eslint-plugin-sql-template
Advanced tools
ESLint plugin with rules for using the `sql` template tag on raw SQL queries
ESLint plugin with rules for using the sql template tag from a library such as sql-tag on raw SQL queries.
That library escapes data provided to an SQL query statement via interpolation. This prevents, for instance, potential SQL injection attacks.
This ESLint plugin helps teams enforce the usage of that tag, to avoid overlooked vulnerabilities from creeping into their codebases.
npm install eslint eslint-plugin-sql-template --save-dev
Add sql-template to both the plugins and rules sections of your ESLint configuration file. Example:
// eslint.config.js
import sqlTemplate from 'eslint-plugin-sql-template';
module.exports = [
{
plugins: {
'sql-template': sqlTemplate
},
rules: {
'sql-template/no-unsafe-query': 'error'
}
}
];
This plugin includes the following list of rules.
no-unsafe-queryDisallows the usage of raw SQL templates with interpolation when not protected with the sql tag. Use this rule when you want to enforce protection against SQL injection attacks on all queries.
Examples of incorrect code for this rule:
/*eslint sql-template/no-unsafe-query: "error"*/
const value = 42;
const query = `SELECT * FROM users WHERE id = ${value}`;
db.query(query);
const columns = 'id, name';
Users.query(`SELECT ${columns} FROM users`);
Examples of correct code for this rule:
/*eslint sql-template/no-unsafe-query: "error"*/
const value = 42;
const query = sql`SELECT * FROM users WHERE id = ${value}`;
db.query(query);
Users.query(`SELECT id, name FROM users`);
const punctuation = '!';
foo.bar(`Not SQL${punctuation}`);
Install dependencies:
npm i
Run tests:
npm run test
The release process is automated via the release GitHub workflow. Run it by clicking the "Run workflow" button.
FAQs
ESLint plugin with rules for using the `sql` template tag on raw SQL queries
The npm package eslint-plugin-sql-template receives a total of 11,474 weekly downloads. As such, eslint-plugin-sql-template popularity was classified as popular.
We found that eslint-plugin-sql-template demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
Security News
TypeScript Native Previews offers a 10x faster Go-based compiler, now available on npm for public testing with early editor and language support.
Research
Security News
Malicious npm packages targeting React, Vue, Vite, Node.js, and Quill remained undetected for two years while deploying destructive payloads.