Gathering detailed insights and metrics for objection
Gathering detailed insights and metrics for objection
Installations
npm install objectionDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=14.0.0
Node Version
20.12.2
NPM Version
10.5.0
Releases
Unable to fetch releases
Languages
4
JavaScript
TypeScript
PEG.js
Shell
JavaScript (95.47%)
TypeScript (4.25%)
PEG.js (0.27%)
Shell (0.01%)
Developer
Download Statistics
Total Downloads
34,185,465
Last Day
25,118
Last Week
137,398
Last Month
597,213
Last Year
6,791,222
GitHub Statistics
MIT License
7,322 Stars
2,214 Commits
641 Forks
78 Watchers
11 Branches
160 Contributors
Updated on May 06, 2025
Bundle Size
386.61 kB
Minified
105.82 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
3.1.5
Package Id
objection@3.1.5
Unpacked Size
629.45 kB
Size
133.49 kB
File Count
181
NPM Version
10.5.0
Node Version
20.12.2
Published on
Sep 25, 2024
Total Downloads
Cumulative downloads
Total Downloads
34,185,465
Last Day
39.3%
25,118
Compared to previous day
Last Week
4.9%
137,398
Compared to previous week
Last Month
-7%
597,213
Compared to previous month
Last Year
0.9%
6,791,222
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Peer Dependencies
1
Objection.js
Objection.js is an ORM for Node.js that aims to stay out of your way and make it as easy as possible to use the full power of SQL and the underlying database engine while still making the common stuff easy and enjoyable.
Even though ORM is the best commonly known acronym to describe objection, a more accurate description is to call it a relational query builder. You get all the benefits of an SQL query builder but also a powerful set of tools for working with relations.
Objection.js is built on an SQL query builder called knex. All databases supported by knex are supported by objection.js. SQLite3, Postgres and MySQL are thoroughly tested.
What objection.js gives you:
- An easy declarative way of defining models and relationships between them
- Simple and fun way to fetch, insert, update and delete objects using the full power of SQL
- Powerful mechanisms for eager loading, inserting and upserting object graphs
- Easy to use transactions
- Official TypeScript support
- Optional JSON schema validation
- A way to store complex documents as single rows
What objection.js doesn't give you:
- A fully object oriented view of your database With objection you don't work with entities. You work with queries. Objection doesn't try to wrap every concept with an object oriented equivalent. The best attempt to do that (IMO) is Hibernate, which is excellent, but it has 800k lines of code and a lot more concepts to learn than SQL itself. The point is, writing a good traditional ORM is borderline impossible. Objection attempts to provide a completely different way of working with SQL.
- A custom query DSL. SQL is used as a query language. This doesn't mean you have to write SQL strings though. A query builder based on knex is used to build the SQL. However, if the query builder fails you for some reason, raw SQL strings can be easily written using the raw helper function.
- Automatic database schema creation and migration from model definitions. For simple things it is useful that the database schema is automatically generated from the model definitions, but usually just gets in your way when doing anything non-trivial. Objection.js leaves the schema related things to you. knex has a great migration tool that we recommend for this job. Check out the example project.
The best way to get started is to clone our example project and start playing with it. There's also a typescript version available.
Check out this issue to see who is using objection and what they think about it.
Shortcuts:
Critical
9.8/10
Summary
objection.js Prototype Pollution vulnerability
Affected Versions
< 2.2.16
Patched Versions
2.2.16
Reason
no vulnerabilities detected
Reason
license file detected
Details
- Info: : LICENSE:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Vincit/objection.js/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Vincit/objection.js/test.yml/master?enable=pin
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
GitHub code reviews found for 6 commits out of the last 30 -- score normalized to 2
Details
- Warn: no reviews found for commit: 8f8896584281c87773fab33025061cddab2ebc3f
- Warn: no reviews found for commit: 6ab6dd87cd89081dc2bff804a4cd989a32136905
- Warn: no reviews found for commit: f5ad7b9b2739b8e958e20680338fcdd9a8e7ed34
- Warn: no reviews found for commit: 8d018f4afdb9925735f5d2fe582db3eec383ff3a
- Warn: no reviews found for commit: 2dda08390a6eb2bf49ca92cbc9201a4b6d9dcb05
- Warn: no reviews found for commit: 4c802958f713e30dce3de1c9b690354e7b7eb69a
- Warn: no reviews found for commit: 139c59427465f3e62f4a3a027393adc87f862326
- Warn: no reviews found for commit: 5de9e2af404b6ebcbde3852124db00541f215b38
- Warn: no reviews found for commit: 9a66f2160820d6fe4c4121c13b65591b35f2a108
- Warn: no reviews found for commit: 0ececc74b4c7121d52b358b4e2854c15689f7300
- Warn: no reviews found for commit: cef73c4525edcbb48399785756fecefb050d01bd
- Warn: no reviews found for commit: d8ca98a1d85fb6cf8b1b293650fbf0f4cf43d284
- Warn: no reviews found for commit: 5ddccc499fc8dabbb7d1ab86952380ec1f58e81b
- Warn: no reviews found for commit: f626133e911cebef50e572320410230b2b5e9f27
- Warn: no reviews found for commit: 493364988899fbb684f60558519febdb5804a7a6
- Warn: no reviews found for commit: 8f44dd584315380ca029f181cb0fb89420ccda38
- Warn: no reviews found for commit: 7116382c0e2b3e54fb00d9281ffd3ae0dc42d6d7
- Warn: no reviews found for commit: 90350f4492c2168ec288dbd897e6ff4fcc47edf2
- Warn: no reviews found for commit: e51974d1cd2137c8180eca1d9c59f47390aa932f
- Warn: no reviews found for commit: eedbad04aba439d434f86043ebb0b6b557e9f7d3
- Warn: no reviews found for commit: 707e561f323e26b419fc006c0cb908adc42e8db6
- Warn: no reviews found for commit: aef27c11e4bff99356254423963dc3652b619a94
- Warn: no reviews found for commit: 23ce2af9efa1f75ba2d5a1c0f3fcd14de857553d
- Warn: no reviews found for commit: 7c8a2825343d59c1bb32881fffb0806c8118c97b
Reason
0 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 0
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/Vincit/objection.js/test.yml/master?enable=permissions
Reason
security policy file not detected
Reason
project is not fuzzed
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
4.5
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More