Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
sql-escaper
Advanced tools
sql-escaper - npm Package Compare versions
+1
-1
@@ -358,3 +358,3 @@ "use strict"; | ||
| else | ||
| escapedValue = (0, exports.escape)(currentValue, stringifyObjects, timezone); | ||
| escapedValue = (0, exports.escape)(currentValue, true, timezone); | ||
| } | ||
@@ -361,0 +361,0 @@ else |
+1
-1
@@ -264,3 +264,3 @@ import { Buffer } from "node:buffer"; | ||
| setIndex = -1; | ||
| } else escapedValue = escape(currentValue, stringifyObjects, timezone); | ||
| } else escapedValue = escape(currentValue, true, timezone); | ||
| } else escapedValue = escape(currentValue, stringifyObjects, timezone); | ||
@@ -267,0 +267,0 @@ result += sql.slice(chunkIndex, placeholderPosition); |
+1
-1
| { | ||
| "name": "sql-escaper", | ||
| "version": "1.3.0", | ||
| "version": "1.3.1", | ||
| "description": "🛡️ Faster SQL escape and format for JavaScript (Node.js, Bun, and Deno).", | ||
@@ -5,0 +5,0 @@ "main": "./lib/index.js", |
+29
-3
@@ -33,3 +33,3 @@ # SQL Escaper | ||
| > | ||
| > Regardless of the `stringifyObjects` value, objects used outside of `SET` or `ON DUPLICATE KEY UPDATE` contexts are always stringified as `'[object Object]'`. This is a security measure to prevent [SQL Injection](https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4). | ||
| > Regardless of the `stringifyObjects` value, objects used outside of `SET` or `ON DUPLICATE KEY UPDATE` contexts are always stringified as `'[object Object]'`. This is a security measure to prevent [SQL Injection](https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4) and is not interpreted as a breaking change for **sqlstring** usage. | ||
@@ -57,4 +57,32 @@ --- | ||
| ### [MySQL2](https://github.com/sidorares/node-mysql2) | ||
| For **MySQL2**, it already uses **SQL Escaper** as its default escaping library since version `3.17.0`, so you just need to update it to the latest version: | ||
| ```bash | ||
| npm i mysql2@latest | ||
| ``` | ||
| ### [mysqljs/mysql](https://github.com/mysqljs/mysql) | ||
| You can use an overrides in your _package.json_: | ||
| ```json | ||
| "dependencies": { | ||
| "mysql": "^2.18.1" | ||
| }, | ||
| "overrides": { | ||
| "sqlstring": "npm:sql-escaper" | ||
| } | ||
| ``` | ||
| - Next, clean the `node_modules` and reinstall the dependencies (`npm i`). | ||
| - Please, note the minimum supported version of **Node.js** is `12`. | ||
| --- | ||
| ## Usage | ||
| For _up-to-date_ documentation, always follow the [**README.md**](https://github.com/mysqljs/sql-escaper?tab=readme-ov-file#readme) in the **GitHub** repository. | ||
| ### Quickstart | ||
@@ -81,4 +109,2 @@ | ||
| > For _up-to-date_ documentation, always follow the [**README.md**](https://github.com/mysqljs/sql-escaper?tab=readme-ov-file#readme) in the **GitHub** repository. | ||
| ### Import | ||
@@ -85,0 +111,0 @@ |
No alert changes
Improved metrics
- Total package byte prevSize
43478
1.52%- Number of lines in readme file
425
6.52%No dependency changes