Constructive, the innovative open-source modular Postgres platform, has unveiled the general availability of pgpm, a groundbreaking PostgreSQL package manager that introduces a new paradigm known as Modular Postgres. This advancement is set to transform the landscape of large-scale database application development.
Breaking Down Monolithic Databases
As application teams increasingly seek to share and reuse database logic across various projects, the limitations of PostgreSQL extensions have become apparent. Traditionally, these extensions have served as the primary packaging mechanism, yet they often face restrictions or unavailability on managed services, complicating the safe and consistent sharing of application-layer SQL.
pgpm addresses this challenge by allowing teams to decompose complex databases into focused, composable modules, each with explicit dependencies, isolated testing, and deterministic deployments. This modular approach enables teams to manage the intricacies of modern applications—such as multi-tenant schemas, audit logging, access control, and domain-specific business logic—more effectively than ever before.
With pgpm, teams can separate concerns into distinct modules—like authentication, auditing, or billing—each equipped with its own schema, migrations, and test suite. Modules are designed to declare dependencies explicitly, ensuring they are deployed in the correct topological order and can be developed and tested independently before integration.
Greg Kemnitz, Co-founder of Wirekite.io and former Chief Programmer of the Postgres Project at UC Berkeley, emphasizes the significance of this shift: “What pgpm is doing isn’t extension management—it’s application-level modularity for Postgres. That distinction matters, because it lets developers think about their database the same way they think about their application: as composable, installable building blocks.”
Application-Layer Modularity
pgpm operates at the application layer, where developers can define schemas, tables, functions, policies, and business logic directly in SQL. Unlike traditional PostgreSQL extensions, which are often limited in managed environments, pgpm modules are written in pure SQL and run with standard database permissions. This allows for consistent deployment across local development, continuous integration, and managed PostgreSQL environments without requiring provider approval. Furthermore, these modules can also be packaged as native PostgreSQL extensions when needed.
Composability at Scale
Dan Lynch, Founder and CEO of Constructive, highlights the essence of this innovation: “We’re defining a new category. Modular Postgres gives developers the same composability and reusability at the database layer that modern application developers expect from ecosystems like npm. Build a module once, publish it, and let anyone install and test it with a single command.”
This composability is particularly beneficial for teams working on complex systems. A well-tested audit logging module can serve as a foundation for compliance across services, while a multi-tenant module with Row-Level Security can accelerate SaaS development organization-wide. Instead of duplicating SQL across projects, teams can build on shared, versioned components.
Key Capabilities
- Separation of Concerns — Decompose complex databases into focused modules with clear boundaries and ownership.
- Composable Architecture — Explicit dependencies with automatic, deterministic deployment order.
- Application-Layer Modularity — Reusable schemas, functions, RLS policies, and triggers in pure SQL.
- Idempotent, Reversible Migrations — Deploy, revert, and verify scripts ensure safe, reproducible changes.
- First-Class CI/CD Testing — Test modules in isolation using ephemeral databases and end-to-end workflows, including validation of Row-Level Security policies.
- npm Distribution — Publish and install database modules across projects with a single command.
- Postgres Extension Compatible — Optional dual packaging as native extensions.
- Transactional Safety — All deployments run in transactions with automatic rollback on failure.
Proof Points
The capabilities of pgpm are not merely theoretical; they have already been implemented in complex, real-world systems. The Constructive team successfully packaged the entire Supabase PostgreSQL backend as a set of pgpm modules, enabling local and CI testing against real PostgreSQL infrastructure. This includes end-to-end testing of Row-Level Security policies, enhancing security and bridging the gap between development and production.
Moreover, this modular architecture integrates seamlessly with modern ORMs like Drizzle, allowing teams to combine type-safe application code with reusable, battle-tested database modules without introducing unnecessary abstraction layers between developers and PostgreSQL.
From Zero to Tested, Deployed Modules
Getting started with pgpm is a straightforward process. Teams can initialize a workspace, create modules, install dependencies, and deploy to PostgreSQL using a familiar, package-driven workflow. Workspaces provide a structured foundation, grouping related modules under shared configurations to promote modular design and test-driven workflows from the outset. The outcome is faster iteration, safer changes, and databases that can scale alongside application complexity.
pgpm is currently available via npm. For more information, visit pgpm.io. Comprehensive documentation, tutorials, and courses can be found at constructive.io/learn.
Constructive is dedicated to providing an open-source, modular Postgres platform designed for teams developing secure, production-grade applications. By unifying reusable database modules, deterministic migrations, and test-driven tooling, Constructive aims to create a cohesive architecture that enhances database security, ensuring predictable and verifiable outcomes through strict Row-Level Security patterns and comprehensive testing.
