Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

sql-escaper

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sql-escaper - npm Package Compare versions

Comparing version
1.1.2
 to
1.2.0
+6
-1
lib/index.js

@@ -232,3 +232,4 @@ "use strict";

const identifier = String(value);
if (forbidQualified) {
const hasJsonOperator = identifier.indexOf('->') !== -1;
if (forbidQualified || hasJsonOperator) {
if (identifier.indexOf('`') === -1)

@@ -287,2 +288,3 @@ return `\`${identifier}\``;

case 'number':
case 'bigint':
return value + '';

@@ -296,2 +298,4 @@ case 'object': {

return (0, exports.bufferToString)(value);
if (value instanceof Uint8Array)
return (0, exports.bufferToString)(node_buffer_1.Buffer.from(value));
if (hasSqlString(value))

@@ -350,2 +354,3 @@ return String(value.toSqlString());

!node_buffer_1.Buffer.isBuffer(currentValue) &&
!(currentValue instanceof Uint8Array) &&
!isDate(currentValue) &&

@@ -352,0 +357,0 @@ isRecord(currentValue)) {

+6
-2
lib/index.mjs

@@ -176,3 +176,4 @@ import { Buffer } from "node:buffer";

const identifier = String(value);
if (forbidQualified) {
const hasJsonOperator = identifier.indexOf("->") !== -1;
if (forbidQualified || hasJsonOperator) {
if (identifier.indexOf("`") === -1) return `\`${identifier}\``;

@@ -218,2 +219,3 @@ return `\`${identifier.replace(regex.backtick, "``")}\``;

case "number":
case "bigint":
return value + "";

@@ -224,2 +226,4 @@ case "object": {

if (Buffer.isBuffer(value)) return bufferToString(value);
if (value instanceof Uint8Array)
return bufferToString(Buffer.from(value));
if (hasSqlString(value)) return String(value.toSqlString());

@@ -260,3 +264,3 @@ if (!(stringifyObjects === void 0 || stringifyObjects === null))

if (setIndex === -2) setIndex = findSetKeyword(sql);
if (setIndex !== -1 && setIndex <= placeholderPosition && hasOnlyWhitespaceBetween(sql, setIndex, placeholderPosition) && !hasSqlString(currentValue) && !Array.isArray(currentValue) && !Buffer.isBuffer(currentValue) && !isDate(currentValue) && isRecord(currentValue)) {
if (setIndex !== -1 && setIndex <= placeholderPosition && hasOnlyWhitespaceBetween(sql, setIndex, placeholderPosition) && !hasSqlString(currentValue) && !Array.isArray(currentValue) && !Buffer.isBuffer(currentValue) && !(currentValue instanceof Uint8Array) && !isDate(currentValue) && isRecord(currentValue)) {
escapedValue = objectToValues(currentValue, timezone);

@@ -263,0 +267,0 @@ setIndex = -1;

+1
-1
lib/types.d.ts
export type Raw = {
toSqlString(): string;
};
export type SqlValue = string | number | boolean | Date | Buffer | Raw | Record<string, unknown> | SqlValue[] | null | undefined;
export type SqlValue = string | number | bigint | boolean | Date | Buffer | Uint8Array | Raw | Record<string, unknown> | SqlValue[] | null | undefined;
export type Timezone = 'local' | 'Z' | (string & NonNullable<unknown>);
+1
-1
package.json
{
"name": "sql-escaper",
"version": "1.1.2",
"version": "1.2.0",
"description": "🛡️ Faster SQL escape and format for JavaScript (Node.js, Bun, and Deno).",

@@ -5,0 +5,0 @@ "main": "./lib/index.js",