Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
sql-highlight-semantic-release
Advanced tools
Readme
A simple and lightweight library for highlighting SQL queries written in pure JavaScript
sql-highlight is a small package that highlights SQL queries. It can output to both the terminal with Unicode escape sequences, as well as to normal HTML. Oh, and there are no external dependencies 😉
sql-highlight is tested to work with Node.js 14, 16 and 18.
Install with Yarn:
yarn add sql-highlight
Install with NPM:
npm install sql-highlight
In its most basic form:
const { highlight } = require('sql-highlight')
const sqlString = "SELECT `id`, `username` FROM `users` WHERE `email` = 'test@example.com'"
const highlighted = highlight(sqlString)
console.log(highlighted)
Output:
HTML mode:
const { highlight } = require('sql-highlight')
const sqlString = "SELECT `id`, `username` FROM `users` WHERE `email` = 'test@example.com'"
const highlighted = highlight(sqlString, {
html: true
})
document.body.innerHTML += highlighted
Output:
<span class="sql-hl-keyword">SELECT</span>
<span class="sql-hl-string">`id`</span>
<span class="sql-hl-special">,</span>
<span class="sql-hl-string">`username`</span>
<span class="sql-hl-keyword">FROM</span>
<span class="sql-hl-string">`users`</span>
<span class="sql-hl-keyword">WHERE</span>
<span class="sql-hl-string">`email`</span>
<span class="sql-hl-special">=</span>
<span class="sql-hl-string">'test@example.com'</span>
The following options may be passed to the highlight
function.
Option | Value | Default | Description |
---|---|---|---|
html | boolean | false | Set to true to render HTML instead of Unicode. |
htmlEscaper | (str: string) => string | Basic escaper | Function to escape HTML entities. Uses a basic escaper by default. If HTML mode is used in a browser environment this could be useful to escape strings using the DOM. |
classPrefix | string | 'sql-hl-' | Prefix to prepend to classes for HTML span-tags. Is appended with entity name. |
colors | Object | See below* | What color codes to use for Unicode rendering. A list of basic color codes can be found here. |
* colors
option default value
{
keyword: '\x1b[35m', // SQL reserved keywords
function: '\x1b[31m', // Functions
number: '\x1b[32m', // Numbers
string: '\x1b[32m', // Strings
special: '\x1b[33m', // Special characters
bracket: '\x1b[33m', // Brackets (parentheses)
comment: '\x1b[2m\x1b[90m', // Comments
clear: '\x1b[0m' // Clear (inserted after each match)
}
In case you want to do the highlighting yourself you can use getSegments
to only let sql-highlight parse the SQL string for you. You can then use the segments to highlight it yourself.
const { getSegments } = require('sql-highlight')
const sqlString = "SELECT `id`, `username` FROM `users` WHERE `email` = 'test@example.com'"
const segments = getSegments(sqlString)
console.log(segments)
Output:
[
{ name: 'keyword', content: 'SELECT' },
{ name: 'default', content: ' ' },
{ name: 'string', content: '`id`' },
{ name: 'special', content: ',' },
{ name: 'default', content: ' ' },
{ name: 'string', content: '`username`' },
{ name: 'default', content: ' ' },
{ name: 'keyword', content: 'FROM' },
{ name: 'default', content: ' ' },
{ name: 'string', content: '`users`' },
{ name: 'default', content: ' ' },
{ name: 'keyword', content: 'WHERE' },
{ name: 'default', content: ' ' },
{ name: 'string', content: '`email`' },
{ name: 'default', content: ' ' },
{ name: 'special', content: '=' },
{ name: 'default', content: ' ' },
{ name: 'string', content: "'test@example.com'" }
]
See the contribution guidelines.
We use Jest for running our tests. The test suite can be run by running npm run test
. This will run both Jest and ESLint.
We use ESLint for making sure that our code remains pretty and consistent throughout the project. If your editor doesn't automatically pick up our config you can lint the code using npm run lint
.
Dependabot Auto Merge is installed in this repository to automatically merge dependabot PRs for minor version updates. Only PRs that pass the tests get merged. No new releases will be created for dependency updates as there are no production dependencies and a release would therefore be completely unnecessary.
Malcolm Nihlén - malcolm.nihlen@gmail.com
Distributed under the MIT licence. See LICENCE
for more information.
https://github.com/scriptcoded
This was initially a fork from https://github.com/pomahtuk/sequilize-highlight. The repo wasn't being updated, NPM wasn't serving the latest version and there was a severe memory leak. Though the latest version now exists on NPM, issues still persist. This repo serves to address those problems, as well as providing a cleaner interface that's not bound to Sequelize.
With version 3.0.0 the library was almost completely rewritten, which leaves very little similarity with the original repo.
FAQs
Ignore! Just testing semantic-release!
We found that sql-highlight-semantic-release demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.