New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

eslint-plugin-sql

Package Overview
Dependencies
Maintainers
0
Versions
33
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eslint-plugin-sql

SQL linting rules for ESLint.

  • 3.2.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
77
decreased by-97.83%
Maintainers
0
Weekly downloads
 
Created
Source

eslint-plugin-sql

Canonical Code Style Twitter Follow

SQL linting rules for ESLint.

In its current form, the plugin has been designed and tested to work with Postgres codebase.

Installation

  1. Install ESLint.
  2. Install eslint-plugin-sql plugin.
npm install eslint --save-dev
npm install eslint-plugin-sql --save-dev

Configuration

  1. Add plugins section and specify eslint-plugin-sql as a plugin.
  2. Enable rules.
{
  "plugins": [
    "sql"
  ],
  "rules": {
    "sql/format": [
      2,
      {
        "ignoreExpressions": false,
        "ignoreInline": true,
        "ignoreTagless": true
      }
    ],
    "sql/no-unsafe-query": [
      2,
      {
        "allowLiteral": false
      }
    ]
  }
}

Settings

placeholderRule

A regex used to ignore placeholders or other fragments of the query that'd make it invalid SQL query, e.g.

If you are using ? placeholders in your queries, you must ignore \? pattern as otherwise the string is not going to be recognized as a valid SQL query.

This configuration is relevant for sql/no-unsafe-query to match queries containing placeholders as well as for sql/format when used with {ignoreTagless: false} configuration.

Rules

format

The --fix option on the command line automatically fixes problems reported by this rule.

Matches queries in template literals. Warns when query formatting does not match the configured format (see Options).

This rule is used to format the queries using sql-formatter.

Options

The first option is an object with the following configuration.

configurationformatdefaultdescription
ignoreExpressionsbooleanfalseDoes not format template literals that contain expressions.
ignoreInlinebooleantrueDoes not format queries that are written on a single line.
ignoreStartWithNewLinebooleantrueDoes not remove \n at the beginning of queries.
ignoreTaglessbooleantrueDoes not format queries that are written without using sql tag.
retainBaseIndentbooleantrueUses the first line of the query as the base indent.
sqlTagstringsqlTemplate tag name for SQL.

The second option is an object with the sql-formatter configuration.

configurationdefaultdescription
useTabsfalseUse tabs for indentation.
tabSize2Number of spaces per indentation.
languagesqlLanguage of the query.
keywordCasepreserveDetermines the case of keywords (preserve, upper, lower).
dataTypeCasepreserveDetermines the case of data types (preserve, upper, lower).
denseOperatorsfalseDecides whitespace around operators.
identifierCasepreserveDetermines the case of identifiers (preserve, upper, lower).
functionCasepreserveDetermines the case of functions (preserve, upper, lower).

The following patterns are considered problems:

sql.fragment`
  SELECT
    m1.ID
  FROM
    message m1
  WHERE
    m1.ID = ${message.id}
`
// Options: [{},{"identifierCase":"lower"}]
// Message: undefined
// Fixed code: 
// sql.fragment`
//   SELECT
//     m1.id
//   FROM
//     message m1
//   WHERE
//     m1.id = ${message.id}
// `

sql.fragment`
  SELECT id::NUMERIC
`
// Options: [{},{"dataTypeCase":"lower","language":"postgresql"}]
// Message: undefined
// Fixed code: 
// sql.fragment`
//   SELECT
//     id::numeric
// `

sql.fragment`
  SELECT
    COUNT(*)
  FROM
    message
  WHERE
    id = ${message.id}
`
// Options: [{},{"keywordCase":"lower"}]
// Message: undefined
// Fixed code: 
// sql.fragment`
//   select
//     COUNT(*)
//   from
//     message
//   where
//     id = ${message.id}
// `

sql.fragment`
  select
    COUNT(*)
  from
    message
  where
    id = ${message.id}
`
// Options: [{},{"keywordCase":"upper"}]
// Message: undefined
// Fixed code: 
// sql.fragment`
//   SELECT
//     COUNT(*)
//   FROM
//     message
//   WHERE
//     id = ${message.id}
// `

sql.fragment`
  ${null}
UPDATE message
SET
  messages = ${sql.jsonb(messages as unknown as SerializableValue[])}
WHERE id = ${message.id}
`;
// Options: [{},{"tabWidth":4}]
// Message: undefined
// Fixed code: 
// sql.fragment`
//   ${null}
//   UPDATE message
//   SET
//       messages = ${sql.jsonb(messages as unknown as SerializableValue[])}
//   WHERE
//       id = ${message.id}
// `;

await pool.query(sql.typeAlias('void')`
  UPDATE message
  SET
    messages = ${sql.jsonb(messages as unknown as SerializableValue[])}
  WHERE id = ${message.id}
`);
// Options: [{},{"tabWidth":4}]
// Message: undefined
// Fixed code: 
// await pool.query(sql.typeAlias('void')`
//   UPDATE message
//   SET
//       messages = ${sql.jsonb(messages as unknown as SerializableValue[])}
//   WHERE
//       id = ${message.id}
// `);

sql`
  SELECT
    1
`
// Options: [{},{"tabWidth":4}]
// Message: undefined
// Fixed code: 
// sql`
//   SELECT
//       1
// `

sql.type({ id: z.number() })`
  SELECT
    1
`
// Options: [{},{"tabWidth":4}]
// Message: undefined
// Fixed code: 
// sql.type({ id: z.number() })`
//   SELECT
//       1
// `

sql.typeAlias('void')`
  SELECT
    1
`
// Options: [{},{"tabWidth":4}]
// Message: undefined
// Fixed code: 
// sql.typeAlias('void')`
//   SELECT
//       1
// `

`SELECT 1`
// Options: [{"ignoreInline":false,"ignoreTagless":false},{}]
// Message: undefined
// Fixed code: 
// `
//   SELECT
//     1
// `

`SELECT 2`
// Options: [{"ignoreInline":false,"ignoreTagless":false},{"tabWidth":2}]
// Message: undefined
// Fixed code: 
// `
//   SELECT
//     2
// `

sql.unsafe`SELECT 3`
// Options: [{"ignoreInline":false},{}]
// Message: undefined
// Fixed code: 
// sql.unsafe`
//   SELECT
//     3
// `

sql.type()`SELECT 3`
// Options: [{"ignoreInline":false},{}]
// Message: undefined
// Fixed code: 
// sql.type()`
//   SELECT
//     3
// `

`SELECT ${'foo'} FROM ${'bar'}`
// Options: [{"ignoreInline":false,"ignoreTagless":false},{}]
// Message: undefined
// Fixed code: 
// `
//   SELECT
//     ${'foo'}
//   FROM
//     ${'bar'}
// `

const code = sql`
  SELECT
      foo
  FROM
      bar
`
// Options: [{},{}]
// Message: undefined
// Fixed code: 
// const code = sql`
//   SELECT
//     foo
//   FROM
//     bar
// `

SQL`SELECT 1`
// Options: [{"ignoreInline":false,"sqlTag":"SQL"},{}]
// Message: undefined
// Fixed code: 
// SQL`
//   SELECT
//     1
// `

The following patterns are not considered problems:

`
# A
## B
### C
`

sql`SELECT 1`
// Options: [{"ignoreInline":true},{}]

`SELECT 2`
// Options: [{"ignoreTagless":true},{}]

const code = sql`
  SELECT
    ${'foo'}
  FROM
    ${'bar'}
`
// Options: [{"ignoreExpressions":true,"ignoreInline":false,"ignoreTagless":false},{}]

const code = sql`
  SELECT
    ${'foo'}
  FROM
    ${'bar'}
`
// Options: [{},{}]

const code = sql`
  DROP TABLE foo
`
// Options: [{},{}]

const code = sql`
  DROP TABLE foo;

  DROP TABLE foo;
`
// Options: [{},{}]

no-unsafe-query

Disallows use of SQL inside of template literals without the sql tag.

The sql tag can be anything, e.g.

Options

The first option is an object with the following configuration.

configurationformatdefaultdescription
allowLiteralbooleanfalseControls whether sql tag is required for template literals containing literal queries, i.e. template literals without expressions.
sqlTagstringsqlTemplate tag name for SQL.

The following patterns are considered problems:

`SELECT 1`
// Message: undefined

`SELECT ${'foo'}`
// Message: undefined

foo`SELECT ${'bar'}`
// Message: undefined

`SELECT ?`
// Message: undefined

foo`SELECT ${'bar'}`
// Options: [{"sqlTag":"SQL"}]
// Message: undefined

The following patterns are not considered problems:

sql.unsafe`SELECT 3`

`SELECT 1`
// Options: [{"allowLiteral":true}]

sql`SELECT 1`

sql`SELECT ${'foo'}`

SQL`SELECT ${'bar'}`
// Options: [{"sqlTag":"SQL"}]

Keywords

FAQs

Package last updated on 06 Jan 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc