pg-format

A Node.js implementation of PostgreSQL's format() function for safely creating dynamic SQL queries. Version 1.0.4, stable and minimal, with no dependencies. It escapes SQL identifiers (%I), literals (%L), and simple strings (%s) to help prevent SQL injection. Supports Node buffers, arrays, and objects, including nested arrays for bulk inserts. Unlike other SQL escaping libraries, it mimics PostgreSQL's built-in format() exactly, making it ideal for building queries in Node.js that mirror PL/pgSQL logic. Released under MIT license, maintained on GitHub.