sqlstring is a JavaScript (Node.js) utility for generating MySQL-ready SQL by escaping values and SQL identifiers, and formatting queries with placeholders. It helps avoid SQL injection by producing an escaped SQL string on the client side, including support for `?` placeholders for values and `??` for identifiers (with notes about SQL mode and differences from prepared statements).
Project status
- Actively maintained: Evidence suggests it is not actively maintained in the present term, with the most recent upstream push on 2022-04-03 and the latest listed update v2.3.3 dated 2022-03-06.
- Update cadence: Updates appear infrequent, with gaps of roughly 2+ years between v2.3.2 (2020) and v2.3.3 (2022), and ~2 more years back to v2.3.1 (2018).
AI summary generated Today
Recent updates
v2.3.3
3/6/2022v2.3.3 primarily changes how `SqlString.escape` detects `Date` objects, fixing escaping for `Date` instances coming from different JS realms (foreign isolates). The rest of the changes are tooling and CI updates, including updated lint/test tooling versions and migration from Travis CI to GitHub Actions.
v2.3.2
4/16/2020Release v2.3.2 has no publisher release notes. The code diff is small and appears focused on a minor runtime logic tweak in SqlString.format, plus development tooling and CI configuration updates.
v2.3.1
2/24/2018Release v2.3.1 was published on 2018-02-24, but the publisher did not provide any release notes. Without documented changes, it is not possible to reliably identify new features, fixes, or breaking changes from the release documentation alone.
v2.3.0
10/2/2017v2.3.0 introduces new escape customization capabilities in SqlString, notably support for values that implement a toSqlString() method and a SqlString.raw() helper to mark trusted SQL fragments. Release notes were not provided by the publisher, so the behavioral and tooling changes reflected in the code are not documented in the official release notes.
BreakingFeaturesv2.2.0
11/2/2016Version v2.2.0 updates sqlstring's core escaping behavior around Date handling. The most notable code change is how invalid Date objects are escaped, plus a subtle change to what the public SqlString.dateToString function returns.
Breakingv2.1.0
9/27/2016Release notes were not provided for v2.1.0. The code diff shows a small set of escaping-related behavior changes in lib/SqlString.js, including safer handling of non-string inputs to escapeId and hardened buffer-to-string escaping.
v2.0.1
6/6/2016Release v2.0.1 updates the npm package metadata and publishing configuration. The only functional change indicated by the diff is ensuring the published package includes the missing `lib/` directory.
v2.0.0
6/6/2016Release v2.0.0 does not include any publisher release notes. The code changes show a major internal refactor of the sqlstring implementation (new lib/SqlString.js, old lib/sqlstring.js removed), along with substantial test and repo tooling updates.
v1.0.0
11/9/2014This release primarily updates project metadata, build/CI configuration, and documentation badges. There are no application logic or public API code changes shown in the provided diff, but the build process and Node.js support settings were modified.
Featuresv0.0.1
2/25/2014This release is version v0.0.1 and was published on 2014-02-25. No release notes were provided, so no specific changes, compatibility impacts, or fixes can be determined from the release description alone.