Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement โ†’
Sign In

sql-escaper

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sql-escaper - npm Package Compare versions

Comparing version
1.1.0
 to
1.1.1
+3
-1
lib/index.js

@@ -334,4 +334,6 @@ "use strict";

!isDate(currentValue) &&
isRecord(currentValue))
isRecord(currentValue)) {
escapedValue = (0, exports.objectToValues)(currentValue, timezone);
setIndex = -1;
}
else

@@ -338,0 +340,0 @@ escapedValue = (0, exports.escape)(currentValue, stringifyObjects, timezone);

+3
-2
lib/index.mjs

@@ -248,5 +248,6 @@ import { Buffer } from "node:buffer";

if (setIndex === -2) setIndex = findSetKeyword(sql);
if (setIndex !== -1 && setIndex < placeholderPosition && !hasSqlString(currentValue) && !Array.isArray(currentValue) && !Buffer.isBuffer(currentValue) && !isDate(currentValue) && isRecord(currentValue))
if (setIndex !== -1 && setIndex < placeholderPosition && !hasSqlString(currentValue) && !Array.isArray(currentValue) && !Buffer.isBuffer(currentValue) && !isDate(currentValue) && isRecord(currentValue)) {
escapedValue = objectToValues(currentValue, timezone);
else escapedValue = escape(currentValue, stringifyObjects, timezone);
setIndex = -1;
} else escapedValue = escape(currentValue, stringifyObjects, timezone);
} else escapedValue = escape(currentValue, stringifyObjects, timezone);

@@ -253,0 +254,0 @@ result += sql.slice(chunkIndex, placeholderPosition);

+1
-1
package.json
{
"name": "sql-escaper",
"version": "1.1.0",
"version": "1.1.1",
"description": "๐Ÿ›ก๏ธ Faster SQL escape and format for JavaScript (Node.js, Bun, and Deno).",

@@ -5,0 +5,0 @@ "main": "./lib/index.js",

+1
-1
README.md

@@ -33,3 +33,3 @@ <h1 align="center">SQL Escaper</h1>

>
> ๐Ÿ” **SQL Escaper** fixes a [**SQL Injection vulnerability**](https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4) discovered in 2022 in the original [**sqlstring**](https://github.com/mysqljs/sqlstring), where objects passed as values could be expanded into SQL fragments, potentially allowing attackers to manipulate query structure. See [sidorares/node-mysql2#4051](https://github.com/sidorares/node-mysql2/issues/4051) for details.
> ๐Ÿ” **SQL Escaper** fixes a potential [**SQL Injection vulnerability**](https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4) discovered in 2022 in the original [**sqlstring**](https://github.com/mysqljs/sqlstring), where objects passed as values could be expanded into SQL fragments, potentially allowing attackers to manipulate query structure. See [sidorares/node-mysql2#4051](https://github.com/sidorares/node-mysql2/issues/4051) for details.

@@ -36,0 +36,0 @@ ---