db.tsFeatures
- Tagged template literals to protect against SQL injection
- Transactions
- Named & positional parameters
- Connection pooling
BigIntsupport- SASL Auth support (SCRAM-SHA-256), MD5, and Clear Text
- Connection timeouts
- Returning rows as data objects, arrays of arrays, or Buffer
- Binary protocol support makes it faster
- TLS support (and auth mode)
- Automatic configuration with environment variable
Database Support
Bun.SQL provides a unified API for multiple database systems:
PostgreSQL
PostgreSQL is used when:- The connection string doesn’t match SQLite or MySQL patterns (it’s the fallback adapter)
- The connection string explicitly uses
postgres://orpostgresql://protocols - No connection string is provided and environment variables point to PostgreSQL
db.tsMySQL
MySQL support is built into Bun.SQL, providing the same tagged template literal interface with full compatibility for MySQL 5.7+ and MySQL 8.0+:db.tsMySQL Connection String Formats
MySQL Connection String Formats
MySQL accepts various URL formats for connection strings:
MySQL-Specific Features
MySQL-Specific Features
MySQL databases support:
- Prepared statements: Automatically created for parameterized queries with statement caching
- Binary protocol: For better performance with prepared statements and accurate type handling
- Multiple result sets: Support for stored procedures returning multiple result sets
- Authentication plugins: Support for mysql_native_password, caching_sha2_password (MySQL 8.0 default), and sha256_password
- SSL/TLS connections: Configurable SSL modes similar to PostgreSQL
- Connection attributes: Client information sent to server for monitoring
- Query pipelining: Execute multiple prepared statements without waiting for responses
SQLite
SQLite support is built into Bun.SQL, providing the same tagged template literal interface:SQLite Connection String Formats
SQLite Connection String Formats
SQLite accepts various URL formats for connection strings:
Simple filenames without a protocol (like
"myapp.db") require explicitly specifying { adapter: "sqlite" } to avoid ambiguity with PostgreSQL.SQLite-Specific Options
SQLite-Specific Options
SQLite databases support additional configuration options:Query parameters in the URL are parsed to set these options:
?mode=ro→readonly: true?mode=rw→readonly: false, create: false?mode=rwc→readonly: false, create: true(default)
Inserting data
You can pass JavaScript values directly to the SQL template literal and escaping will be handled for you.Bulk Insert
You can also pass arrays of objects to the SQL template literal and it will be expanded to aINSERT INTO ... VALUES ... statement.
Picking columns to insert
You can usesql(object, ...string) to pick which columns to insert. Each of the columns must be defined on the object.
Query Results
By default, Bun’s SQL client returns query results as arrays of objects, where each object represents a row with column names as keys. However, there are cases where you might want the data in a different format. The client provides two additional methods for this purpose.sql``.values() format
The sql``.values() method returns rows as arrays of values rather than objects. Each row becomes an array where the values are in the same order as the columns in your query.
sql``.values() is especially useful if duplicate column names are returned in the query results. When using objects (the default), the last column name is used as the key in the object, which means duplicate column names overwrite each other — but when using sql``.values(), each column is present in the array so you can access the values of duplicate columns by index.
sql``.raw() format
The .raw() method returns rows as arrays of Buffer objects. This can be useful for working with binary data or for performance reasons.
SQL Fragments
A common need in database applications is the ability to construct queries dynamically based on runtime conditions. Bun provides safe ways to do this without risking SQL injection.Dynamic Table Names
When you need to reference tables or schemas dynamically, use thesql() helper to ensure proper escaping:
Conditional Queries
You can use thesql() helper to build queries with conditional clauses. This allows you to create flexible queries that adapt to your application’s needs:
Dynamic columns in updates
You can usesql(object, ...string) to pick which columns to update. Each of the columns must be defined on the object. If the columns are not informed all keys will be used to update the row.
Dynamic values and where in
Value lists can also be created dynamically, making where in queries simple too. Optionally you can pass a array of objects and inform what key to use to create the list.
sql.array helper
The sql.array helper creates PostgreSQL array literals from JavaScript arrays:
sql.array is PostgreSQL-only. Multi-dimensional arrays and NULL elements may not be supported
yet.sql``.simple()
The PostgreSQL wire protocol supports two types of queries: “simple” and “extended”. Simple queries can contain multiple statements but don’t support parameters, while extended queries (the default) support parameters but only allow one statement.
To run multiple statements in a single query, use sql``.simple():
${value}). If you need parameters, you must split your query into separate statements.
Queries in files
You can use thesql.file method to read a query from a file and execute it, if the file includes 2, etc you can pass parameters to the query. If no parameters are used it can execute multiple commands per file.
Unsafe Queries
You can use thesql.unsafe function to execute raw SQL strings. Use this with caution, as it will not escape user input. Executing more than one command per query is allowed if no parameters are used.
Execute and Cancelling Queries
Bun’s SQL is lazy, which means it will only start executing when awaited or executed with.execute().
You can cancel a query that is currently executing by calling the cancel() method on the query object.
Database Environment Variables
sql connection parameters can be configured using environment variables. The client checks these variables in a specific order of precedence and automatically detects the database type based on the connection string format.
Automatic Database Detection
When usingBun.sql() without arguments or new SQL() with a connection string, the adapter is automatically detected based on the URL format:
MySQL Auto-Detection
MySQL is automatically selected when the connection string matches these patterns:mysql://...- MySQL protocol URLsmysql2://...- MySQL2 protocol URLs (compatibility alias)
SQLite Auto-Detection
SQLite is automatically selected when the connection string matches these patterns::memory:- In-memory databasesqlite://...- SQLite protocol URLssqlite:...- SQLite protocol without slashesfile://...- File protocol URLsfile:...- File protocol without slashes
PostgreSQL Auto-Detection
PostgreSQL is the default for connection strings that don’t match MySQL or SQLite patterns:MySQL Environment Variables
MySQL connections can be configured via environment variables:| Environment Variable | Default Value | Description |
|---|---|---|
MYSQL_HOST | localhost | Database host |
MYSQL_PORT | 3306 | Database port |
MYSQL_USER | root | Database user |
MYSQL_PASSWORD | (empty) | Database password |
MYSQL_DATABASE | mysql | Database name |
MYSQL_URL | (empty) | Primary connection URL for MySQL |
TLS_MYSQL_DATABASE_URL | (empty) | SSL/TLS-enabled connection URL |
PostgreSQL Environment Variables
The following environment variables can be used to define the PostgreSQL connection:| Environment Variable | Description |
|---|---|
POSTGRES_URL | Primary connection URL for PostgreSQL |
DATABASE_URL | Alternative connection URL (auto-detected) |
PGURL | Alternative connection URL |
PG_URL | Alternative connection URL |
TLS_POSTGRES_DATABASE_URL | SSL/TLS-enabled connection URL |
TLS_DATABASE_URL | Alternative SSL/TLS-enabled connection URL |
| Environment Variable | Fallback Variables | Default Value | Description |
|---|---|---|---|
PGHOST | - | localhost | Database host |
PGPORT | - | 5432 | Database port |
PGUSERNAME | PGUSER, USER, USERNAME | postgres | Database user |
PGPASSWORD | - | (empty) | Database password |
PGDATABASE | - | username | Database name |
SQLite Environment Variables
SQLite connections can be configured viaDATABASE_URL when it contains a SQLite-compatible URL:
POSTGRES_URL, PGHOST, etc.) are ignored when using SQLite.
Runtime Preconnection
Bun can preconnect to PostgreSQL at startup to improve performance by establishing database connections before your application code runs. This is useful for reducing connection latency on the first database query.--sql-preconnect flag will automatically establish a PostgreSQL connection using your configured environment variables at startup. If the connection fails, it won’t crash your application - the error will be handled gracefully.
Connection Options
You can configure your database connection manually by passing options to the SQL constructor. Options vary depending on the database adapter:MySQL Options
PostgreSQL Options
SQLite Options
SQLite Connection Notes
SQLite Connection Notes
- Connection Pooling: SQLite doesn’t use connection pooling as it’s a file-based database. Each
SQLinstance represents a single connection. - Transactions: SQLite supports nested transactions through savepoints, similar to PostgreSQL.
- Concurrent Access: SQLite handles concurrent access through file locking. Use WAL mode for better concurrency.
- Memory Databases: Using
:memory:creates a temporary database that exists only for the connection lifetime.
Dynamic passwords
When clients need to use alternative authentication schemes such as access tokens or connections to databases with rotating passwords, provide either a synchronous or asynchronous function that will resolve the dynamic password value at connection time.SQLite-Specific Features
Query Execution
SQLite executes queries synchronously, unlike PostgreSQL which uses asynchronous I/O. However, the API remains consistent using Promises:SQLite Pragmas
You can use PRAGMA statements to configure SQLite behavior:Data Type Differences
SQLite has a more flexible type system than PostgreSQL:Transactions
To start a new transaction, usesql.begin. This method works for both PostgreSQL and SQLite. For PostgreSQL, it reserves a dedicated connection from the pool. For SQLite, it begins a transaction on the single connection.
The BEGIN command is sent automatically, including any optional configurations you specify. If an error occurs during the transaction, a ROLLBACK is triggered to ensure the process continues smoothly.
Basic Transactions
Savepoints
Savepoints in SQL create intermediate checkpoints within a transaction, enabling partial rollbacks without affecting the entire operation. They are useful in complex transactions, allowing error recovery and maintaining consistent results.Distributed Transactions
Two-Phase Commit (2PC) is a distributed transaction protocol where Phase 1 has the coordinator preparing nodes by ensuring data is written and ready to commit, while Phase 2 finalizes with nodes either committing or rolling back based on the coordinator’s decision. This process ensures data durability and proper lock management. In PostgreSQL and MySQL, distributed transactions persist beyond their original session, allowing privileged users or coordinators to commit or rollback them later. This supports robust distributed transactions, recovery processes, and administrative operations. Each database system implements distributed transactions differently: PostgreSQL natively supports them through prepared transactions, while MySQL uses XA Transactions. If any exceptions occur during the distributed transaction and aren’t caught, the system will automatically rollback all changes. When everything proceeds normally, you maintain the flexibility to either commit or rollback the transaction later.Authentication
Bun supports SCRAM-SHA-256 (SASL), MD5, and Clear Text authentication. SASL is recommended for better security. Check Postgres SASL Authentication for more information.SSL Modes Overview
PostgreSQL supports different SSL/TLS modes to control how secure connections are established. These modes determine the behavior when connecting and the level of certificate verification performed.| SSL Mode | Description |
|---|---|
disable | No SSL/TLS used. Connections fail if server requires SSL. |
prefer | Tries SSL first, falls back to non-SSL if SSL fails. Default mode if none specified. |
require | Requires SSL without certificate verification. Fails if SSL cannot be established. |
verify-ca | Verifies server certificate is signed by trusted CA. Fails if verification fails. |
verify-full | Most secure mode. Verifies certificate and hostname match. Protects against untrusted certificates and MITM attacks. |
Using With Connection Strings
The SSL mode can also be specified in connection strings:Connection Pooling
Bun’s SQL client automatically manages a connection pool, which is a pool of database connections that are reused for multiple queries. This helps to reduce the overhead of establishing and closing connections for each query, and it also helps to manage the number of concurrent connections to the database.Reserved Connections
Bun enables you to reserve a connection from the pool, and returns a client that wraps the single connection. This can be used for running queries on an isolated connection.Prepared Statements
By default, Bun’s SQL client automatically creates named prepared statements for queries where it can be inferred that the query is static. This provides better performance. However, you can change this behavior by settingprepare: false in the connection options:
prepare: false is set:
Queries are still executed using the “extended” protocol, but they are executed using unnamed prepared statements, an unnamed prepared statement lasts only until the next Parse statement specifying the unnamed statement as destination is issued.
- Parameter binding is still safe against SQL injection
- Each query is parsed and planned from scratch by the server
- Queries will not be pipelined
prepare: false when:
- Using PGBouncer in transaction mode (though since PGBouncer 1.21.0, protocol-level named prepared statements are supported when configured properly)
- Debugging query execution plans
- Working with dynamic SQL where query plans need to be regenerated frequently
- More than one command per query will not be supported (unless you use
sql``.simple())
Error Handling
The client provides typed errors for different failure scenarios. Errors are database-specific and extend from base error classes:Error Classes
PostgreSQL-Specific Error Codes
PostgreSQL-Specific Error Codes
PostgreSQL Connection Errors
| Connection Errors | Description |
|---|---|
ERR_POSTGRES_CONNECTION_CLOSED | Connection was terminated or never established |
ERR_POSTGRES_CONNECTION_TIMEOUT | Failed to establish connection within timeout period |
ERR_POSTGRES_IDLE_TIMEOUT | Connection closed due to inactivity |
ERR_POSTGRES_LIFETIME_TIMEOUT | Connection exceeded maximum lifetime |
ERR_POSTGRES_TLS_NOT_AVAILABLE | SSL/TLS connection not available |
ERR_POSTGRES_TLS_UPGRADE_FAILED | Failed to upgrade connection to SSL/TLS |
Authentication Errors
| Authentication Errors | Description |
|---|---|
ERR_POSTGRES_AUTHENTICATION_FAILED_PBKDF2 | Password authentication failed |
ERR_POSTGRES_UNKNOWN_AUTHENTICATION_METHOD | Server requested unknown auth method |
ERR_POSTGRES_UNSUPPORTED_AUTHENTICATION_METHOD | Server requested unsupported auth method |
ERR_POSTGRES_INVALID_SERVER_KEY | Invalid server key during authentication |
ERR_POSTGRES_INVALID_SERVER_SIGNATURE | Invalid server signature |
ERR_POSTGRES_SASL_SIGNATURE_INVALID_BASE64 | Invalid SASL signature encoding |
ERR_POSTGRES_SASL_SIGNATURE_MISMATCH | SASL signature verification failed |
Query Errors
| Query Errors | Description |
|---|---|
ERR_POSTGRES_SYNTAX_ERROR | Invalid SQL syntax (extends SyntaxError) |
ERR_POSTGRES_SERVER_ERROR | General error from PostgreSQL server |
ERR_POSTGRES_INVALID_QUERY_BINDING | Invalid parameter binding |
ERR_POSTGRES_QUERY_CANCELLED | Query was cancelled |
ERR_POSTGRES_NOT_TAGGED_CALL | Query was called without a tagged call |
Data Type Errors
| Data Type Errors | Description |
|---|---|
ERR_POSTGRES_INVALID_BINARY_DATA | Invalid binary data format |
ERR_POSTGRES_INVALID_BYTE_SEQUENCE | Invalid byte sequence |
ERR_POSTGRES_INVALID_BYTE_SEQUENCE_FOR_ENCODING | Encoding error |
ERR_POSTGRES_INVALID_CHARACTER | Invalid character in data |
ERR_POSTGRES_OVERFLOW | Numeric overflow |
ERR_POSTGRES_UNSUPPORTED_BYTEA_FORMAT | Unsupported binary format |
ERR_POSTGRES_UNSUPPORTED_INTEGER_SIZE | Integer size not supported |
ERR_POSTGRES_MULTIDIMENSIONAL_ARRAY_NOT_SUPPORTED_YET | Multidimensional arrays not supported |
ERR_POSTGRES_NULLS_IN_ARRAY_NOT_SUPPORTED_YET | NULL values in arrays not supported |
Protocol Errors
| Protocol Errors | Description |
|---|---|
ERR_POSTGRES_EXPECTED_REQUEST | Expected client request |
ERR_POSTGRES_EXPECTED_STATEMENT | Expected prepared statement |
ERR_POSTGRES_INVALID_BACKEND_KEY_DATA | Invalid backend key data |
ERR_POSTGRES_INVALID_MESSAGE | Invalid protocol message |
ERR_POSTGRES_INVALID_MESSAGE_LENGTH | Invalid message length |
ERR_POSTGRES_UNEXPECTED_MESSAGE | Unexpected message type |
Transaction Errors
| Transaction Errors | Description |
|---|---|
ERR_POSTGRES_UNSAFE_TRANSACTION | Unsafe transaction operation detected |
ERR_POSTGRES_INVALID_TRANSACTION_STATE | Invalid transaction state |
SQLite-Specific Errors
SQLite errors provide error codes and numbers that correspond to SQLite’s standard error codes:Common SQLite Error Codes
Common SQLite Error Codes
| Error Code | errno | Description |
|---|---|---|
SQLITE_CONSTRAINT | 19 | Constraint violation (UNIQUE, CHECK, NOT NULL, etc.) |
SQLITE_BUSY | 5 | Database is locked |
SQLITE_LOCKED | 6 | Table in the database is locked |
SQLITE_READONLY | 8 | Attempt to write to a readonly database |
SQLITE_IOERR | 10 | Disk I/O error |
SQLITE_CORRUPT | 11 | Database disk image is malformed |
SQLITE_FULL | 13 | Database or disk is full |
SQLITE_CANTOPEN | 14 | Unable to open database file |
SQLITE_PROTOCOL | 15 | Database lock protocol error |
SQLITE_SCHEMA | 17 | Database schema has changed |
SQLITE_TOOBIG | 18 | String or BLOB exceeds size limit |
SQLITE_MISMATCH | 20 | Data type mismatch |
SQLITE_MISUSE | 21 | Library used incorrectly |
SQLITE_AUTH | 23 | Authorization denied |
Numbers and BigInt
Bun’s SQL client includes special handling for large numbers that exceed the range of a 53-bit integer. Here’s how it works:BigInt Instead of Strings
If you need large numbers as BigInt instead of strings, you can enable this by setting thebigint option to true when initializing the SQL client:
Roadmap
There’s still some things we haven’t finished yet.- Connection preloading via
--db-preconnectBun CLI flag - Column name transforms (e.g.
snake_casetocamelCase). This is mostly blocked on a unicode-aware implementation of changing the case in C++ using WebKit’sWTF::String. - Column type transforms
Database-Specific Features
Authentication Methods
MySQL supports multiple authentication plugins that are automatically negotiated:mysql_native_password- Traditional MySQL authentication, widely compatiblecaching_sha2_password- Default in MySQL 8.0+, more secure with RSA key exchangesha256_password- SHA-256 based authentication
Prepared Statements & Performance
MySQL uses server-side prepared statements for all parameterized queries:Multiple Result Sets
MySQL can return multiple result sets from multi-statement queries:Character Sets & Collations
Bun.SQL automatically usesutf8mb4 character set for MySQL connections, ensuring full Unicode support including emojis. This is the recommended character set for modern MySQL applications.
Connection Attributes
Bun automatically sends client information to MySQL for better monitoring:Type Handling
MySQL types are automatically converted to JavaScript types:| MySQL Type | JavaScript Type | Notes |
|---|---|---|
| INT, TINYINT, MEDIUMINT | number | Within safe integer range |
| BIGINT | string, number or BigInt | If the value fits in i32/u32 size will be number otherwise string or BigInt Based on bigint option |
| DECIMAL, NUMERIC | string | To preserve precision |
| FLOAT, DOUBLE | number | |
| DATE | Date | JavaScript Date object |
| DATETIME, TIMESTAMP | Date | With timezone handling |
| TIME | number | Total of microseconds |
| YEAR | number | |
| CHAR, VARCHAR, VARSTRING, STRING | string | |
| TINY TEXT, MEDIUM TEXT, TEXT, LONG TEXT | string | |
| TINY BLOB, MEDIUM BLOB, BLOG, LONG BLOB | string | BLOB Types are alias for TEXT types |
| JSON | object/array | Automatically parsed |
| BIT(1) | boolean | BIT(1) in MySQL |
| GEOMETRY | string | Geometry data |
Differences from PostgreSQL
While the API is unified, there are some behavioral differences:- Parameter placeholders: MySQL uses
?internally but Bun converts$1, $2style automatically - RETURNING clause: MySQL doesn’t support RETURNING; use
result.lastInsertRowidor a separate SELECT - Array types: MySQL doesn’t have native array types like PostgreSQL
MySQL-Specific Features
We haven’t implementedLOAD DATA INFILE support yet
PostgreSQL-Specific Features
We haven’t implemented these yet:COPYsupportLISTENsupportNOTIFYsupport
- GSSAPI authentication
SCRAM-SHA-256-PLUSsupport- Point & PostGIS types
- All the multi-dimensional integer array types (only a couple of the types are supported)
Common Patterns & Best Practices
Working with MySQL Result Sets
MySQL Error Handling
Performance Tips for MySQL
- Use connection pooling: Set appropriate
maxpool size based on your workload - Enable prepared statements: They’re enabled by default and improve performance
- Use transactions for bulk operations: Group related queries in transactions
- Index properly: MySQL relies heavily on indexes for query performance
- Use
utf8mb4charset: It’s set by default and handles all Unicode characters
Frequently Asked Questions
Why is this `Bun.sql` and not `Bun.postgres`?
Why is this `Bun.sql` and not `Bun.postgres`?
The plan was to add more database drivers in the future. Now with MySQL support added, this unified API supports PostgreSQL, MySQL, and SQLite.
How do I know which database adapter is being used?
How do I know which database adapter is being used?
The adapter is automatically detected from the connection string:
- URLs starting with
mysql://ormysql2://use MySQL - URLs matching SQLite patterns (
:memory:,sqlite://,file://) use SQLite - Everything else defaults to PostgreSQL
Are MySQL stored procedures supported?
Are MySQL stored procedures supported?
Yes, stored procedures are fully supported including OUT parameters and multiple result sets:
Can I use MySQL-specific SQL syntax?
Can I use MySQL-specific SQL syntax?
Yes, you can use any MySQL-specific syntax:
Why not just use an existing library?
npm packages like postgres.js, pg, and node-postgres can be used in Bun too. They’re great options. Two reasons why:- We think it’s simpler for developers to have a database driver built into Bun. The time you spend library shopping is time you could be building your app.
- We leverage some JavaScriptCore engine internals to make it faster to create objects that would be difficult to implement in a library