npmpackage.info

Gathering detailed insights and metrics for knex

knex

A query builder for PostgreSQL, MySQL, CockroachDB, SQL Server, SQLite3 and Oracle, designed to be flexible, portable, and fun to use.

3.1.0

19,400

MIT

JavaScript

86.27 kB

318,372,769 4.7

Installations

npm install knex

Score

85.6

Supply Chain

98.6

Quality

82.2

Maintenance

100

Vulnerability

99.3

License

Pull Requests

Open

139

Total

2,193

Closed

591

Merged

1,463

Issues

Open

1,026

Total

3,961

Closed

2,935

Releases

3.1.0

Published on 07 Dec 2023

3.0.1

Published on 06 Oct 2023

3.0.0

Published on 06 Oct 2023

2.5.1

Published on 12 Jul 2023

2.5.0

Published on 08 Jul 2023

2.4.2

Published on 29 Mar 2023

View all 58 releases

Developer

knex

Developer Guide

BETA

Module System

CommonJS, UMD

Min. Node Version

>=16

Typescript Support

Yes

Node Version

20.9.0

NPM Version

10.1.0 Statistics

19,400 Stars

3,075 Commits

2,131 Forks

209 Watching

31 Branches

616 Contributors

Updated on 28 Nov 2024

Bundle Size

311.97 kB

Minified

86.27 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (96.22%)

TypeScript (3.66%)

Shell (0.12%)

Total Downloads

Cumulative downloads

Total Downloads

318,372,769

Last day

-10.8%

341,310

Compared to previous day

Last week

-0.6%

1,999,898

Compared to previous week

Last month

10.1%

8,327,146

Compared to previous month

Last year

13.7%

88,228,363

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

knex.js

A SQL query builder that is flexible, portable, and fun to use!

A batteries-included, multi-dialect (PostgreSQL, MySQL, CockroachDB, MSSQL, SQLite3, Oracle (including Oracle Wallet Authentication)) query builder for Node.js, featuring:

Node.js versions 12+ are supported.

Take a look at the full documentation to get started!
Browse the list of plugins and tools built for knex
Check out our recipes wiki to search for solutions to some specific problems
In case of upgrading from an older version, see migration guide

You can report bugs and discuss features on the GitHub issues page or send tweets to @kibertoad.

For support and questions, join our Gitter channel.

For knex-based Object Relational Mapper, see:

To see the SQL that Knex will generate for a given query, you can use Knex Query Lab

Examples

We have several examples on the website. Here is the first one to get you started:

1const knex = require('knex')({
2  client: 'sqlite3',
3  connection: {
4    filename: './data.db',
5  },
6});
7
8try {
9  // Create a table
10  await knex.schema
11    .createTable('users', (table) => {
12      table.increments('id');
13      table.string('user_name');
14    })
15    // ...and another
16    .createTable('accounts', (table) => {
17      table.increments('id');
18      table.string('account_name');
19      table.integer('user_id').unsigned().references('users.id');
20    });
21
22  // Then query the table...
23  const insertedRows = await knex('users').insert({ user_name: 'Tim' });
24
25  // ...and using the insert id, insert into the other table.
26  await knex('accounts').insert({
27    account_name: 'knex',
28    user_id: insertedRows[0],
29  });
30
31  // Query both of the rows.
32  const selectedRows = await knex('users')
33    .join('accounts', 'users.id', 'accounts.user_id')
34    .select('users.user_name as user', 'accounts.account_name as account');
35
36  // map over the results
37  const enrichedRows = selectedRows.map((row) => ({ ...row, active: true }));
38
39  // Finally, add a catch statement
40} catch (e) {
41  console.error(e);
42}

TypeScript example

1import { Knex, knex } from 'knex';
2
3interface User {
4  id: number;
5  age: number;
6  name: string;
7  active: boolean;
8  departmentId: number;
9}
10
11const config: Knex.Config = {
12  client: 'sqlite3',
13  connection: {
14    filename: './data.db',
15  },
16};
17
18const knexInstance = knex(config);
19
20try {
21  const users = await knex<User>('users').select('id', 'age');
22} catch (err) {
23  // error handling
24}

Usage as ESM module

If you are launching your Node application with --experimental-modules, knex.mjs should be picked up automatically and named ESM import should work out-of-the-box. Otherwise, if you want to use named imports, you'll have to import knex like this:

1import { knex } from 'knex/knex.mjs';

You can also just do the default import:

1import knex from 'knex';

If you are not using TypeScript and would like the IntelliSense of your IDE to work correctly, it is recommended to set the type explicitly:

1/**
2 * @type {Knex}
3 */
4const database = knex({
5  client: 'mysql',
6  connection: {
7    host: '127.0.0.1',
8    user: 'your_database_user',
9    password: 'your_database_password',
10    database: 'myapp_test',
11  },
12});
13database.migrate.latest();

Stable Version

The latest stable version of the package.

Stable Version

3.1.0

CRITICAL

9.8/10

Summary

SQL Injection in knex

Affected Versions

< 0.19.5

Patched Versions

0.19.5

HIGH

7.5/10

Summary

Knex.js has a limited SQL injection vulnerability

Affected Versions

< 2.4.0

Patched Versions

2.4.0

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

SAST

Determines if the project uses static code analysis.

7

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

6

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/coverage.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/coverage.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/coverage.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/docs-deploy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/integration-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linting-legacy.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/linting-legacy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linting-legacy.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/linting-legacy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linting.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/linting.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linting.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/linting.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/unit-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/knex/knex/unit-tests.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:40
Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:43
Warn: npmCommand not pinned by hash: .github/workflows/integration-tests.yml:60
Warn: npmCommand not pinned by hash: .github/workflows/integration-tests.yml:71
Warn: npmCommand not pinned by hash: .github/workflows/integration-tests.yml:131
Warn: npmCommand not pinned by hash: .github/workflows/linting-legacy.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/linting.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:41
Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 1 out of 10 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

Score

4.7

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

knex

Installations

Score

Pull Requests

139

2,193

591

1,463

Issues

1,026

3,961

2,935

Releases

Developer

Developer Guide

CommonJS, UMD

>=16

Yes

20.9.0

10.1.0

Statistics

Bundle Size

311.97 kB

86.27 kB

Languages

Total Downloads

318,372,769

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

knex.js

Examples

TypeScript example

Usage as ESM module

Stable Version

3.1.0

CRITICAL

HIGH

10

10

10

9

7

6

0

0

0

0

0

0

4.7

/10