Breaking change in HTTP query template function usage

8/10 High

Neon's Node.js SDK v19+ introduces a breaking change in how the HTTP query template function can be called. Calling it as a conventional function (with parentheses) is now an SQL injection risk and throws an error, requiring developers to update their applications.

NeonNode.jsSQL
Category
compatibility
Workaround
solid
Stage
build
Freshness
emerging
Scope
single_lib
Upstream
open
Recurring
No
Maintainer
active

Sources

Collection History

Query: “What are the most common pain points with Neon for developers in 2025?4/6/2026

However, the second usage is an SQL injection risk (notice the parentheses) and is no longer permitted and now throws an error. You'll need to update your app if you use it.

Created: 4/6/2026Updated: 4/6/2026