{"library":"safesql","type":"library","category":null,"description":"safesql is an npm package (v2.0.2) that provides ES6 template tag functions for safely composing MySQL and PostgreSQL query strings. It automatically escapes dynamic values based on context (identifiers, values, raw expressions) to prevent SQL injection. Written by Mike Samuel, a security engineer, it is part of the template-tag-common family. The library is lightweight, has no runtime dependencies, and supports both CommonJS and ESM (via bundlers). Unlike string concatenation or naive escaping, safesql uses tagged template literals to distinguish between identifiers and values, and handles arrays, objects, and nested SqlFragment instances correctly. Release cadence is low, with version 2.0.2 current as of 2024.","language":"javascript","status":"active","version":"2.0.2","tags":["javascript","sql","security","injection","template","template-tag","string-template","sec-roadmap","es6"],"last_verified":"Fri Jun 05","install":[{"cmd":"npm install safesql","imports":["import { mysql } from 'safesql'","import { pg } from 'safesql'","import { SqlFragment } from 'safesql'","import { SqlId } from 'safesql'"]},{"cmd":"yarn add safesql","imports":[]},{"cmd":"pnpm add safesql","imports":[]}],"homepage":"https://github.com/mikesamuel/safesql#readme","github":"https://github.com/mikesamuel/safesql","docs":null,"changelog":null,"pypi":null,"npm":"safesql","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":null}