atdatabases
@databases is a TypeScript-first collection of modular database clients for Node.js that use tagged template literals to prevent SQL injection by design. It supports PostgreSQL, MySQL, SQLite, BigQuery, and WebSQL/Expo with built-in promise-based APIs and full type safety.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | ForbesLindesay/atdatabases |
| Owner | ForbesLindesay |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 635 |
| Forks | 48 |
| Open issues | 67 |
| Latest release | @databases/[email protected] (2026-07-06) |
| Last updated | 2026-07-06 |
| Source | https://github.com/ForbesLindesay/atdatabases |
What atdatabases is
A monorepo of npm packages providing parameterized query APIs via TypeScript tagged templates (@databases/sql), connection pooling, dataloader support, and database-specific drivers (@databases/pg, @databases/mysql, @databases/sqlite). Enforces separation of query strings from values at compile time, eliminating common injection vectors.
Get the atdatabases source
Clone the repository and explore it locally.
git clone https://github.com/ForbesLindesay/atdatabases.gitcd atdatabases# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Mandatory use of sql`` tagged templates for all queries; dynamic query construction or string concatenation will fail at type-check time, requiring careful refactoring of legacy query builders.
- Connection pool configuration and lifecycle management (@databases/connection-pool) must be integrated early; improper pooling can lead to connection exhaustion in high-concurrency environments.
- Database-specific type generation (@databases/pg-typed, @databases/mysql-typed) requires schema introspection setup and code generation as part of build pipeline; maintenance of generated code contracts is developer responsibility.
- Promise-based API requires careful error handling and async/await patterns; callbacks or callback-based ORMs will not integrate naturally.
- Modular package structure means managing multiple @databases/* dependencies; version alignment across interconnected packages (e.g., @databases/sql + driver + dataloader) is important for stability.
When to avoid it — and what to weigh
- Heavy ORM/schema-driven workflows required — @databases is a query library, not a full ORM. If you need migrations, relationships, lazy loading, or schema-driven code generation at scale, Prisma, TypeORM, or Sequelize may be better fit.
- Non-Node.js runtime or legacy JavaScript codebases — Package is designed for Node.js and modern TypeScript. No browser runtime support except via @databases/expo (WebSQL for React Native). Retrofitting existing untyped JavaScript projects requires significant refactoring.
- Projects requiring immediate enterprise support and SLA — Single maintainer (Forbes Lindesay per GitHub). No visible commercial support offerings, paid tiers, or dedicated support channel documented. Open issue backlog (67 open) suggests volunteer-driven maintenance pace.
- Strongly-typed schema validation at runtime — While TypeScript types are enforced at build time, there is no built-in runtime schema validation or constraint checking. Manual validation logic required for untrusted inputs.
License & commercial use
MIT License (permissive, OSI-approved). Allows commercial use, modification, and distribution with attribution; no patent clauses or viral restrictions.
MIT License permits commercial use without restriction or license fees. No commercial support agreements, SLA, or warranty clauses are documented; use in production requires internal support capability or community-sourced troubleshooting.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Tagged template literal design makes SQL injection virtually impossible for correctly-written code; parameters are always passed separately from query strings. However, no documented security audit, CVE tracking process, or vulnerability disclosure policy visible. Dependencies (@databases/sql base modules) should be reviewed for transitive risks. Runtime input validation is developer responsibility; this library provides transport safety, not semantic validation.
Alternatives to consider
Prisma
Full-featured ORM with schema-driven code generation, type safety, and migrations; heavier but offers more abstraction. Commercial backing and active maintenance. Better for applications requiring complex relationships and schema drift detection.
TypeORM
TypeScript-native ORM with decorator-based schema definition, full migration support, and multi-database compatibility. More opinionated than @databases; larger footprint but broader feature set. Community-maintained.
Drizzle ORM
Lightweight, modern TypeScript ORM with schema validation, zero-dependency core, and SQL-first approach. Comparable injection protection via parameterization, with more opinionated schema tooling. Growing adoption and active maintenance.
Build on atdatabases with DEV.co software developers
If your team is building Node.js/TypeScript applications and prioritizes SQL injection prevention over ORM abstractions, schedule a technical review with our team to assess fit with your data architecture and maintenance expectations.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
atdatabases FAQ
How does @databases prevent SQL injection?
Do I have to use TypeScript?
Is there a migration tool?
Can I use this with an ORM like Prisma?
Software developers & web developers for hire
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If atdatabases is part of your open-source databases roadmap, our team can implement, customize, migrate, and maintain it.
Evaluate @databases for Your TypeScript Backend
If your team is building Node.js/TypeScript applications and prioritizes SQL injection prevention over ORM abstractions, schedule a technical review with our team to assess fit with your data architecture and maintenance expectations.