npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@withpanache/postgres

v0.1.0

Published

Push your PostgreSQL schema to Panache for security and RLS analysis. Framework-agnostic, works with any Postgres project.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

etabardetabard

Keywords

postgresqlpostgresschemarlssecuritymonitoringpanache

Readme

@withpanache/postgres

Push your PostgreSQL schema DDL to Panache for security and RLS analysis. Framework-agnostic: works with any Postgres project, any ORM, any CI/CD.

Install

pnpm add -D @withpanache/postgres
# or npm install -D @withpanache/postgres
# or yarn add -D @withpanache/postgres

CLI

panache-postgres push [options]

Examples

From a pg_dump output (works with any Postgres project):

pg_dump --schema-only "$DATABASE_URL" \
  | panache-postgres push --token "$PANACHE_SITE_TOKEN"

From a SQL file:

panache-postgres push --schema ./db/schema.sql --token "$PANACHE_SITE_TOKEN"

From a Drizzle project (auto-detects drizzle.config.* and runs drizzle-kit export for you):

panache-postgres push --from drizzle --token "$PANACHE_SITE_TOKEN"

With CI metadata:

panache-postgres push \
  --schema ./db/schema.sql \
  --git-sha "$CI_COMMIT_SHA" \
  --branch "$CI_COMMIT_BRANCH" \
  --preview-url "$CI_PREVIEW_URL"

Options

| Flag | Description | |---|---| | --schema <file> | Read DDL from a SQL file | | --from drizzle | Auto-detect a Drizzle project and export via drizzle-kit export --dialect=postgresql | | (stdin) | If neither --schema nor --from is set, read from stdin | | --token <token> | Panache site token (or PANACHE_SITE_TOKEN env var) | | --api-url <url> | Ingest API URL (default https://withpanache.dev/api/v1/ingest) | | --orm <name> | Informational label (prisma, pg-dump, knex, etc.) | | --git-sha <sha> | Git commit SHA metadata | | --branch <name> | Git branch name metadata | | --preview-url <url> | Preview deployment URL metadata |

Exit codes

  • 0: schema pushed successfully
  • 1: push failed (network error, non-2xx response, validation error)
  • 2: invalid arguments or missing inputs

Library API

Use from any Node script:

import { pushSchema, generateSchemaFromDrizzle } from "@withpanache/postgres"
import { readFileSync } from "node:fs"

// Raw DDL from a file
const ddl = readFileSync("./db/schema.sql", "utf-8")
const result = await pushSchema({
  token: process.env.PANACHE_SITE_TOKEN!,
  ddl,
  metadata: {
    orm: "pg-dump",
    gitSha: process.env.CI_COMMIT_SHA,
    branch: process.env.CI_COMMIT_BRANCH,
  },
})

if (!result.ok) {
  console.error("push failed:", result.error)
  process.exit(1)
}

Drizzle helper

import { pushSchema, generateSchemaFromDrizzle } from "@withpanache/postgres"

const schema = generateSchemaFromDrizzle(process.cwd())
if (!schema) {
  throw new Error("no Drizzle project detected")
}

await pushSchema({
  token: process.env.PANACHE_SITE_TOKEN!,
  ddl: schema.ddl,
  metadata: {
    orm: "drizzle",
    ormVersion: schema.ormVersion,
  },
})

The walk-up detection handles split-workspace monorepos: drizzle.config.ts can live in apps/web/ while drizzle-kit is declared in the root package.json, or vice versa.

What Panache does with your schema

Panache imports your DDL into an ephemeral, sandboxed PostgreSQL instance and runs a set of pg_catalog queries to detect:

  • Tables missing Row Level Security
  • RLS-enabled tables with no policies (effectively denying all access)
  • PUBLIC role grants on destructive privileges (INSERT, UPDATE, DELETE, TRUNCATE)
  • Roles with BYPASSRLS or SUPERUSER privileges
  • A full per-table × per-role permissions matrix

Results appear in your Panache dashboard under /databases.

The analysis database is dropped and recreated between every run. Your DDL is never persisted beyond the temporary ingest bucket scoped to your site.

License

MIT