Security News
crates.io Ships Security Tab and Tightens Publishing Controls
crates.io adds a Security tab backed by RustSec advisories and narrows trusted publishing paths to reduce common CI publishing risks.
By Sarah Gooding - Jan 27, 2026
Latest Socket ResearchMalicious Chrome Extension Performs Hidden Affiliate Hijacking.Details →
es6-sql
warning: in development, do not use, but do contribute 😺
Stop wasting your life with embedded DSLs [1], and just write SQL.
sql`SQL...`
Interpolate scope safely into SQL statement.
var sql = require('es6-sql');
var table = 'interp_user_table',
user_id = 100;
var query = sql`
SELECT *
FROM ${table}
WHERE
user_id = ${user_id}
OR user_id IN (1,2,3)
OR user_id IN (${sql`SELECT user_id FROM all_users WHERE is_active = True`})`
.and`hello = ${123}`
.or`foo IN (SELECT foo FROM foo)`;
sql.and`SQL...`
sql.or`SQL...`
Compose your SQL filters using AND.
sql.toString()
Serialize your SQL statement into a string with values interpolated.
console.log(query.toString());
SELECT *
FROM `interp_user_table`
WHERE (((((`user_id` = `$1`) OR (`user_id` IN (1, 2, 3))) OR (`user_id` IN (`SELECT `user_id`
FROM `all_users`
WHERE (`is_active` = TRUE)`))) AND (`hello` = `$2`)) OR (`foo` IN (
SELECT `foo`
FROM `foo`
)))
sql.parameters
console.log(query.parameters);
[100, 123]
[1]
- http://www.sqlalchemy.org/
- https://docs.djangoproject.com/en/1.8/topics/db/queries/
- http://www.rubydoc.info/gems/activerecord/4.2.4
- http://datamapper.org/
- http://sequel.jeremyevans.net/
- https://hackage.haskell.org/package/esqueleto
- https://hackage.haskell.org/package/haskelldb
- http://docs.sequelizejs.com/en/latest/
- http://dresende.github.io/node-orm2/
- https://github.com/1602/jugglingdb
- http://propelorm.org/
- http://stainless-steel.github.io/sql/sql/index.html
Keywords
FAQs
Write SQL with SQL
We found that es6-sql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Sep 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Performs Hidden Affiliate Hijacking
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consent.
By Kush Pandya - Jan 27, 2026
Security News
curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
By Sarah Gooding - Jan 23, 2026