Comparing version 2.0.0 to 2.1.0
@@ -228,3 +228,3 @@ "use strict"; | ||
function literal(val /*: mixed */) /*: SQLNode */{ | ||
if (typeof val === "string" && val.match(/^[a-zA-Z0-9_-]*$/)) { | ||
if (typeof val === "string" && val.match(/^[-a-zA-Z0-9_@! ]*$/)) { | ||
return raw(`'${val}'`); | ||
@@ -231,0 +231,0 @@ } else if (typeof val === "number" && Number.isFinite(val)) { |
{ | ||
"name": "pg-sql2", | ||
"version": "2.0.0", | ||
"version": "2.1.0", | ||
"description": "Generate safe Postgres-compliant SQL with tagged template literals", | ||
@@ -13,3 +13,3 @@ "main": "lib/index.js", | ||
"test:docs": "markdown-doctest", | ||
"prepublish": "babel --out-dir lib src" | ||
"prepack": "babel --out-dir lib src" | ||
}, | ||
@@ -16,0 +16,0 @@ "repository": { |
@@ -6,2 +6,5 @@ # pg-sql2 | ||
A key aim of this library is to be very fast, if you think you can improve | ||
performance further please open a PR! | ||
```js | ||
@@ -86,4 +89,6 @@ const sql = require("pg-sql2"); | ||
As `sql.value`, but in the case of very simple values may write them directly | ||
to the SQL statement. Should only be used with trusted data, e.g. for the key | ||
arguments to `json_build_object(key, val, key, val, ...)` | ||
to the SQL statement rather than using a placeholder. Should only be used with | ||
data that is not sensitive and is trusted (not user-provided data), e.g. for | ||
the key arguments to `json_build_object(key, val, key, val, ...)` which you | ||
have produced. | ||
@@ -90,0 +95,0 @@ ### `sql.join(arrayOfFragments, delimeter)` |
@@ -250,3 +250,3 @@ "use strict"; | ||
function literal(val /*: mixed */) /*: SQLNode */ { | ||
if (typeof val === "string" && val.match(/^[a-zA-Z0-9_-]*$/)) { | ||
if (typeof val === "string" && val.match(/^[-a-zA-Z0-9_@! ]*$/)) { | ||
return raw(`'${val}'`); | ||
@@ -253,0 +253,0 @@ } else if (typeof val === "number" && Number.isFinite(val)) { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
26800
166