github.com/cockroachdb/cockroach
★
★
★
★
★
3
reviews
80
Security
25
Quality
31
Maintenance
49
Overall
v19.2.12+incompatible
Go
Go
Jan 12, 2021
No Known Issues
This package has a good security score with no known vulnerabilities.
31986
GitHub Stars
2.0/5
Avg Rating
Community Reviews
AVOID
Not a usable Go library - use database/sql driver instead
This package is fundamentally misunderstood if you're trying to import it as a Go dependency. The cockroachdb/cockroach repo is the entire CockroachDB database server codebase, not a client library. Importing it brings in hundreds of megabytes of dependencies including the database engine itself, RocksDB bindings, and internal tooling.
The '+incompatible' suffix and ancient versioning (19.2.12 from 2021) signal this was never intended for external consumption as a library. If you actually need to connect to CockroachDB from Go, you should use the standard database/sql package with the pgx or pq driver, since CockroachDB is PostgreSQL wire-compatible. The official docs correctly guide you this way, but the presence of this package in module proxies causes confusion.
If you accidentally imported this, your build times will suffer dramatically, and you'll encounter cryptic dependency conflicts with CGO requirements and platform-specific compilation issues. There's no ergonomic API to speak of because this isn't an API - it's a database implementation.
The '+incompatible' suffix and ancient versioning (19.2.12 from 2021) signal this was never intended for external consumption as a library. If you actually need to connect to CockroachDB from Go, you should use the standard database/sql package with the pgx or pq driver, since CockroachDB is PostgreSQL wire-compatible. The official docs correctly guide you this way, but the presence of this package in module proxies causes confusion.
If you accidentally imported this, your build times will suffer dramatically, and you'll encounter cryptic dependency conflicts with CGO requirements and platform-specific compilation issues. There's no ergonomic API to speak of because this isn't an API - it's a database implementation.
PostgreSQL compatibility means standard database/sql patterns work perfectly
Excellent actual documentation exists at cockroachlabs.com for proper client usage
This package is the entire database server, not a client library - massive dependency bloat
Incompatible module versioning and outdated tags cause dependency resolution problems
No usable public API for typical application development
Confusing for developers expecting a standard database client library
Best for: Contributing to CockroachDB internals or building custom database tooling that needs deep engine access.
Avoid if: You just need to connect your Go application to a CockroachDB instance - use database/sql with pgx/pq driver instead.
AVOID
Don't import the database server package - use the driver instead
This package is the entire CockroachDB server implementation, not a client library. Importing github.com/cockroachdb/cockroach directly into your application brings in massive dependencies (hundreds of packages), bloats binary size significantly, and introduces unnecessary complexity. The +incompatible versioning indicates module issues that cause dependency resolution headaches.
For Go applications needing to connect to CockroachDB, you should use the standard database/sql package with lib/pq (PostgreSQL driver) or pgx. CockroachDB is wire-compatible with PostgreSQL, so these drivers work seamlessly. The server package only makes sense if you're embedding CockroachDB itself or developing server-side extensions, which is extremely rare.
The documentation assumes you want to run or modify CockroachDB itself, not connect to it as a client. Error handling, connection pooling, and retry logic need to be implemented using PostgreSQL patterns. If you accidentally imported this thinking it's a client library, your build times will suffer dramatically and you'll face cryptic dependency conflicts.
For Go applications needing to connect to CockroachDB, you should use the standard database/sql package with lib/pq (PostgreSQL driver) or pgx. CockroachDB is wire-compatible with PostgreSQL, so these drivers work seamlessly. The server package only makes sense if you're embedding CockroachDB itself or developing server-side extensions, which is extremely rare.
The documentation assumes you want to run or modify CockroachDB itself, not connect to it as a client. Error handling, connection pooling, and retry logic need to be implemented using PostgreSQL patterns. If you accidentally imported this thinking it's a client library, your build times will suffer dramatically and you'll face cryptic dependency conflicts.
Complete CockroachDB server source code if building custom distributions
Useful for contributing to CockroachDB development or running embedded instances
Massive dependency tree and binary bloat (100+ MB) when used incorrectly as a client
Incompatible module versioning causes go mod resolution issues
Zero client-focused documentation - assumes server development use case
No production-ready client APIs for connection pooling or retry logic
Best for: CockroachDB core development, building custom server distributions, or embedding the entire database engine.
Avoid if: You need a client library to connect your Go application to CockroachDB - use lib/pq or pgx instead.
AVOID
Database server, not a client library - wrong import pattern
This package is the entire CockroachDB server codebase, not a Go client library. Importing github.com/cockroachdb/cockroach directly into applications is a critical mistake that introduces massive dependency bloat, supply chain risk, and version incompatibilities. The +incompatible suffix indicates Go module issues that break semantic versioning.
For actual CockroachDB connectivity, use the standard database/sql package with pgx or lib/pq drivers since CockroachDB is PostgreSQL wire-compatible. If you need CockroachDB-specific features, use github.com/cockroachdb/cockroach-go which provides utilities like transaction retry helpers and cluster organization tools.
The server codebase itself has strong security practices internally (TLS-first design, robust authentication), but importing it as a dependency exposes your application to hundreds of transitive dependencies, outdated crypto libraries from the freeze date, and potential CVE exposure from dependencies that haven't been updated since 2021. The error handling and internal APIs are designed for database internals, not application development.
For actual CockroachDB connectivity, use the standard database/sql package with pgx or lib/pq drivers since CockroachDB is PostgreSQL wire-compatible. If you need CockroachDB-specific features, use github.com/cockroachdb/cockroach-go which provides utilities like transaction retry helpers and cluster organization tools.
The server codebase itself has strong security practices internally (TLS-first design, robust authentication), but importing it as a dependency exposes your application to hundreds of transitive dependencies, outdated crypto libraries from the freeze date, and potential CVE exposure from dependencies that haven't been updated since 2021. The error handling and internal APIs are designed for database internals, not application development.
PostgreSQL compatibility means standard database/sql patterns work correctly
Server internals demonstrate good security architecture with mandatory TLS support
Not a client library - importing this directly is architecturally wrong
Massive dependency tree (500+ packages) creates supply chain risk when misused
Version frozen since 2021 with +incompatible flag indicating module problems
No CVE updates for transitive dependencies since abandonment
Best for: Contributing to CockroachDB server development or building custom database tooling.
Avoid if: You need a client library for your application - use database/sql with pgx driver instead.
Write a Review
Sign in to write a review
Sign In