Slonik

Opinionated PostgreSQL client for Node.js that enforces best practices. Slonik uses tagged template literals (sql`SELECT * FROM table`) with automatic parameterization — preventing SQL injection by design. Forces use of bound parameters for all values. Supports connection pooling, interceptors for logging/monitoring, type-safe query results with TypeScript, and strict result handling.

Evaluated Mar 06, 2026 (0d ago) v43+
Homepage ↗ Repo ↗ Databases postgresql sql node type-safe connection-pool interceptors
⚙ Agent Friendliness
61
/ 100
Can an agent use this?
🔒 Security
84
/ 100
Is it safe for agents?
⚡ Reliability
74
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
78
Error Messages
78
Auth Simplicity
85
Rate Limits
90

🔒 Security

TLS Enforcement
90
Auth Strength
85
Scope Granularity
80
Dep. Hygiene
82
Secret Handling
85

SQL injection prevention is a core design principle — tagged template literals make parameterized queries the only API. TLS support. BSD licensed.

⚡ Reliability

Uptime/SLA
78
Version Stability
72
Breaking Changes
68
Error Recovery
78
AF Security Reliability

Best When

You want to write raw SQL with type safety and SQL injection prevention by design — Slonik's tagged template approach makes parameterization the only way to include values.

Avoid When

You want ORM abstractions or query builders — Drizzle/Prisma are better. For non-PostgreSQL databases, use appropriate clients.

Use Cases

  • Write type-safe PostgreSQL queries in TypeScript with automatic SQL injection prevention via tagged template literals
  • Build agent database layers with enforced parameterization — Slonik makes SQL injection structurally impossible
  • Add query logging, performance monitoring, and error transformation via Slonik's interceptor system
  • Manage PostgreSQL connection pools with fine-grained control over pool size, idle timeout, and connection validation
  • Use alongside Prisma or Drizzle for complex raw SQL queries that ORM query builders can't express

Not For

  • ORM-style active record or migrations — use Prisma or Drizzle for full ORM capabilities
  • Non-PostgreSQL databases — Slonik is PostgreSQL-only
  • Teams preferring query builder syntax over raw SQL — Knex or Kyselys offer query builder APIs

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: username_password
OAuth: No Scopes: No

PostgreSQL connection URL authentication. TLS/SSL support via connection options.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

BSD-licensed open source library.

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Documented

Known Gotchas

  • Slonik uses ESM exclusively in recent versions — CommonJS require() fails; ensure build/runtime supports ESM
  • sql tag must wrap all query fragments — concatenating sql tagged template literals requires sql.join() or sql.fragment(); raw string concatenation causes TypeScript errors
  • Result type expectations are strict — one() throws if no rows returned, many() throws if empty; use maybeOne() or any() for nullable results
  • Interceptors modify all queries — performance monitoring interceptors that log all queries can add overhead; use conditional logging based on query duration
  • Slonik's TypeScript types require explicit result type annotations — sql<{id: number, name: string}>`SELECT id, name FROM users`
  • Connection pool is created at startup — pool creation errors (wrong credentials, unreachable DB) throw at createPool() time, not at query time

Alternatives

drizzle-api kysely-api knex-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Slonik.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered