Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
sqlite-parser
Advanced tools
sqlite-parser
This JavaScript library parses SQLite queries to generate abstract syntax tree (AST) representations of the parsed statements.
Try out the interactive demo to see it in action.
This parser is written against the SQLite 3 spec.
Install
npm install sqlite-parser
Install as a global module (since v1.0.0)
Use the command-line interface of the parser by installing it as a global module.
The sqlite-parser command is then available to use to parse input SQL files and
write the results to stdout or a JSON file. Additional usage
instructions and options available through sqlite-parser --help.
npm i -g sqlite-parser
Basic Usage
The library exposes a function that accepts two arguments: a string containing SQL to parse and a callback function. If an AST cannot be generated from the input string then a descriptive error is generated.
If invoked without a callback function the parser will runs synchronously and return the resulting AST or throw an error if one occurs.
var sqliteParser = require('sqlite-parser');
var query = 'select pants from laundry;';
// sync
var ast = sqliteParser(query);
console.log(ast);
// async
sqliteParser(query, function (err, ast) {
if (err) {
console.error(err);
return;
}
console.log(ast);
});
Use parser on Node streams (experimental) (since v1.0.0)
This library also includes experimental support as a stream transform that can accept a readable stream of SQL statements and produce a JSON string, representing the AST of each statement, as it is read and transformed. Using this method, the parser can handle files containing hundreds or thousands of queries at once without running into memory limitations. The AST for each statement is pushed down the stream as soon as it is read and parsed instead of reading the entire file into memory before parsing begins.
var parserTransform = require('sqlite-parser').createParser();
var readStream = require('fs').createReadStream('./large-input-file.sql');
readStream.pipe(parserTransform);
parserTransform.pipe(process.stdout);
parserTransform.on('error', function (err) {
console.error(err);
process.exit(1);
});
parserTransform.on('finish', function () {
process.exit(0);
});
To pipe the output into a file that contains a single valid JSON structure, the output of the parser steam transform needs to be wrapped in statement list node where every statement is separated by a comma.
var fs = require('fs');
var sqliteParser = require('sqlite-parser');
var parserTransform = sqliteParser.createParser();
var singleNodeTransform = sqliteParser.createStitcher();
var readStream = fs.createReadStream('./large-input-file.sql');
var writeStream = fs.createWriteStream('./large-output-file.json');
readStream.pipe(parserTransform);
parserTransform.pipe(singleNodeTransform);
singleNodeTransform.pipe(writeStream);
parserTransform.on('error', function (err) {
console.error(err);
process.exit(1);
});
writeStream.on('finish', function () {
process.exit(0);
});
AST
The AST is stable as of release 1.0.0. However, if changes need to be made to
improve consistency between node types, they will be explicitly listed in the
CHANGELOG.
Example
You can provide one or more SQL statements at a time. The resulting AST object has, at the highest level, a statement list node that contains an array of statements.
Input SQL
SELECT
MAX(honey) AS "Max Honey"
FROM
BeeHive
Result AST
{
"type": "statement",
"variant": "list",
"statement": [
{
"type": "statement",
"variant": "select",
"result": [
{
"type": "function",
"name": {
"type": "identifier",
"variant": "function",
"name": "max"
},
"args": {
"type": "expression",
"variant": "list",
"expression": [
{
"type": "identifier",
"variant": "column",
"name": "honey"
}
]
},
"alias": "Max Honey"
}
],
"from": {
"type": "identifier",
"variant": "table",
"name": "beehive"
}
}
]
}
Syntax Errors
This parser will try to create descriptive error messages when it cannot parse
some input SQL. In addition to an approximate location for the syntax error,
the parser will attempt to describe the area of concern
(e.g.: Syntax error found near Column Identifier (WHERE Clause)).
Contributing
Contributions are welcome! You can get started by checking out the contributing guidelines.
[v1.0.1] - 2017-06-15
Fixed
- The
AND/ORoperator composition order now matches the official SQLite 3 implementation so thatANDhas a higher precedence thanOR
FAQs
JavaScript implentation of SQLite 3 query parser
The npm package sqlite-parser receives a total of 1,902 weekly downloads. As such, sqlite-parser popularity was classified as popular.
We found that sqlite-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 15 Jun 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025