node-orm2
node-orm2 is a Node.js ORM library that maps JavaScript objects to relational database tables, supporting MySQL, PostgreSQL, SQLite, and MongoDB. The project is no longer actively maintained since 2016, though the repository receives occasional updates.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | dresende/node-orm2 |
| Owner | dresende |
| Primary language | JavaScript |
| License | MIT — OSI-approved |
| Stars | 3k |
| Forks | 369 |
| Open issues | 218 |
| Latest release | v3.1.0 (2016-05-09) |
| Last updated | 2025-03-13 |
| Source | https://github.com/dresende/node-orm2 |
What node-orm2 is
Callback-based ORM providing model definition, associations, validation, instance caching, and query builders for multiple DBMS backends. Uses connection pooling and supports custom hooks, middleware integration, and plugin extensions.
Get the node-orm2 source
Clone the repository and explore it locally.
git clone https://github.com/dresende/node-orm2.gitcd node-orm2# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Callback-based API requires careful error handling and can lead to callback hell; consider wrapping with Promise utilities.
- Node.js version support capped at tested ranges; untested on modern Node.js LTS without risk.
- Model instance caching (identity cache) can cause unexpected behavior if not properly configured or understood.
- MongoDB support is beta and broken on Node.js >= 8; SQL databases are the primary focus.
- Plugin ecosystem exists but depends on third-party maintainers; no guarantee of compatibility.
When to avoid it — and what to weigh
- Starting a new production project — README explicitly recommends TypeORM or Sequelize for new projects due to active maintenance and community support. node-orm2 is deprecated.
- Node.js >= 14 with PostgreSQL — Requires pg driver >= 8.1; v7 causes test timeouts. Compatibility constraints signal maintenance debt.
- Complex queries or aggregations — MongoDB support is beta-only; advanced aggregation features are missing. Limited support for modern async/await or promise-based workflows.
- High-security or compliance-critical applications — No active security patches since 2016. Dependency vulnerabilities unlikely to be addressed. Requires manual audit of dependencies.
License & commercial use
MIT License. Permits commercial use, modification, and distribution with attribution. No patent grants or warranty provided.
MIT is permissive and allows commercial use. However, given the project is unmaintained since 2016, commercial deployment carries significant risk. No active vendor, no SLA, and security patches are unlikely. Recommend legal/compliance review and budget for migration or internal maintenance.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Stale |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Possible |
| Assessment confidence | High |
No active security updates since 2016. Dependencies are likely outdated and may contain known vulnerabilities. SQL injection risk depends on driver version and proper parameterized query use (not verified here). No security policy or audit trail. Recommend dependency scanning and penetration testing before production use.
Alternatives to consider
TypeORM
Actively maintained, TypeScript-first, supports multiple databases, modern async/await API, and stronger type safety. Explicitly recommended in node-orm2 README.
Sequelize
Mature, widely adopted, promise-based, comprehensive documentation, and active development. Recommended in node-orm2 README as a modern alternative.
Prisma
Modern schema-driven ORM with auto-generated types, excellent documentation, built-in migrations, and active community. No callback hell; production-ready.
Build on node-orm2 with DEV.co software developers
This library is no longer actively maintained. We recommend TypeORM or Sequelize for new projects. Contact us to assess your codebase and plan a migration strategy.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
node-orm2 FAQ
Can I use node-orm2 in production?
Does node-orm2 support MongoDB?
Is node-orm2 secure?
What Node.js versions are supported?
Custom software development services
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If node-orm2 is part of your open-source databases roadmap, our team can implement, customize, migrate, and maintain it.
Evaluating node-orm2 for your project?
This library is no longer actively maintained. We recommend TypeORM or Sequelize for new projects. Contact us to assess your codebase and plan a migration strategy.