{"id":10387,"library":"drizzle-orm","title":"Drizzle ORM","description":"Drizzle ORM is a lightweight, TypeScript-first ORM for SQL databases, offering a flexible API for database interactions, schema definition, and migrations. The current stable version is `0.45.2`, with active development ongoing on the `1.0.0-beta` branch, seeing frequent new features and fixes. Stable releases are less frequent, focusing on critical bug fixes.","status":"active","version":"0.45.2","language":"javascript","source_language":"en","source_url":"https://github.com/drizzle-team/drizzle-orm","tags":["javascript","drizzle","orm","pg","mysql","singlestore","postgresql","postgres","sqlite","typescript"],"install":[{"cmd":"npm install drizzle-orm","lang":"bash","label":"npm"},{"cmd":"yarn add drizzle-orm","lang":"bash","label":"yarn"},{"cmd":"pnpm add drizzle-orm","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The main `drizzle` function is imported from a specific driver package (e.g., `drizzle-orm/postgres-js`, `drizzle-orm/better-sqlite3`).","wrong":"const drizzle = require('drizzle-orm/postgres-js');","symbol":"drizzle","correct":"import { drizzle } from 'drizzle-orm/postgres-js';"}],"quickstart":{"code":"import { drizzle } from 'drizzle-orm/better-sqlite3';\nimport { sqliteTable, text, integer } from 'drizzle-orm/sqlite-core';\nimport Database from 'better-sqlite3';\n\n// Initialize an in-memory SQLite database\nconst sqlite = new Database(':memory:');\nconst db = drizzle(sqlite);\n\n// Define a simple schema for users\nexport const users = sqliteTable('users', {\n  id: integer('id').primaryKey(),\n  name: text('name').notNull(),\n});\n\nasync function main() {\n  // For quickstart, manually create the table. In production, use Drizzle Kit for migrations.\n  sqlite.exec(`\n    CREATE TABLE IF NOT EXISTS users (\n      id INTEGER PRIMARY KEY,\n      name TEXT NOT NULL\n    );\n  `);\n\n  // Insert data\n  await db.insert(users).values({ id: 1, name: 'Alice' }).execute();\n  await db.insert(users).values({ id: 2, name: 'Bob' }).execute();\n\n  // Query data\n  const allUsers = db.select().from(users).all();\n  console.log('Users:', allUsers); \n  // Expected output: Users: [{ id: 1, name: 'Alice' }, { id: 2, name: 'Bob' }]\n\n  sqlite.close();\n}\n\nmain();","lang":"typescript","description":"Connects to an in-memory SQLite database using `better-sqlite3`, defines a simple schema, inserts data, and queries it, demonstrating basic Drizzle ORM usage."},"warnings":[{"fix":"Upgrade to `drizzle-orm@0.45.2` or `v1.0.0-beta.20` and later to ensure automatic escaping. Always validate or sanitize user-provided identifiers if they are directly used in these functions.","message":"Previously, `sql.identifier()` and `sql.as()` functions were not properly escaping values, leading to a potential SQL Injection vulnerability (CWE-89).","severity":"breaking","affected_versions":"<=0.45.1, <1.0.0-beta.20"},{"fix":"Upgrade to `1.0.0-beta.16` or later to resolve these migration issues, which included a redesign of the underlying migration architecture.","message":"A significant regression in the migration infrastructure was present, potentially causing issues with migration tracking, validation, and application.","severity":"breaking","affected_versions":">=1.0.0-beta.13 <1.0.0-beta.16"},{"fix":"Review and manually adjust migration files if adding enum values, especially when merging branches that add different enum values, as they will now be properly merged instead of being treated as commutative.","message":"Adding a new value to a PostgreSQL enum will no longer be automatically treated as a commutative (non-breaking) change in migration generation by `drizzle-kit`.","severity":"gotcha","affected_versions":">=1.0.0-beta.21"},{"fix":"Upgrade to `1.0.0-beta.22` or later for correct `real()` column value mapping and precision in MSSQL.","message":"MSSQL `real()` column types might return imprecise `float64` values due to a missing `mapFromDriverValue` implementation.","severity":"gotcha","affected_versions":"<=1.0.0-beta.21"}],"env_vars":null,"last_verified":"2026-04-18T00:00:00.000Z","next_check":"2026-07-17T00:00:00.000Z","problems":[{"fix":"Upgrade Drizzle ORM to at least `0.45.2` (or `1.0.0-beta.20`) to ensure automatic escaping. Always validate or sanitize user-provided identifiers if they are directly used in `sql.identifier()`.","cause":"Untrusted input was passed to `sql.identifier()` or `sql.as()` without proper escaping in Drizzle ORM versions prior to 0.45.2 or 1.0.0-beta.20, leading to malformed SQL queries.","error":"ER_PARSE_ERROR: You have an error in your SQL syntax"},{"fix":"Review your Drizzle ORM schema files and ensure that all table, column, and relation definitions have unique names to prevent key collisions.","cause":"Multiple schema definitions (e.g., tables, columns, relations) with the same key were found within your Drizzle ORM schema, leading to a conflict during processing.","error":"Error: DrizzleError: Object key collision detected. Make sure your schema definitions are unique."},{"fix":"Upgrade `drizzle-kit` to the latest version (>=0.31.10) as a fix for D1 migration failures was released. Also, ensure your D1 environment is correctly configured and consult Drizzle ORM's official documentation for D1-specific migration guidelines.","cause":"Migration script generated by `drizzle-kit` contained incompatible SQL syntax or commands for Cloudflare D1, or there were environment setup issues specific to D1.","error":"Error: D1_ERROR: ... syntax error near '...'"}],"ecosystem":"npm"}