DEV.co
Open-Source Databases · ForbesLindesay

atdatabases

@databases is a TypeScript-first collection of modular database clients for Node.js that use tagged template literals to prevent SQL injection by design. It supports PostgreSQL, MySQL, SQLite, BigQuery, and WebSQL/Expo with built-in promise-based APIs and full type safety.

Source: GitHub — github.com/ForbesLindesay/atdatabases
635
GitHub stars
48
Forks
TypeScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryForbesLindesay/atdatabases
OwnerForbesLindesay
Primary languageTypeScript
LicenseMIT — OSI-approved
Stars635
Forks48
Open issues67
Latest release@databases/[email protected] (2026-07-06)
Last updated2026-07-06
Sourcehttps://github.com/ForbesLindesay/atdatabases

What atdatabases is

A monorepo of npm packages providing parameterized query APIs via TypeScript tagged templates (@databases/sql), connection pooling, dataloader support, and database-specific drivers (@databases/pg, @databases/mysql, @databases/sqlite). Enforces separation of query strings from values at compile time, eliminating common injection vectors.

Quickstart

Get the atdatabases source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/ForbesLindesay/atdatabases.gitcd atdatabases# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

TypeScript-first Node.js applications requiring SQL injection protection

Teams building full-stack TypeScript apps benefit from compile-time safety guarantees via tagged templates and native type definitions. The modular architecture lets you install only required drivers.

Cross-database applications or early-stage projects with uncertain DB choice

Monorepo structure and consistent API across PostgreSQL, MySQL, SQLite, and BigQuery reduce migration effort if database selection changes. Connection pooling and dataloader utilities accelerate common patterns.

Performance-sensitive applications needing batch operations and caching

@databases/dataloader and @databases/cache modules address N+1 query problems and reduce round-trips without requiring a separate abstraction layer.

Implementation considerations

  • Mandatory use of sql`` tagged templates for all queries; dynamic query construction or string concatenation will fail at type-check time, requiring careful refactoring of legacy query builders.
  • Connection pool configuration and lifecycle management (@databases/connection-pool) must be integrated early; improper pooling can lead to connection exhaustion in high-concurrency environments.
  • Database-specific type generation (@databases/pg-typed, @databases/mysql-typed) requires schema introspection setup and code generation as part of build pipeline; maintenance of generated code contracts is developer responsibility.
  • Promise-based API requires careful error handling and async/await patterns; callbacks or callback-based ORMs will not integrate naturally.
  • Modular package structure means managing multiple @databases/* dependencies; version alignment across interconnected packages (e.g., @databases/sql + driver + dataloader) is important for stability.

When to avoid it — and what to weigh

  • Heavy ORM/schema-driven workflows required — @databases is a query library, not a full ORM. If you need migrations, relationships, lazy loading, or schema-driven code generation at scale, Prisma, TypeORM, or Sequelize may be better fit.
  • Non-Node.js runtime or legacy JavaScript codebases — Package is designed for Node.js and modern TypeScript. No browser runtime support except via @databases/expo (WebSQL for React Native). Retrofitting existing untyped JavaScript projects requires significant refactoring.
  • Projects requiring immediate enterprise support and SLA — Single maintainer (Forbes Lindesay per GitHub). No visible commercial support offerings, paid tiers, or dedicated support channel documented. Open issue backlog (67 open) suggests volunteer-driven maintenance pace.
  • Strongly-typed schema validation at runtime — While TypeScript types are enforced at build time, there is no built-in runtime schema validation or constraint checking. Manual validation logic required for untrusted inputs.

License & commercial use

MIT License (permissive, OSI-approved). Allows commercial use, modification, and distribution with attribution; no patent clauses or viral restrictions.

MIT License permits commercial use without restriction or license fees. No commercial support agreements, SLA, or warranty clauses are documented; use in production requires internal support capability or community-sourced troubleshooting.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Tagged template literal design makes SQL injection virtually impossible for correctly-written code; parameters are always passed separately from query strings. However, no documented security audit, CVE tracking process, or vulnerability disclosure policy visible. Dependencies (@databases/sql base modules) should be reviewed for transitive risks. Runtime input validation is developer responsibility; this library provides transport safety, not semantic validation.

Alternatives to consider

Prisma

Full-featured ORM with schema-driven code generation, type safety, and migrations; heavier but offers more abstraction. Commercial backing and active maintenance. Better for applications requiring complex relationships and schema drift detection.

TypeORM

TypeScript-native ORM with decorator-based schema definition, full migration support, and multi-database compatibility. More opinionated than @databases; larger footprint but broader feature set. Community-maintained.

Drizzle ORM

Lightweight, modern TypeScript ORM with schema validation, zero-dependency core, and SQL-first approach. Comparable injection protection via parameterization, with more opinionated schema tooling. Growing adoption and active maintenance.

Software development agency

Build on atdatabases with DEV.co software developers

If your team is building Node.js/TypeScript applications and prioritizes SQL injection prevention over ORM abstractions, schedule a technical review with our team to assess fit with your data architecture and maintenance expectations.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

atdatabases FAQ

How does @databases prevent SQL injection?
Via TypeScript tagged template literals (sql`...`). Query strings and parameter values are separated at call time and passed to the database driver as distinct protocol messages, making injection impossible without code modification.
Do I have to use TypeScript?
TypeScript is strongly recommended but not strictly required for runtime; you can use @databases in JavaScript. However, you lose compile-time type safety and injection protection guarantees, and no guidance on JavaScript usage is documented.
Is there a migration tool?
Yes, @databases/pg-migrations and @databases/mysql-migrations exist, but scope and feature parity with Flyway or native framework tools are not detailed. Review docs at atdatabases.org/docs/pg-migrations before adopting.
Can I use this with an ORM like Prisma?
Not directly. @databases is a query library, not an ORM. It can coexist in a codebase but will not provide relationship management, lazy loading, or automatic migrations. Choose one abstraction per project.

Software developers & web developers for hire

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If atdatabases is part of your open-source databases roadmap, our team can implement, customize, migrate, and maintain it.

Evaluate @databases for Your TypeScript Backend

If your team is building Node.js/TypeScript applications and prioritizes SQL injection prevention over ORM abstractions, schedule a technical review with our team to assess fit with your data architecture and maintenance expectations.