{"id":19819,"library":"eslint-plugin-knex","title":"eslint-plugin-knex","description":"ESLint plugin that enforces safe SQL query practices when using Knex.js, particularly preventing SQL injection by disallowing plain string arguments in raw queries. The current stable version is 0.2.2, released with no recent active development (last update years ago). It offers a single rule, `avoid-injections`, and allows configuration of expected Knex builder variable names. Unlike generic SQL injection linting, this plugin is tailored specifically to Knex's `knex.raw()` method, filling a niche for projects heavily relying on raw queries.","status":"maintenance","version":"0.2.2","language":"javascript","source_language":"en","source_url":null,"tags":["javascript","eslint","eslintplugin","knex"],"install":[{"cmd":"npm install eslint-plugin-knex","lang":"bash","label":"npm"},{"cmd":"yarn add eslint-plugin-knex","lang":"bash","label":"yarn"},{"cmd":"pnpm add eslint-plugin-knex","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"peer dependency: requires ESLint to function as a plugin.","package":"eslint","optional":false}],"imports":[{"note":"ESLint plugins are not imported directly in code; they are referenced by name in the ESLint config.","wrong":"const plugin = require('eslint-plugin-knex')","symbol":"plugin","correct":"{\n  \"plugins\": [\"knex\"],\n  \"rules\": { \"knex/avoid-injections\": \"error\" }\n}"},{"note":"Rule must be prefixed with the plugin namespace 'knex/'.","wrong":"\"avoid-injections\": \"error\"","symbol":"avoid-injections rule","correct":"\"knex/avoid-injections\": \"error\""}],"quickstart":{"code":"// .eslintrc.js\nmodule.exports = {\n  plugins: ['knex'],\n  rules: {\n    'knex/avoid-injections': 'error'\n  },\n  settings: {\n    knex: {\n      builderName: '^(knex|trx)$'\n    }\n  }\n};","lang":"javascript","description":"Configures ESLint to use the knex plugin and enforce the avoid-injections rule with custom builder name pattern."},"warnings":[{"fix":"Supplement with additional ESLint rules or custom linting as needed.","message":"The plugin only provides a single rule; other potential Knex linting needs (e.g., using .where with raw) are not covered.","severity":"gotcha","affected_versions":">=0.0.1"},{"fix":"Consider alternatives or test compatibility with your ESLint/Knex versions.","message":"Plugin has not been updated since 2018; may not support newer ESLint versions or Knex features.","severity":"deprecated","affected_versions":">=0.2.2"},{"fix":"Ensure all raw queries use template literals or parameterized syntax, or suppress the rule with inline comments where appropriate.","message":"The rule 'avoid-injections' flags any plain string argument to raw(), including legitimate cases (e.g., simple constant queries).","severity":"gotcha","affected_versions":">=0.0.1"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"npm install -D eslint-plugin-knex","cause":"Plugin not installed as a devDependency.","error":"Error: Failed to load plugin 'knex' declared in '.eslintrc': Cannot find module 'eslint-plugin-knex'"},{"fix":"Use 'knex/avoid-injections' instead of 'avoid-injections'.","cause":"Rule referenced without the plugin namespace prefix.","error":"Rule 'knex/avoid-injections' was not found. Did you mean to use 'avoid-injections'?"},{"fix":"Set rule value to 'error', 'warn', or 'off'.","cause":"Rule severity configured incorrectly, e.g., as a number or object.","error":"Configuration for rule 'knex/avoid-injections' is invalid: Value should be string (error/warn/off)."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}