// the find
porsager/postgres
Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
Postgres.js is a PostgreSQL client for Node.js, Deno, Bun, and Cloudflare Workers built around tagged template literals, which makes parameterization the default and string concatenation awkward by design. It speaks the Postgres wire protocol directly, implements its own connection pool, and handles prepared statements automatically. If you're writing server-side JavaScript that talks to Postgres, this is the serious choice.
Tagged template literal API means SQL injection is structurally harder to do by accident than with most alternatives. The built-in query builder (`sql()` helpers for dynamic inserts, updates, WHERE IN, identifiers) handles 90% of dynamic query patterns without an ORM. LISTEN/NOTIFY and logical replication subscribe are first-class features, not afterthoughts. Cloudflare Workers support via the platform's TCP socket API is genuinely useful and not just a checkbox.
The lazy Promise model (queries execute on next tick unless you call `.execute()`) is a subtle footgun — nested fragments work because of it, but it surprises anyone debugging timing issues. TypeScript types exist but the library is JavaScript-first; the generics don't infer column shapes from queries, so you're casting everywhere or relying on a separate codegen tool. The `sql.unsafe()` escape hatch is documented with examples showing obvious injection patterns (`sql.unsafe(`'${password}'`)`), which is a bad look for a library that sells itself on safety. Bigint/numeric handling dumps the problem on you — numeric comes back as a string with a note to use custom types, which is the right call technically but annoying in practice.