pg-escape - npm Package Compare versions

Comparing version 0.0.2 to 0.0.3

History.md

 
+0.0.3 / 2014-06-18
+==================
+
+ * fix idents as reserved words
+
 0.0.2 / 2014-03-18
@@ -3,0 +8,0 @@ ==================

index.js

@@ -7,4 +7,15 @@
 var assert = require('assert');
+var fs = require('fs');
 
 /**
+ * Reserved word map.
+ */
+
+var txt = fs.readFileSync(__dirname + '/reserved.txt', 'utf8');
+var reserved = txt.split('\n').reduce(function(map, word){
+  map[word.toLowerCase()] = true;
+  return map;
+}, {});
+
+/**
  * Expose `format()`.
@@ -90,2 +101,3 @@ */
 function validIdent(id) {
+  if (reserved[id]) return false;
   return /^[a-z_][a-z0-9_$]*$/i.test(id);
@@ -92,0 +104,0 @@ }

package.json

 {
   "name": "pg-escape",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "repository": "segmentio/pg-escape",
   "description": "escape postgres queries which do not support stored procedures",
-  "keywords": ["pg", "postgres", "escape", "query"],
+  "keywords": [
+    "pg",
+    "postgres",
+    "escape",
+    "query"
+  ],
   "dependencies": {},
@@ -8,0 +13,0 @@ "devDependencies": {

test/index.js

@@ -61,2 +61,8 @@
 
+  it('should quote reserved words', function(){
+    escape.ident('desc').should.equal('"desc"');
+    escape.ident('join').should.equal('"join"');
+    escape.ident('cross').should.equal('"cross"');
+  })
+
   it('should throw when null', function(done){
@@ -63,0 +69,0 @@ try {

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

7233

increased by28.93%

Number of package files

8

increased by14.29%

Lines of code

174

increased by9.43%

Worsened metrics

Number of low supply chain risk alerts

2

increased by100%

No dependency changes