{"id":18535,"library":"mcp-postgres","title":"MCP PostgreSQL Server","description":"MCP server providing PostgreSQL database operations—query, schema inspection, data manipulation—for MCP-compatible clients. Current stable version: 1.2.1, released January 2025. Security-focused: v1.2.0 fixed SQL injection in column names and SSL validation. Supports environment variables, DATABASE_URL, or config file; auto-configures SSL for AWS RDS. Releases are frequent (two in Jan 2025) with security patches and fixes. Key differentiator: MCP-native protocol integration vs generic database drivers.","status":"active","version":"1.2.1","language":"javascript","source_language":"en","source_url":"https://github.com/kristofer84/mcp-postgres","tags":["javascript","mcp","postgres","postgresql","database","model-context-protocol"],"install":[{"cmd":"npm install mcp-postgres","lang":"bash","label":"npm"},{"cmd":"yarn add mcp-postgres","lang":"bash","label":"yarn"},{"cmd":"pnpm add mcp-postgres","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"PostgreSQL client driver for Node.js","package":"pg","optional":false},{"reason":"MCP SDK for server implementation","package":"@modelcontextprotocol/sdk","optional":false}],"imports":[{"note":"ESM-only package; no CommonJS support. The server starts automatically on import when run as a CLI.","wrong":"const server = require('mcp-postgres')","symbol":"default (server instance)","correct":"import server from 'mcp-postgres'"},{"note":"Class-based export for programmatic usage","wrong":"import { PostgresServer } from 'mcp-postgres'","symbol":"PostgresServer","correct":"import { PostgresServer } from 'mcp-postgres'"},{"note":"TypeScript type for configuration object","symbol":"Config","correct":"import type { Config } from 'mcp-postgres'"}],"quickstart":{"code":"import { PostgresServer } from 'mcp-postgres';\nimport { Server } from '@modelcontextprotocol/sdk/server/index.js';\n// The package is typically run as a CLI tool.\n// To run programmatically:\nimport { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';\nconst server = new PostgresServer({\n  host: process.env.DB_HOST ?? 'localhost',\n  port: parseInt(process.env.DB_PORT ?? '5432'),\n  user: process.env.DB_USER ?? 'postgres',\n  password: process.env.DB_PASSWORD ?? '',\n  database: process.env.DB_NAME ?? 'postgres',\n  sslmode: process.env.DB_SSL_MODE ?? 'disable'\n});\nconst transport = new StdioServerTransport();\nawait server.connect(transport);\nconsole.error('MCP PostgreSQL Server running on stdio');","lang":"typescript","description":"Programmatic setup of MCP PostgreSQL server with environment variables, connecting via stdio transport."},"warnings":[{"fix":"Upgrade to >=1.2.0","message":"v1.2.0: Fixed SQL injection via unquoted column names in update_data, delete_data, insert_data, count_rows, alter_table, create_table. Update immediate if using these tools with untrusted input.","severity":"breaking","affected_versions":"<1.2.0"},{"fix":"Update to >=1.2.0 and ensure valid certificates.","message":"v1.2.0: SSL mode 'require' now validates server certificates (rejectUnauthorized: true). Previously it disabled validation, allowing MITM attacks.","severity":"breaking","affected_versions":"<1.2.0"},{"fix":"Upgrade to v1.2.1 which runs queries sequentially.","message":"v1.2.1: pg.Client does not support concurrent queries. Using Promise.all() on a single client will cause a deprecation warning in pg@9.0.","severity":"gotcha","affected_versions":">=1.0.0 <1.2.1"},{"fix":"Rename or move config file to ./config.json","message":"Config file must be named 'config.json' in the working directory. No other names or paths are supported.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Switch to individual env vars: DB_HOST, DB_PORT, etc.","message":"Use of DATABASE_URL is deprecated in favor of individual environment variables (DB_HOST, etc.).","severity":"deprecated","affected_versions":">=1.1.1"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Update to mcp-postgres@1.2.1 or later, which sequences queries.","cause":"Using Promise.all() to run multiple queries on a single pg.Client concurrently.","error":"(node:xxx) [PG] Deprecation Warning: pg@9.0 will drop support for concurrent queries on a single client. Use a pool instead."},{"fix":"Upgrade to >=1.2.0 which properly quotes identifiers.","cause":"SQL injection attempt or malformed column name (unquoted special characters).","error":"Error: Invalid input syntax for type ...\n... at column '...'"},{"fix":"Check DB_HOST or DATABASE_URL value. Ensure the host is reachable and resolveable.","cause":"PostgreSQL hostname not resolvable or incorrect.","error":"Error: getaddrinfo ENOTFOUND ..."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}