by hash: .github/workflows/integration-tests.yml:131
- Warn: npmCommand not pinned by hash: .github/workflows/linting.yml:38
- Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:38
- Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:41
- Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 1 out of 9 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Score
4
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More