DEV.co
Open-Source Databases · JetBrains

Exposed

Exposed is a lightweight Kotlin SQL framework developed by JetBrains that provides both a type-safe DSL and DAO API for database access. It supports multiple databases (PostgreSQL, MySQL, Oracle, SQLite, SQL Server, MariaDB, H2) and offers both synchronous JDBC and asynchronous R2DBC connectivity.

Source: GitHub — github.com/JetBrains/Exposed
9.3k
GitHub stars
787
Forks
Kotlin
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryJetBrains/Exposed
OwnerJetBrains
Primary languageKotlin
LicenseApache-2.0 — OSI-approved
Stars9.3k
Forks787
Open issues168
Latest release1.3.1 (2026-07-01)
Last updated2026-07-07
Sourcehttps://github.com/JetBrains/Exposed

What Exposed is

Exposed is a Kotlin-based ORM/SQL abstraction layer built on JDBC and R2DBC drivers, offering compile-time type safety through a domain-specific language and optional Data Access Object patterns. It supports schema migrations, multiple database dialects, and integrates with Spring Boot 3 and 4 via dedicated starters.

Quickstart

Get the Exposed source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/JetBrains/Exposed.gitcd Exposed# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Multi-database Kotlin applications

Exposed's dialect abstraction allows you to write code once and deploy against PostgreSQL, MySQL, Oracle, SQLite, or SQL Server with minimal changes, reducing vendor lock-in risk.

Type-safe SQL queries in Kotlin

Teams leveraging Kotlin's null-safety and type system benefit from compile-time query validation via the DSL API, reducing runtime SQL errors and improving IDE autocomplete support.

Spring Boot microservices

Spring Boot 3/4 starter modules provide out-of-the-box integration, automatic transaction management via Spring Framework 6/7, and simplified migration tooling for rapid development.

Implementation considerations

  • Kotlin 2.2+ and appropriate JDK version required (JDK 8+ for core, JDK 11+ for R2DBC, JDK 17+ for Spring Boot 3/4 integration).
  • DAO API is JDBC-only; R2DBC users must use the DSL API, limiting object-mapping convenience in async contexts.
  • Schema migrations available via dedicated modules; plan migration strategy upfront, especially for multi-environment deployments.
  • Type-safe DSL requires learning Exposed's query syntax; teams should budget onboarding time for developers unfamiliar with Kotlin DSLs.
  • Module granularity (e.g., exposed-crypt, exposed-json, exposed-kotlin-datetime) allows selective dependency inclusion but requires careful version alignment across modules.

When to avoid it — and what to weigh

  • Heavy graph queries or complex JOINs — Exposed is lightweight; projects requiring sophisticated graph traversal, window functions, or deeply nested joins may find more advanced ORM patterns (e.g., Hibernate) better suited.
  • Non-JVM languages or runtimes — Exposed is Kotlin-first and requires JVM. Projects using Python, Go, Node.js, or other runtimes cannot use it directly.
  • Legacy Java codebases without Kotlin adoption — While Exposed can interoperate with Java, teams fully committed to Java (not Kotlin) may find simpler JDBC wrappers or Hibernate more aligned with their skill base.
  • Real-time streaming or CQRS at scale — Exposed's R2DBC support is recent (since 1.0.0); mature event-sourced or CQRS architectures may require more battle-tested reactive frameworks.

License & commercial use

Apache License 2.0 (Apache-2.0). A permissive OSI-approved license permitting commercial use, modification, and redistribution under clear terms.

Apache 2.0 is permissive and explicitly allows commercial use without royalties or restrictions. However, you must include a copy of the license and state significant changes. Consult your legal team for enterprise deployments with proprietary modifications, though the license itself imposes no commercial usage barriers.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Exposed uses parameterized queries via DSL and DAO patterns, mitigating SQL injection at the language level. Encrypted column support via exposed-crypt (requires Spring Security 7 and JDK 17+) for sensitive data. Developers must still validate user input and follow secure coding practices; Exposed does not guarantee absence of vulnerabilities in user code. Review transitive dependency security (JDBC drivers, R2DBC, Spring) in your dependency tree.

Alternatives to consider

Hibernate

Mature JPA/ORM alternative with broader feature set (lazy loading, complex graph queries, interceptors). Heavier overhead and steeper learning curve; better for complex domain models.

jOOQ

Type-safe SQL DSL focused on SQL-first development with code generation. Offers richer JOIN and window function support; paid tiers unlock advanced features. More verbose than Exposed for simple CRUD.

Ktorm

Lightweight Kotlin ORM with DSL and DAO patterns similar to Exposed. Smaller community; consider if you need tighter SQL control or simpler configuration.

Software development agency

Build on Exposed with DEV.co software developers

Need expert guidance on integrating Exposed, migrating from another ORM, or optimizing queries across multiple databases? Our Devco team can help you architect a scalable Kotlin-based data layer with the right patterns and tooling.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

Exposed FAQ

Can I use Exposed in a non-Spring project?
Yes. Exposed's core modules (exposed-core, exposed-jdbc, exposed-r2dbc) work standalone. Spring Boot starters are optional. You'll manage transactions and connection pooling yourself or via a third-party tool.
What's the difference between DSL and DAO APIs?
DSL is a type-safe query builder for direct SQL manipulation; DAO wraps DSL with object-mapping for entity-oriented code. DAO is JDBC-only; R2DBC users must use DSL.
Does Exposed support async/reactive operations?
Yes, via the R2DBC module (exposed-r2dbc). However, DAO is JDBC-only; async projects should use the DSL API with R2DBC drivers (PostgreSQL, MySQL, etc.).
Is commercial use allowed?
Yes. Apache 2.0 explicitly permits commercial use. You must include the license and document significant changes, but there are no royalty fees or restrictions.

Software development & web development with DEV.co

From first prototype to production, DEV.co delivers software development services around tools like Exposed. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source databases and beyond.

Evaluate Exposed for Your Kotlin Project

Need expert guidance on integrating Exposed, migrating from another ORM, or optimizing queries across multiple databases? Our Devco team can help you architect a scalable Kotlin-based data layer with the right patterns and tooling.