🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
machinepack-postgresql
Advanced tools
machinepack-postgresql - npm Package Compare versions
Comparing version 1.0.0-7 to 1.0.0-8
@@ -25,14 +25,19 @@ var _ = require('lodash'); | ||
| nativeQuery: { | ||
| description: 'A SQL statement as a string (or to use parameterized queries, this should be provided as a dictionary).', | ||
| extendedDescription: 'If provided as a dictionary, this should contain `sql` (the SQL statement string; ' + | ||
| 'e.g. \'SELECT * FROM dogs WHERE name = $1\') as well as an array of `bindings` (e.g. [\'Rover\']).', | ||
| moreInfoUrl: 'https://github.com/brianc/node-postgres/wiki/Prepared-Statements#parameterized-queries', | ||
| description: 'A native query for the database.', | ||
| extendedDescription: 'If `valuesToEscape` is provided, this supports template syntax like `$1`, `$2`, etc. Use a backslash before `$` to include these sorts of strings literally (e.g. `\\$1`).', | ||
| whereToGet: { | ||
| description: 'This is oftentimes compiled from Waterline query syntax using "Compile statement", however it ' + | ||
| 'could also originate from userland code.' | ||
| description: 'Write a native query for this database, or if this driver supports it, use `compileStatement()` to build a native query from Waterline syntax.', | ||
| extendedDescription: 'This might be compiled from a Waterline statement (stage 4 query) using "Compile statement", however it could also originate directly from userland code.' | ||
| }, | ||
| example: '===', | ||
| example: 'SELECT * FROM pets WHERE species=$1 AND nickname=$2', | ||
| required: true | ||
| }, | ||
| valuesToEscape: { | ||
| description: 'An optional list of strings, numbers, or special literals (true, false, or null) to escape and include in the native query, in order.', | ||
| extendedDescription: 'Note that numbers, `true`, `false`, and `null` are all interpreted exactly the same way as if they were wrapped in quotes. This array must never contain any arrays or dictionaries. The first value in the list will be used to replace `$1`, the second value to replace `$2`, and so on.', | ||
| example: '===', | ||
| defaultsTo: [] | ||
| }, | ||
| meta: { | ||
@@ -102,19 +107,5 @@ friendlyName: 'Meta (custom)', | ||
| // Validate provided native query. | ||
| // (supports raw SQL string or dictionary consisting of `sql` and `bindings` properties) | ||
| var sql; | ||
| var bindings = []; | ||
| var sql = inputs.nativeQuery; | ||
| var bindings = inputs.valuesToEscape || []; | ||
| if (_.isString(inputs.nativeQuery)) { | ||
| sql = inputs.nativeQuery; | ||
| } else if (_.isObject(inputs.nativeQuery) && _.isString(inputs.nativeQuery.sql)) { | ||
| sql = inputs.nativeQuery.sql; | ||
| if (_.isArray(inputs.nativeQuery.bindings)) { | ||
| bindings = inputs.nativeQuery.bindings; | ||
| } | ||
| } else { | ||
| return exits.error(new Error('Provided `nativeQuery` is invalid. Please specify either a string of raw SQL or a ' + | ||
| 'dictionary like `{sql: \'SELECT * FROM dogs WHERE name = $1\', bindings: [\'Rover\']}`.')); | ||
| } | ||
| // Send native query. | ||
@@ -121,0 +112,0 @@ debug('Running SQL Query:'); |
| { | ||
| "name": "machinepack-postgresql", | ||
| "version": "1.0.0-7", | ||
| "version": "1.0.0-8", | ||
| "description": "Structured Node.js bindings for Postgresql.", | ||
@@ -5,0 +5,0 @@ "scripts": { |
New alerts
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
55850
-0.05%- Lines of code
1057
-0.75%No dependency changes