sqlstring

Simple SQL escape and format utility for MySQL, commonly used as a dependency of mysqljs/mysql and mysql2. The current stable version is 2.3.3, with a stable release cadence (last updated 2020). It provides escape() and format() methods for safe SQL value interpolation, supporting custom toSqlString for raw SQL fragments. Unlike template-based libraries, it uses placeholder substitution (?), but does NOT protect against all injection vectors (e.g., NO_BACKSLASH_ESCAPES mode). Lightweight, no dependencies, and compatible with Node >= 0.6.