pg-escape

Sprintf-style PostgreSQL query escaping and formatting library for Node.js. Current stable version 0.2.0 (released 2012, no updates since). Offers %s, %L, %I, %Q format specifiers for strings, literals, identifiers, and dollar-quoted strings. Unlike parameterized queries (which keep queries safe), this escapes inline into SQL strings, suitable for dynamic query construction where parameters cannot be used. Works in Node.js only.