
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
cl-sql-formatter
Advanced tools
SQL Formatter is a JavaScript library for pretty-printing SQL queries. It started as a port of a PHP Library, but has since considerably diverged.
SQL formatter supports the following dialects:
It does not support:
;.Get the latest version from NPM:
npm install sql-formatter
import { format } from 'sql-formatter';
console.log(format('SELECT * FROM tbl'));
This will output:
SELECT
*
FROM
tbl
You can also pass in configuration options:
format('SELECT * FROM tbl', {
language: 'spark', // Defaults to "sql" (see the above list of supported dialects)
indent: ' ', // Defaults to two spaces
uppercase: bool, // Defaults to false (not safe to use when SQL dialect has case-sensitive identifiers)
linesBetweenQueries: 2, // Defaults to 1
});
// Named placeholders
format("SELECT * FROM tbl WHERE foo = @foo", {
params: {foo: "'bar'"}
}));
// Indexed placeholders
format("SELECT * FROM tbl WHERE foo = ?", {
params: ["'bar'"]
}));
Both result in:
SELECT
*
FROM
tbl
WHERE
foo = 'bar'
The CLI tool will be installed under sql-formatter
and may be invoked via npx sql-formatter:
sql-formatter -h
usage: sql-formatter [-h] [-o OUTPUT] [-l {db2,mariadb,mysql,n1ql,plsql,postgresql,redshift,spark,sql,tsql}]
[-i N | -t] [-u] [--lines-between-queries N] [--version] [FILE]
SQL Formatter
positional arguments:
FILE Input SQL file (defaults to stdin)
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
File to write SQL output (defaults to stdout)
-l {db2,mariadb,mysql,n1ql,plsql,postgresql,redshift,spark,sql,tsql},
--language {db2,mariadb,mysql,n1ql,plsql,postgresql,redshift,spark,sql,tsql}
SQL Formatter dialect (defaults to basic sql)
-i N, --indent N Number of spaces to indent query blocks (defaults to 2)
-t, --tab-indent Indent query blocks with tabs instead of spaces
-u, --uppercase Capitalize language keywords
--lines-between-queries N
How many newlines to insert between queries (separated by ";")
--version show program's version number and exit
By default, the tool takes queries from stdin and processes them to stdout but
one can also name an input file name or use the --output option.
echo 'select * from tbl where id = 3' | sql-formatter -u
SELECT
*
FROM
tbl
WHERE
id = 3
If you don't use a module bundler, clone the repository, run npm install and grab a file from /dist directory to use inside a <script> tag.
This makes SQL Formatter available as a global variable window.sqlFormatter.
Make sure to run all checks:
npm run check
...and you're ready to poke us with a pull request.
versions:
xx变成xx,a-b变成a - b问题, @#等][]FAQs
Format whitespace in a SQL query to make it more readable
We found that cl-sql-formatter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.