Socket
Socket
Sign inDemoInstall

pg-sql2

Package Overview
Dependencies
1
Maintainers
1
Versions
59
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.0.0-beta.3 to 1.0.0-beta.4

220

lib/index.js

@@ -7,9 +7,5 @@ "use strict";

var isSymbol = function isSymbol(sym) {
return typeof sym === "symbol";
};
var isNil = function isNil(o) {
return o === null || o === undefined;
};
var debug = require("debug")("pg-sql2");
const isSymbol = sym => typeof sym === "symbol";
const isNil = o => o === null || o === undefined;
const debug = require("debug")("pg-sql2");

@@ -21,3 +17,3 @@ function debugError(err) {

var $$trusted = Symbol("trusted");
const $$trusted = Symbol("trusted");
/*::

@@ -69,5 +65,3 @@ type SQLRawNode = {

function ensureNonEmptyArray(array) {
var allowZeroLength = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : false;
function ensureNonEmptyArray(array, allowZeroLength = false) {
if (!Array.isArray(array)) {

@@ -79,3 +73,3 @@ throw debugError(new Error("Expected array"));

}
array.forEach(function (entry, idx) {
array.forEach((entry, idx) => {
if (entry == null) {

@@ -90,3 +84,3 @@ throw debugError(new Error(`Array index ${idx} is ${String(entry)}`));

// Join this to generate the SQL query
var sqlFragments = [];
const sqlFragments = [];

@@ -96,3 +90,3 @@ // Values hold the JavaScript values that are represented in the query

// compile time.
var values = [];
const values = [];

@@ -102,70 +96,49 @@ // When we come accross a symbol in our identifier, we create a unique

// sanity when constructing large Sql queries with many aliases.
var nextSymbolId = 0;
var symbolToIdentifier = new Map();
let nextSymbolId = 0;
const symbolToIdentifier = new Map();
var items = Array.isArray(sql) ? sql : [sql];
const items = Array.isArray(sql) ? sql : [sql];
var _iteratorNormalCompletion = true;
var _didIteratorError = false;
var _iteratorError = undefined;
for (const rawItem of items) {
const item /*: SQLNode */ = enforceValidNode(rawItem);
switch (item.type) {
case "RAW":
sqlFragments.push(item.text);
break;
case "IDENTIFIER":
if (item.names.length === 0) throw new Error("Identifier must have a name");
try {
for (var _iterator = items[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true) {
var rawItem = _step.value;
sqlFragments.push(item.names.map(rawName => {
if (typeof rawName === "string") {
const name /*: string */ = rawName;
return escapeSqlIdentifier(name);
}
if (!isSymbol(rawName)) {
throw debugError(new Error(`Expected string or symbol, received '${String(rawName)}'`));
}
const name /*: Symbol */ = /*:: (*/rawName /*: any) */;
var item /*: SQLNode */ = enforceValidNode(rawItem);
switch (item.type) {
case "RAW":
sqlFragments.push(item.text);
break;
case "IDENTIFIER":
if (item.names.length === 0) throw new Error("Identifier must have a name");
// Get the correct identifier string for this symbol.
let identifier = symbolToIdentifier.get(name);
sqlFragments.push(item.names.map(function (rawName) {
if (typeof rawName === "string") {
var _name /*: string */ = rawName;
return escapeSqlIdentifier(_name);
}
if (!isSymbol(rawName)) {
throw debugError(new Error(`Expected string or symbol, received '${String(rawName)}'`));
}
var name /*: Symbol */ = /*:: (*/rawName /*: any) */;
// If there is no identifier, create one and set it.
if (!identifier) {
identifier = `__local_${nextSymbolId++}__`;
symbolToIdentifier.set(name, identifier);
}
// Get the correct identifier string for this symbol.
var identifier = symbolToIdentifier.get(name);
// If there is no identifier, create one and set it.
if (!identifier) {
identifier = `__local_${nextSymbolId++}__`;
symbolToIdentifier.set(name, identifier);
}
// Return the identifier. Since we create it, we won’t have to
// escape it because we know all of the characters are safe.
return identifier;
}).join("."));
break;
case "VALUE":
values.push(item.value);
sqlFragments.push(`$${values.length}`);
break;
default:
}
// Return the identifier. Since we create it, we won’t have to
// escape it because we know all of the characters are safe.
return identifier;
}).join("."));
break;
case "VALUE":
values.push(item.value);
sqlFragments.push(`$${values.length}`);
break;
default:
}
} catch (err) {
_didIteratorError = true;
_iteratorError = err;
} finally {
try {
if (!_iteratorNormalCompletion && _iterator.return) {
_iterator.return();
}
} finally {
if (_didIteratorError) {
throw _iteratorError;
}
}
}
var text = sqlFragments.join("");
const text = sqlFragments.join("");
return {

@@ -179,10 +152,8 @@ text,

if (node != null && typeof node === "object") {
var isRaw = node.type === "RAW" && typeof node.text === "string";
var isIdentifier = node.type === "IDENTIFIER" && Array.isArray(node.names) && node.names.every(function (name) {
return typeof name === "string" || typeof name === "symbol";
});
var isValue = node.type === "VALUE";
const isRaw = node.type === "RAW" && typeof node.text === "string";
const isIdentifier = node.type === "IDENTIFIER" && Array.isArray(node.names) && node.names.every(name => typeof name === "string" || typeof name === "symbol");
const isValue = node.type === "VALUE";
// $FlowFixMe: flow doesn't like symbols here?
var isTrusted = node[$$trusted] === true;
const isTrusted = node[$$trusted] === true;
if ((isRaw || isIdentifier || isValue) && isTrusted) {

@@ -205,12 +176,9 @@ // $FlowFixMe: this has been validated

function query(strings /*: mixed */
) /*: Array<mixed> */
/*: SQLQuery */{
for (var _len = arguments.length, values = Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
values[_key - 1] = arguments[_key];
}
, ...values /*: Array<mixed> */
) /*: SQLQuery */{
if (!Array.isArray(strings)) {
throw new Error("sql.query should be used as a template literal, not a function call!");
}
return strings.reduce(function (items, text, i) {
const items = [];
strings.forEach((text, i) => {
if (typeof text !== "string") {

@@ -220,14 +188,15 @@ throw new Error("sql.query should be used as a template literal, not a function call.");

if (!values[i]) {
return items.concat(makeRawNode(text));
items.push(makeRawNode(text));
} else {
var _value = values[i];
if (Array.isArray(_value)) {
var nodes /*: SQLQuery */ = _value.map(enforceValidNode);
return items.concat(makeRawNode(text), nodes);
const value = values[i];
if (Array.isArray(value)) {
const nodes /*: SQLQuery */ = value.map(enforceValidNode);
items.push(makeRawNode(text), ...nodes);
} else {
var node /*: SQLNode */ = enforceValidNode(_value);
return items.concat(makeRawNode(text), node);
const node /*: SQLNode */ = enforceValidNode(value);
items.push(makeRawNode(text), node);
}
}
}, []);
});
return items;
}

@@ -240,5 +209,3 @@

*/
var raw = function raw(text /*: mixed */) {
return makeRawNode(String(text));
};
const raw = (text /*: mixed */) => makeRawNode(String(text));

@@ -250,11 +217,4 @@ /**

*/
var identifier = function identifier() {
for (var _len2 = arguments.length, names = Array(_len2), _key2 = 0; _key2 < _len2; _key2++) {
names[_key2] = arguments[_key2];
}
const identifier = (...names /*: Array<mixed> */) => makeIdentifierNode(ensureNonEmptyArray(names));
return (/*: Array<mixed> */makeIdentifierNode(ensureNonEmptyArray(names))
);
};
/**

@@ -264,5 +224,3 @@ * Creates a Sql item for a value that will be included in our final query.

*/
var value = function value(val /*: mixed */) {
return makeValueNode(val);
};
const value = (val /*: mixed */) => makeValueNode(val);

@@ -273,3 +231,3 @@ /**

*/
var literal = function literal(val /*: mixed */) {
const literal = (val /*: mixed */) => {
if (typeof val === "string" && val.match(/^[a-zA-Z0-9_-]*$/)) {

@@ -300,26 +258,26 @@ return raw(`'${val}'`);

*/
var join = function join(rawItems /*: mixed */) {
var rawSeparator /*: mixed */ = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "";
const join = (rawItems /*: mixed */, rawSeparator /*: mixed */ = "") => {
if (!Array.isArray(rawItems)) {
throw new Error("Items to join must be an array");
}
var items = rawItems;
const items = rawItems;
if (typeof rawSeparator !== "string") {
throw new Error("Invalid separator - must be a string");
}
var separator = rawSeparator;
return ensureNonEmptyArray(items, true).reduce(function (currentItems, rawItem, i) {
var item = void 0 /*: SQLNode | SQLQuery */;
const separator = rawSeparator;
const currentItems = [];
ensureNonEmptyArray(items, true).forEach((rawItem, i) => {
let items /*: SQLNode | SQLQuery */;
if (Array.isArray(rawItem)) {
item = rawItem.map(enforceValidNode);
items = rawItem.map(enforceValidNode);
} else {
item = enforceValidNode(rawItem);
items = [enforceValidNode(rawItem)];
}
if (i === 0 || !separator) {
return currentItems.concat(item);
currentItems.push(...items);
} else {
return currentItems.concat(makeRawNode(separator), item);
currentItems.push(makeRawNode(separator), ...items);
}
}, []);
});
return currentItems;
};

@@ -349,9 +307,5 @@

exports.query = function sqlQuery(strings /*: string[] */
) /*: Array<SQL> */
/*: SQLQuery */{
for (var _len3 = arguments.length, values = Array(_len3 > 1 ? _len3 - 1 : 0), _key3 = 1; _key3 < _len3; _key3++) {
values[_key3 - 1] = arguments[_key3];
}
return query.apply(undefined, [strings].concat(values));
, ...values /*: Array<SQL> */
) /*: SQLQuery */{
return query(strings, ...values);
};

@@ -365,5 +319,5 @@

exports.identifier = function sqlIdentifier() /*: Array<string | Symbol> */
/*: SQLNode */{
return identifier.apply(undefined, arguments);
exports.identifier = function sqlIdentifier(...names /*: Array<string | Symbol> */
) /*: SQLNode */{
return identifier(...names);
};

@@ -380,5 +334,3 @@

exports.join = function sqlJoin(items /*: Array<SQL> */
) /*: SQLQuery */{
var separator /*: string */ = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "";
, separator /*: string */ = "") /*: SQLQuery */{
return join(items, separator);

@@ -385,0 +337,0 @@ };

11

package.json
{
"name": "pg-sql2",
"version": "1.0.0-beta.3",
"version": "1.0.0-beta.4",
"description": "Generate safe Postgres-compliant SQL with tagged template literals",
"main": "index.js",
"main": "lib/index.js",
"scripts": {

@@ -10,3 +10,3 @@ "flow": "flow",

"lint": "eslint .",
"test": "node index.js && eslint . && flow check && jest && markdown-doctest",
"test": "node src/index.js && eslint . && flow check && jest && markdown-doctest",
"test:docs": "markdown-doctest",

@@ -60,3 +60,6 @@ "prepublish": "babel --out-dir lib src"

"index.js"
]
],
"engines": {
"node": ">=8.6"
}
}

28

src/index.js

@@ -194,3 +194,4 @@ "use strict";

}
return strings.reduce((items, text, i) => {
const items = [];
strings.forEach((text, i) => {
if (typeof text !== "string") {

@@ -202,3 +203,3 @@ throw new Error(

if (!values[i]) {
return items.concat(makeRawNode(text));
items.push(makeRawNode(text));
} else {

@@ -208,9 +209,10 @@ const value = values[i];

const nodes /*: SQLQuery */ = value.map(enforceValidNode);
return items.concat(makeRawNode(text), nodes);
items.push(makeRawNode(text), ...nodes);
} else {
const node /*: SQLNode */ = enforceValidNode(value);
return items.concat(makeRawNode(text), node);
items.push(makeRawNode(text), node);
}
}
}, []);
});
return items;
}

@@ -278,15 +280,17 @@

const separator = rawSeparator;
return ensureNonEmptyArray(items, true).reduce((currentItems, rawItem, i) => {
let item /*: SQLNode | SQLQuery */;
const currentItems = [];
ensureNonEmptyArray(items, true).forEach((rawItem, i) => {
let items /*: SQLNode | SQLQuery */;
if (Array.isArray(rawItem)) {
item = rawItem.map(enforceValidNode);
items = rawItem.map(enforceValidNode);
} else {
item = enforceValidNode(rawItem);
items = [enforceValidNode(rawItem)];
}
if (i === 0 || !separator) {
return currentItems.concat(item);
currentItems.push(...items);
} else {
return currentItems.concat(makeRawNode(separator), item);
currentItems.push(makeRawNode(separator), ...items);
}
}, []);
});
return currentItems;
};

@@ -293,0 +297,0 @@ 

index.js
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc