mysql2
Fast MySQL client for Node.js with async/await support, prepared statements, and connection pooling. The standard MySQL driver for Node.js — replaces the older mysql package with better performance, native Promise support, and TypeScript types. Supports MySQL 5.7+, MySQL 8.0+, MariaDB, PlanetScale, and other MySQL-compatible databases. Used extensively with ORM frameworks like Prisma, Drizzle, Sequelize, and TypeORM as the MySQL transport layer.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Parameterized queries prevent SQL injection. SSL configurable. MySQL-level user permissions for access control. Well-maintained with regular security updates.
⚡ Reliability
Best When
You're connecting Node.js applications to MySQL, MariaDB, or MySQL-compatible databases (PlanetScale, TiDB) and need direct SQL access or an ORM driver.
Avoid When
You're using PostgreSQL (use pg), need an ORM (use Drizzle/Prisma), or need a simpler embedded database (use better-sqlite3).
Use Cases
- • Connect to MySQL or MariaDB from Node.js applications with connection pooling and async/await query execution
- • Execute parameterized prepared statements against MySQL for SQL injection prevention in web applications
- • Manage MySQL connection pools for concurrent Node.js API servers with configurable pool size and idle timeout
- • Stream large MySQL query results row-by-row to avoid loading entire result sets into memory
- • Use as the underlying MySQL driver for Prisma, Drizzle, Sequelize, or TypeORM ORM frameworks
Not For
- • PostgreSQL databases — use pg (node-postgres) for PostgreSQL
- • SQLite — use better-sqlite3 for embedded SQLite in Node.js
- • Complex query building with type safety — use Drizzle, Prisma, or TypeORM on top of mysql2
Interface
Authentication
MySQL native auth: user/password in connection config. SSL via ssl option. MySQL 8 uses caching_sha2_password by default — ensure your mysql2 version supports it. Use environment variables for credentials.
Pricing
Fully free, MIT licensed. Database hosting costs are separate (PlanetScale, AWS RDS, self-hosted).
Agent Metadata
Known Gotchas
- ⚠ mysql2 uses '?' placeholders for parameterized queries (not '$1' like pg) — mixing postgres and mysql parameter syntax is a common mistake when switching databases
- ⚠ MySQL 8 uses caching_sha2_password auth by default — older mysql2 versions may fail; ensure mysql2 ≥ 2.3.3 for MySQL 8 compatibility
- ⚠ Connection pool getConnection() must be followed by connection.release() in finally — leaking connections exhaust the pool; use util.promisify with pool.execute() instead for simpler patterns
- ⚠ mysql2/promise vs mysql2 — must import from 'mysql2/promise' for async/await; the default 'mysql2' import uses callbacks
- ⚠ SSL is not enabled by default — in production, set ssl: { rejectUnauthorized: true } or ssl: 'Amazon RDS' for RDS certificates to prevent MITM attacks
- ⚠ Large query results buffer in memory by default — use connection.query() with stream: true for streaming, or query().stream() to process row-by-row and avoid OOM errors
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for mysql2.
Scores are editorial opinions as of 2026-03-06.