@nearform/sql
Advanced tools
A simple SQL injection protection module that allows you to use ES6 template strings for escaped statements. Works with postgres.
npm install @nearform/sql
const SQL = require('@nearform/sql')
const db = connectDB() // your db instance
const username = 'user'
const email = 'user@email.com'
const password = 'Password1'
const sql = SQL`INSERT INTO users (username, email, password) VALUES (${username},${email},${password})` // generate SQL query
db.query(sql) // execute query
const username = 'user1'
const email = 'user1@email.com'
const userId = 1
const sql = SQL`UPDATE users SET name = ${username}, email = ${email} `
sql.append(SQL`WHERE id = ${userId}`)
const username = 'user1'
const email = 'user1@email.com'
const userId = 1
const sql = SQL` UPDATE users SET `
const updates = []
updates.push(SQL`name = ${username}`)
updates.push(SQL`email = ${email}`)
sql.append(sql.glue(updates, ' , '))
sql.append(SQL`WHERE id = ${userId}`)
The SQL template string tag parses query and returns an objects that's understandable by postgres:
const username = 'user'
const email = 'user@email.com'
const password = 'Password1'
const sql = SQL`INSERT INTO users (username, email, password) VALUES (${username},${email},${password})` // generate SQL query
sql.text // INSERT INTO users (username, email, password) VALUES ($1 , $2 , $3)
sql.values // ['user, 'user@email.com', 'Password1']
This module can be tested and reported on in a variety of ways...
npm run test # runs tap based unit test suite.
npm run test:security # runs sqlmap security tests.
npm run coverage # generates a coverage report in docs dir.
npm run lint # lints via standardJS.
Find more about @nearform/sql speed here
Copyright nearForm 2018. Licensed under Apache 2.0
FAQs
SQL injection protection module
The npm package @nearform/sql receives a total of 6,918 weekly downloads. As such, @nearform/sql popularity was classified as popular.
We found that @nearform/sql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI package ‘set-utils’ steals Ethereum private keys by exfiltrating them through blockchain transactions via the Polygon RPC.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.