npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

sqlite-view

v0.2.0

Published

A library for building sqlite readers in web applications.

Downloads

81

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ryneeverettryneeverett

Keywords

Readme

npm

A library for building sqlite readers in web applications.

This project emerged as an abstraction of the sqlite-viewer application.

See demos.

Installation

npm install sqlite-view

Usage

<div id="sqlite-viewer"></div>

<script type="module">
  import SqliteView from "sqlite-view";
  const viewer = new SqliteView("sqlite-view");
  viewer.load("/path/to/db.sqlite");
</script>

Quick Start

<div id="sqlite-viewer"></div>

<script type="module">
  import SqliteView from "https://unpkg.com/sqlite-view/sqlite-view.js";
  const viewer = new SqliteView("sqlite-viewer");
  viewer.load(
    "https://ryneeverett.gitlab.io/sqlite-view/sqlite-viewer/examples/Chinook_Sqlite.sqlite",
  );
</script>

Building from Source

npm install sqlite-view vite
export PATH="$PATH:$PWD/node_modules/.bin"
vite build node_modules/sqlite-view --outDir "$(pwd)/sqlite-view"

API

SqliteView(element, config)

element

The string id of an existing element in the DOM where sqlite-view will inject the reader.

config

An optional object of configurations:

choicesConfig: An object of which is passed directly to Choices configuration.

SqliteView.load(database)

database

Either a string url path or a ByteArray of a database.

Development

Installing development environment

With nix:

nix-shell

Without nix:

npm install

Running examples

npm run serve

Running build and tests

npm test

This runs the build, unit tests, integration tests, and other checks. The main difference between the two test suites is that the unit tests are run from within the browser context whereas the integration tests are run from outside the browser context (nodejs server).

Publishing a new version to NPM

npm version <version>

Security

Database contents are escaped before injection in order to mitigate XSS.

However, databases of untrusted construction could perform sql injection via table names. Sqlite does not support table name parameterization and sqlite does not have any restrictions on table name validity, so there is necessarily a trade-off between supporting all valid sqlite databases and avoiding sql injection. Currently the former is chosen and no escaping of table names is done. It's likely that sql.js also does not have the threat model of maliciously-constructed databases in mind and that even with mitigations in place it would still be insecure to load untrusted databases.