Gathering detailed insights and metrics for sequelize
Gathering detailed insights and metrics for sequelize
Feature-rich ORM for modern Node.js and TypeScript, it supports PostgreSQL (with JSON and JSONB support), MySQL, MariaDB, SQLite, MS SQL Server, Snowflake, Oracle DB (v6), DB2 and DB2 for IBM i.
Installations
npm install sequelizeScore
84.8
Supply Chain
88
Quality
90.1
Maintenance
100
Vulnerability
99.6
License
Releases
482
Developer
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
>=10.0.0
Typescript Support
Yes
Node Version
18.20.4
NPM Version
10.7.0
Statistics
29,620 Stars
11,201 Commits
4,280 Forks
409 Watching
51 Branches
1,070 Contributors
Updated on 28 Nov 2024
Bundle Size
1.73 MB
Minified
324.56 kB
Minified + Gzipped
Languages
TypeScript (50.5%)
JavaScript (49.25%)
Shell (0.25%)
Total Downloads
Cumulative downloads
Total Downloads
368,530,233
Last day
3.7%
356,451
Compared to previous day
Last week
3.3%
2,025,945
Compared to previous week
Last month
-1.6%
8,407,444
Compared to previous month
Last year
23.3%
96,902,779
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
16
Dev Dependencies
60
@commitlint/cli@commitlint/config-angular@octokit/rest@octokit/types@types/chai@types/lodash@types/mocha@types/node@types/sinon@typescript-eslint/eslint-plugin@typescript-eslint/parseracornchaichai-as-promisedchai-datetimecheeriocls-hookedcopyfilescross-envdelayesbuildesdocesdoc-ecmascript-proposal-pluginesdoc-inject-style-pluginesdoc-standard-plugineslinteslint-plugin-jsdoceslint-plugin-mochaexpect-typefast-globfs-jetpackhuskyibm_dbjs-combinatoricslcov-result-mergerlint-stagedmariadbmarkdownlint-climochamodule-aliasmysql2node-hooknycoracledbp-mapp-propsp-settlep-timeoutpgpg-hstorerimrafsemantic-releasesemantic-release-fail-on-major-bumpsinonsinon-chaisnowflake-sdksource-map-supportsqlite3tedioustypescript
Versions
Sequelize
Sequelize is an easy-to-use and promise-based Node.js ORM tool for Postgres, MySQL, MariaDB, SQLite, DB2, Microsoft SQL Server, Snowflake, Oracle DB and Db2 for IBM i. It features solid transaction support, relations, eager and lazy loading, read replication and more.
Would you like to contribute? Read our contribution guidelines to know more. There are many ways to help! 😃
:computer: Getting Started
Ready to start using Sequelize? Head to sequelize.org to begin!
- Our Getting Started guide for Sequelize 6 (stable)
- Our Getting Started guide for Sequelize 7 (alpha)
:money_with_wings: Supporting the project
Do you like Sequelize and would like to give back to the engineering team behind it?
We have recently created an OpenCollective based money pool which is shared amongst all core maintainers based on their contributions. Every support is wholeheartedly welcome. ❤️
:pencil: Major version changelog
Please find upgrade information to major versions here:
:book: Resources
:wrench: Tools
:speech_balloon: Translations
:warning: Responsible disclosure
If you have security issues to report, please refer to our Responsible Disclosure Policy for more details.
Stable Version
The latest stable version of the package.
Stable Version
6.37.5
CRITICAL
11
CRITICAL
9.8/10
Summary
SQL Injection in sequelize
Affected Versions
>= 5.0.0, < 5.15.1
Patched Versions
5.15.1
CRITICAL
9.8/10
Summary
SQL Injection in sequelize
Affected Versions
< 4.44.3
Patched Versions
4.44.3
CRITICAL
9.8/10
Summary
SQL Injection via GeoJSON in sequelize
Affected Versions
>= 3.4.0, < 3.23.6
Patched Versions
3.23.6
CRITICAL
10/10
Summary
Sequelize - Default support for “raw attributes” when using parentheses
Affected Versions
< 6.29.0
Patched Versions
6.29.0
CRITICAL
10/10
Summary
Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements
Affected Versions
<= 6.28.2
Patched Versions
6.29.0
CRITICAL
10/10
Summary
Unsafe fall-through in getWhereConditions
Affected Versions
< 6.28.1
Patched Versions
6.28.1
CRITICAL
10/10
Summary
Sequelize vulnerable to SQL Injection via replacements
Affected Versions
< 6.19.1
Patched Versions
6.19.1
CRITICAL
9.8/10
Summary
SQL Injection in sequelize
Affected Versions
< 3.35.1
Patched Versions
3.35.1
CRITICAL
9.8/10
Summary
SQL Injection in sequelize
Affected Versions
>= 5.0.0, < 5.8.11
Patched Versions
5.8.11
CRITICAL
9.8/10
Summary
SQL Injection in sequelize
Affected Versions
>= 4.0.0, < 4.44.3
Patched Versions
4.44.3
CRITICAL
9.8/10
Summary
SQL Injection in sequelize
Affected Versions
< 3.35.1
Patched Versions
3.35.1
HIGH
6
HIGH
7.5/10
Summary
SQL Injection in sequelize
Affected Versions
>= 5.0.0, < 5.3.0
Patched Versions
5.3.0
HIGH
7.5/10
Summary
SQL Injection in sequelize
Affected Versions
<= 3.19.3
Patched Versions
3.20.0
HIGH
0/10
Summary
SQL Injection in sequelize
Affected Versions
<= 2.0.0-rc7
Patched Versions
2.0.0-rc8
HIGH
0/10
Summary
NoSQL Injection in sequelize
Affected Versions
< 4.12.0
Patched Versions
4.12.0
HIGH
0/10
Summary
SQL Injection in sequelize
Affected Versions
< 3.17.0
Patched Versions
3.17.0
HIGH
0/10
Summary
Potential SQL Injection in sequelize
Affected Versions
<= 2.1.3
Patched Versions
3.0.0
MODERATE
3
MODERATE
5.3/10
Summary
Sequelize information disclosure vulnerability
Affected Versions
< 6.28.1
Patched Versions
6.28.1
MODERATE
0/10
Summary
Denial of Service in sequelize
Affected Versions
< 4.44.4
Patched Versions
4.44.4
MODERATE
0/10
Summary
SQL Injection in sequelize
Affected Versions
<= 1.7.0-alpha2
Patched Versions
1.7.0
Reason
30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autoupdate.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/sequelize/sequelize/autoupdate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/sequelize/sequelize/ci.yml/main?enable=pin
- Info: 41 out of 43 GitHub-owned GitHubAction dependencies pinned
- Info: 7 out of 7 third-party GitHubAction dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 8
Details
- Warn: 8 commits out of 10 are checked with a SAST tool
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-8c25-f3mj-v6h8
- Warn: Project is vulnerable to: GHSA-vqfx-gj96-3w95
- Warn: Project is vulnerable to: GHSA-f598-mfpv-gmfx
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-pqhp-25j4-6hq9
Reason
Found 3/26 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/authors.yml:15
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/pr-title.yml:17
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr-title.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/authors.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/auto-add-pending-approval.yml:7
- Warn: no topLevel permission defined: .github/workflows/auto-remove-awaiting-response-label.yml:1
- Warn: no topLevel permission defined: .github/workflows/autoupdate.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/notify.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-title.yml:9
- Warn: no topLevel permission defined: .github/workflows/semgrep.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/stale.yml:8
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.2
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More