Tweaks and CHANGELOG (#163)

Ready for 1.0.1, this PR:

* Fixes a couple of tiny bugs
* Updates all dependencies
* Updates the types
* Updates the CHANGELOG

I also reverted the `node/types` version to the current latest, and
increased the timeouts on tests (because they were timing out for me).

Author: jawj

CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.1 (2025-06-06)
+
+The package now prints a security warning to the console when a connection is made in a web browser. This behaviour can be suppressed with a new configuration option: `disableWarningInBrowsers`. There are a few other very minor fixes.
+
 ## 1.0.0 (2025-03-25)
 
 Breaking change: the HTTP query template function can now **only** be called as a template function, not as a conventional function. This improves safety from accidental SQL-injection vulnerabilities. For example:

CONFIG.md

@@ -119,7 +119,7 @@ const rows = await sql.query('SELECT * FROM posts WHERE id = $1', [postId], {
 clearTimeout(timeout);
 ```
 
-### `types: typeof PgTypes`
+### `types: CustomTypesConfig`
 
 The `types` option can be passed to `neon(...)` to override the default PostgreSQL type parsers provided by `PgTypes`. This is useful if you want to define custom parsing behavior for specific PostgreSQL data types, allowing you to control how data is converted when retrieved from the database. Learn more in the [PgTypes official documentation](https://github.com/brianc/node-pg-types).
 
@@ -129,16 +129,23 @@ Example of usage:
 import PgTypes from 'pg-types';
 import { neon } from '@neondatabase/serverless';
 
-// Define custom parsers for specific PostgreSQL types
-// Parse PostgreSQL `DATE` fields as JavaScript `Date` objects
-PgTypes.setTypeParser(PgTypes.builtins.DATE, (val) => new Date(val));
-
-// Parse PostgreSQL `NUMERIC` fields as JavaScript `float` values
-PgTypes.setTypeParser(PgTypes.builtins.NUMERIC, parseFloat);
-
 // Configure the Neon client with the custom `types` parser
 const sql = neon(process.env.DATABASE_URL, {
-  types: PgTypes, // Pass in the custom PgTypes object here
+  types: {
+    getTypeParser: ((oid, format?: any) => {
+      // Define custom parsers for specific PostgreSQL types
+      // Parse PostgreSQL `DATE` fields as JavaScript `Date` objects
+      if (oid === PgTypes.builtins.DATE) {
+        return (val: any) => new Date(val);
+      }
+      // Parse PostgreSQL `NUMERIC` fields as JavaScript `float` values
+      if (oid === PgTypes.builtins.NUMERIC) {
+        return parseFloat;
+      }
+      // For all other types, use the default parser
+      return PgTypes.getTypeParser(oid, format);
+    }) as typeof PgTypes.getTypeParser,
+  },
 });
 ```
 

index.d.mts

@@ -315,7 +315,14 @@ export declare interface HTTPQueryOptions<ArrayMode extends boolean, FullResults
     /**
      * Custom type parsers. See https://github.com/brianc/node-pg-types.
      */
-    types?: typeof types;
+    types?: CustomTypesConfig;
+    /**
+     * When `disableWarningInBrowsers` is set to `true`, it disables the warning about
+     * running this driver in the browser.
+     *
+     * Default: `false`
+     */
+    disableWarningInBrowsers?: boolean;
 }
 
 export declare interface HTTPTransactionOptions<ArrayMode extends boolean, FullResults extends boolean> extends HTTPQueryOptions<ArrayMode, FullResults> {
@@ -416,7 +423,7 @@ export { MessageConfig }
  * pass as `fetchOptions` an object which will be merged into the options
  * passed to `fetch`.
  */
-export declare function neon<ArrayMode extends boolean = false, FullResults extends boolean = false>(connectionString: string, { arrayMode: neonOptArrayMode, fullResults: neonOptFullResults, fetchOptions: neonOptFetchOptions, isolationLevel: neonOptIsolationLevel, readOnly: neonOptReadOnly, deferrable: neonOptDeferrable, authToken, }?: HTTPTransactionOptions<ArrayMode, FullResults>): NeonQueryFunction<ArrayMode, FullResults>;
+export declare function neon<ArrayMode extends boolean = false, FullResults extends boolean = false>(connectionString: string, { arrayMode: neonOptArrayMode, fullResults: neonOptFullResults, fetchOptions: neonOptFetchOptions, isolationLevel: neonOptIsolationLevel, readOnly: neonOptReadOnly, deferrable: neonOptDeferrable, authToken, disableWarningInBrowsers, }?: HTTPTransactionOptions<ArrayMode, FullResults>): NeonQueryFunction<ArrayMode, FullResults>;
 
 export declare interface NeonConfig {
     poolQueryViaFetch: boolean;
@@ -433,6 +440,7 @@ export declare interface NeonConfig {
     rootCerts: string;
     pipelineTLS: boolean;
     disableSNI: boolean;
+    disableWarningInBrowsers: boolean;
 }
 
 export declare class neonConfig extends EventEmitter {
@@ -552,6 +560,16 @@ export declare class neonConfig extends EventEmitter {
     static set disableSNI(newValue: NeonConfig['disableSNI']);
     get disableSNI(): NeonConfig["disableSNI"];
     set disableSNI(newValue: NeonConfig['disableSNI']);
+    /**
+     * When `disableWarningInBrowsers` is set to `true`, it disables the warning about
+     * running this driver in the browser.
+     *
+     * Default: `false`.
+     */
+    static get disableWarningInBrowsers(): NeonConfig["disableWarningInBrowsers"];
+    static set disableWarningInBrowsers(newValue: NeonConfig['disableWarningInBrowsers']);
+    get disableWarningInBrowsers(): NeonConfig["disableWarningInBrowsers"];
+    set disableWarningInBrowsers(newValue: NeonConfig['disableWarningInBrowsers']);
     /**
      * Pipelines the startup message, cleartext password message and first query
      * when set to `"password"`. This works only for cleartext password auth.
@@ -782,7 +800,7 @@ export { PoolConfig }
 export declare interface ProcessQueryResultOptions {
     arrayMode: boolean;
     fullResults: boolean;
-    types?: typeof types;
+    types?: CustomTypesConfig;
 }
 
 export { Query }
@@ -879,6 +897,12 @@ export declare class UnsafeRawSql {
     constructor(sql: string);
 }
 
+/**
+ * Detects if the code is running in a browser environment and displays a warning
+ * about the security implications of running SQL directly from the browser.
+ */
+export declare function warnIfBrowser(): void;
+
 export declare interface WebSocketConstructor {
     new (...args: any[]): WebSocketLike;
 }

index.d.ts

@@ -315,7 +315,14 @@ export declare interface HTTPQueryOptions<ArrayMode extends boolean, FullResults
     /**
      * Custom type parsers. See https://github.com/brianc/node-pg-types.
      */
-    types?: typeof types;
+    types?: CustomTypesConfig;
+    /**
+     * When `disableWarningInBrowsers` is set to `true`, it disables the warning about
+     * running this driver in the browser.
+     *
+     * Default: `false`
+     */
+    disableWarningInBrowsers?: boolean;
 }
 
 export declare interface HTTPTransactionOptions<ArrayMode extends boolean, FullResults extends boolean> extends HTTPQueryOptions<ArrayMode, FullResults> {
@@ -416,7 +423,7 @@ export { MessageConfig }
  * pass as `fetchOptions` an object which will be merged into the options
  * passed to `fetch`.
  */
-export declare function neon<ArrayMode extends boolean = false, FullResults extends boolean = false>(connectionString: string, { arrayMode: neonOptArrayMode, fullResults: neonOptFullResults, fetchOptions: neonOptFetchOptions, isolationLevel: neonOptIsolationLevel, readOnly: neonOptReadOnly, deferrable: neonOptDeferrable, authToken, }?: HTTPTransactionOptions<ArrayMode, FullResults>): NeonQueryFunction<ArrayMode, FullResults>;
+export declare function neon<ArrayMode extends boolean = false, FullResults extends boolean = false>(connectionString: string, { arrayMode: neonOptArrayMode, fullResults: neonOptFullResults, fetchOptions: neonOptFetchOptions, isolationLevel: neonOptIsolationLevel, readOnly: neonOptReadOnly, deferrable: neonOptDeferrable, authToken, disableWarningInBrowsers, }?: HTTPTransactionOptions<ArrayMode, FullResults>): NeonQueryFunction<ArrayMode, FullResults>;
 
 export declare interface NeonConfig {
     poolQueryViaFetch: boolean;
@@ -433,6 +440,7 @@ export declare interface NeonConfig {
     rootCerts: string;
     pipelineTLS: boolean;
     disableSNI: boolean;
+    disableWarningInBrowsers: boolean;
 }
 
 export declare class neonConfig extends EventEmitter {
@@ -552,6 +560,16 @@ export declare class neonConfig extends EventEmitter {
     static set disableSNI(newValue: NeonConfig['disableSNI']);
     get disableSNI(): NeonConfig["disableSNI"];
     set disableSNI(newValue: NeonConfig['disableSNI']);
+    /**
+     * When `disableWarningInBrowsers` is set to `true`, it disables the warning about
+     * running this driver in the browser.
+     *
+     * Default: `false`.
+     */
+    static get disableWarningInBrowsers(): NeonConfig["disableWarningInBrowsers"];
+    static set disableWarningInBrowsers(newValue: NeonConfig['disableWarningInBrowsers']);
+    get disableWarningInBrowsers(): NeonConfig["disableWarningInBrowsers"];
+    set disableWarningInBrowsers(newValue: NeonConfig['disableWarningInBrowsers']);
     /**
      * Pipelines the startup message, cleartext password message and first query
      * when set to `"password"`. This works only for cleartext password auth.
@@ -782,7 +800,7 @@ export { PoolConfig }
 export declare interface ProcessQueryResultOptions {
     arrayMode: boolean;
     fullResults: boolean;
-    types?: typeof types;
+    types?: CustomTypesConfig;
 }
 
 export { Query }
@@ -879,6 +897,12 @@ export declare class UnsafeRawSql {
     constructor(sql: string);
 }
 
+/**
+ * Detects if the code is running in a browser environment and displays a warning
+ * about the security implications of running SQL directly from the browser.
+ */
+export declare function warnIfBrowser(): void;
+
 export declare interface WebSocketConstructor {
     new (...args: any[]): WebSocketLike;
 }