Exposed
Exposed is a lightweight Kotlin SQL framework developed by JetBrains that provides both a type-safe DSL and DAO API for database access. It supports multiple databases (PostgreSQL, MySQL, Oracle, SQLite, SQL Server, MariaDB, H2) and offers both synchronous JDBC and asynchronous R2DBC connectivity.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | JetBrains/Exposed |
| Owner | JetBrains |
| Primary language | Kotlin |
| License | Apache-2.0 — OSI-approved |
| Stars | 9.3k |
| Forks | 787 |
| Open issues | 168 |
| Latest release | 1.3.1 (2026-07-01) |
| Last updated | 2026-07-07 |
| Source | https://github.com/JetBrains/Exposed |
What Exposed is
Exposed is a Kotlin-based ORM/SQL abstraction layer built on JDBC and R2DBC drivers, offering compile-time type safety through a domain-specific language and optional Data Access Object patterns. It supports schema migrations, multiple database dialects, and integrates with Spring Boot 3 and 4 via dedicated starters.
Get the Exposed source
Clone the repository and explore it locally.
git clone https://github.com/JetBrains/Exposed.gitcd Exposed# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Kotlin 2.2+ and appropriate JDK version required (JDK 8+ for core, JDK 11+ for R2DBC, JDK 17+ for Spring Boot 3/4 integration).
- DAO API is JDBC-only; R2DBC users must use the DSL API, limiting object-mapping convenience in async contexts.
- Schema migrations available via dedicated modules; plan migration strategy upfront, especially for multi-environment deployments.
- Type-safe DSL requires learning Exposed's query syntax; teams should budget onboarding time for developers unfamiliar with Kotlin DSLs.
- Module granularity (e.g., exposed-crypt, exposed-json, exposed-kotlin-datetime) allows selective dependency inclusion but requires careful version alignment across modules.
When to avoid it — and what to weigh
- Heavy graph queries or complex JOINs — Exposed is lightweight; projects requiring sophisticated graph traversal, window functions, or deeply nested joins may find more advanced ORM patterns (e.g., Hibernate) better suited.
- Non-JVM languages or runtimes — Exposed is Kotlin-first and requires JVM. Projects using Python, Go, Node.js, or other runtimes cannot use it directly.
- Legacy Java codebases without Kotlin adoption — While Exposed can interoperate with Java, teams fully committed to Java (not Kotlin) may find simpler JDBC wrappers or Hibernate more aligned with their skill base.
- Real-time streaming or CQRS at scale — Exposed's R2DBC support is recent (since 1.0.0); mature event-sourced or CQRS architectures may require more battle-tested reactive frameworks.
License & commercial use
Apache License 2.0 (Apache-2.0). A permissive OSI-approved license permitting commercial use, modification, and redistribution under clear terms.
Apache 2.0 is permissive and explicitly allows commercial use without royalties or restrictions. However, you must include a copy of the license and state significant changes. Consult your legal team for enterprise deployments with proprietary modifications, though the license itself imposes no commercial usage barriers.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
Exposed uses parameterized queries via DSL and DAO patterns, mitigating SQL injection at the language level. Encrypted column support via exposed-crypt (requires Spring Security 7 and JDK 17+) for sensitive data. Developers must still validate user input and follow secure coding practices; Exposed does not guarantee absence of vulnerabilities in user code. Review transitive dependency security (JDBC drivers, R2DBC, Spring) in your dependency tree.
Alternatives to consider
Hibernate
Mature JPA/ORM alternative with broader feature set (lazy loading, complex graph queries, interceptors). Heavier overhead and steeper learning curve; better for complex domain models.
jOOQ
Type-safe SQL DSL focused on SQL-first development with code generation. Offers richer JOIN and window function support; paid tiers unlock advanced features. More verbose than Exposed for simple CRUD.
Ktorm
Lightweight Kotlin ORM with DSL and DAO patterns similar to Exposed. Smaller community; consider if you need tighter SQL control or simpler configuration.
Build on Exposed with DEV.co software developers
Need expert guidance on integrating Exposed, migrating from another ORM, or optimizing queries across multiple databases? Our Devco team can help you architect a scalable Kotlin-based data layer with the right patterns and tooling.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
Exposed FAQ
Can I use Exposed in a non-Spring project?
What's the difference between DSL and DAO APIs?
Does Exposed support async/reactive operations?
Is commercial use allowed?
Software development & web development with DEV.co
From first prototype to production, DEV.co delivers software development services around tools like Exposed. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source databases and beyond.
Evaluate Exposed for Your Kotlin Project
Need expert guidance on integrating Exposed, migrating from another ORM, or optimizing queries across multiple databases? Our Devco team can help you architect a scalable Kotlin-based data layer with the right patterns and tooling.