sequelize-sql-tag
v2.0.2
Published
A sequelize plugin for sql-tag
Downloads
4,584
Maintainers
Readme
sequelize-sql-tag
A template tag for writing elegant parameterized SQL queries based on ES2015 tagged template literals using sequelize.
Status
Installation
Install the package via npm
:
npm install --save sequelize-sql-tag
Compatibility
Due to the constant changes in sequelize
, the usage of this module varies significantly.
Since versions >=3.14.0
sequelize supports parameterized queries, i.e., queries that can be sent to the server separately from the arguments, which is a recommended form of protection against SQL injections. This requires installing [email protected] only as exemplified below.
From versions >=2.0.4 <3.14.0
, sequelize only supports text queries, i.e., queries that are sent to the server in plain text and escaped by the client (or framework). Version [email protected] outputs a format that is directly compatible with sequelize without requiring any additional patching.
For versions >=1.7.0 <2.0.4
, in addition to [email protected]
, a patch is required to make sequelize understand text queries as output by sql-tag
. This patch was made available on an earlier version of this module ([email protected]).
Usage
const Sequelize = require('sequelize');
const sql = require('./dist/src/index.js');
const sequelize = new Sequelize('sqlite', 'sqlite', 'sqlite', { dialect: 'sqlite', logging: false });
sequelize.query(sql`SELECT ${1 + 1} as foo`).then(console.log);
// => [ [ { foo: 2 } ], Statement { sql: 'SELECT $1 as foo' } ]
Tests
npm test
Release
npm version [<newversion> | major | minor | patch] -m "Release %s"
License
MIT