@filtron/sql
Advanced tools
SQL WHERE clause generator for Filtron AST with parameterized queries.
bun add @filtron/sql
import { parse } from "@filtron/core";
import { toSQL } from "@filtron/sql";
const result = parse('age > 18 AND status = "active"');
if (result.success) {
const { sql, params } = toSQL(result.ast);
// sql: "(age > $1 AND status = $2)"
// params: [18, "active"]
const users = await db.query(`SELECT * FROM users WHERE ${sql}`, params);
}
toSQL(ast, options?)Converts a Filtron AST to a parameterized SQL WHERE clause.
Options:
| Option | Type | Description |
|---|---|---|
parameterStyle | 'numbered' | 'question' | Placeholder style: $1 (default) or ? |
fieldMapper | (field) => string | Transform field names to column names |
valueMapper | (value) => value | Transform values (useful for LIKE wildcards) |
startIndex | number | Starting parameter index (default: 1) |
const { sql, params } = toSQL(ast, {
parameterStyle: "question", // for MySQL/SQLite
fieldMapper: (field) => `users.${field}`,
});
Helpers for use with valueMapper when using the LIKE operator (~):
import { toSQL, contains, prefix, suffix, escapeLike } from "@filtron/sql";
// contains("foo") → "%foo%"
// prefix("foo") → "foo%"
// suffix("foo") → "%foo"
// escapeLike("foo%bar") → "foo\\%bar"
const { sql, params } = toSQL(ast, { valueMapper: contains });
This library generates parameterized queries to prevent SQL injection:
const { sql, params } = toSQL(ast);
db.query(`SELECT * FROM users WHERE ${sql}`, params);
// Params: ["admin' OR '1'='1"] - safely escaped
FAQs
Filtron helper: generate safe, parameterized SQL WHERE clauses from filter expressions
The npm package @filtron/sql receives a total of 0 weekly downloads. As such, @filtron/sql popularity was classified as not popular.
We found that @filtron/sql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads.
Research
/Security News
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Security News
ENISA’s new package manager advisory outlines the dependency security practices companies will need to demonstrate as the EU’s Cyber Resilience Act begins enforcing software supply chain requirements.