Squirrel (Go SQL query builder)

Fluent SQL query builder for Go that generates SQL queries programmatically without an ORM. Provides a chainable API for building SELECT, INSERT, UPDATE, and DELETE statements with safe parameter binding. Works with any sql.DB compatible database. The standard choice in Go when you want programmatic query construction without full ORM overhead — used extensively in Go microservices.

Evaluated Mar 06, 2026 (0d ago) v1.x
Homepage ↗ Repo ↗ Developer Tools go sql query-builder postgres mysql fluent database no-orm
⚙ Agent Friendliness
63
/ 100
Can an agent use this?
🔒 Security
86
/ 100
Is it safe for agents?
⚡ Reliability
83
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
80
Error Messages
75
Auth Simplicity
92
Rate Limits
95

🔒 Security

TLS Enforcement
90
Auth Strength
88
Scope Granularity
85
Dep. Hygiene
78
Secret Handling
88

Parameterized queries prevent SQL injection by default. Archived library — no security patches; evaluate alternatives for new projects.

⚡ Reliability

Uptime/SLA
85
Version Stability
85
Breaking Changes
85
Error Recovery
78
AF Security Reliability

Best When

You need dynamic SQL query construction in Go (conditional filters, varying columns) without raw string manipulation and without the overhead of a full ORM.

Avoid When

You want static SQL with compile-time verification (use sqlc) or full ORM features with migrations (use Ent or GORM).

Use Cases

  • Build dynamic SQL queries in Go with optional filters and conditions that vary at runtime without string concatenation
  • Construct complex multi-condition WHERE clauses programmatically using type-safe chainable Go API
  • Generate INSERT and UPDATE statements from Go structs without full ORM mapping and migrations
  • Batch insert operations with Squirrel's VALUES builder for efficient bulk data operations
  • Write repository pattern database access layers in Go with SQL control but without raw string assembly

Not For

  • Teams wanting entity relationships, migrations, and model definitions — use Ent or GORM for full ORM features
  • Compile-time SQL validation — Squirrel generates SQL at runtime; use sqlc for compile-time checked queries
  • Complex JOINs across many tables — Squirrel handles these but readability degrades with very complex queries

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

Query builder library. Authentication via database connection string.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Apache 2.0 license.

Agent Metadata

Pagination
offset
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • Squirrel uses PostgreSQL's $1, $2 placeholders by default — must configure sq.Dollar placeholder for PostgreSQL or sq.Question for MySQL/SQLite
  • ToSql() returns (string, []interface{}, error) — always check the error return even for simple queries; build errors are runtime not compile-time
  • Column names are not validated — typos in column names produce valid SQL that fails at the database level, not at build time
  • Squirrel does not handle NULL values automatically — must use sql.NullString, sql.NullInt64 etc. for nullable columns in Go structs
  • The StatementBuilderType cache (sq.StatementBuilder.PlaceholderFormat(...)) is not goroutine-safe if shared across goroutines — create per-request builders
  • Squirrel is archived/read-only as of 2023 — no new features; consider Jet or sq library forks for active maintenance

Alternatives

sqlc-go-api ent-go-api gorm-go-api jet-go-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Squirrel (Go SQL query builder).

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered