node package manager



Build Status

A Bookshelf plugin that provides fillable and guarded properties on the model to prevent certain properties from being mass-assignable. Inspired by Laravel's Eloquent ORM.


Install the module from npm:

npm install bookshelf-mass-assignment


Initialize the plugin with:

const bookshelf = require('bookshelf');

Then in your Bookshelf models, you can use the fillable or guarded properties.

const User = bookshelf.Model.extend({
  tableName: 'users',
  // Specifies that only these user properties are mass-assignable. 
  fillable: ['email', 'first_name', 'last_name']

The fillable property serves as a list of whitelisted user attributes that can be assigned to the model. Alternatively, you can use the guarded property to specify a blacklist of user attributes that cannot be assigned:

const User = bookshelf.Model.extend({
  tableName: 'users',
  // Specifies that these properties are not mass-assignable. 
  guarded: ['id', 'is_admin']

Then save the model as usual:

new User().save({ first_name: 'Bob', is_admin: true })
  .then(user => console.log('Successfully saved user!'))
  .catch(err => console.log(err.message)); // Outputs: "Couldn't save model! Attributes are invalid." 

If you don't want a hard error to be thrown when protected attributes are present, then add silent: true to the options object in save. This will ignore any attributes not in fillable if fillable is provided, or will ignore any attributes in guarded if guarded is provided:

new User().save({ first_name: 'Bob', is_admin: true }, { silent: true })
  .then(user => console.log('Successfully saved user!')) // Only saved { first_name: 'Bob' }. 
  .catch(err => console.log(err.message));

Note that you can only use either fillable or guarded, not both.


Licensed under the terms of the MIT License.