npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

sqlmagic

v0.0.4

Published

Flexible data mapper ORM for io.js and node 0.12

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

danielstjulesdanielstjules

Keywords

ormsqldatamapperpostgresmysqlsqlitequerydbdatabase

Readme

SQLMagic

WIP. Ignore. ORM progress in branch.

Parametrized Queries and Prepared Statements

Many node ORMs and querying DSLs try to escape queries to avoid SQL injection, which is cumbersome and error-prone. SQLMagic uses parametrized queries with mysql2, pg and sqlite3 to avoid SQL injection. In addition, it provides a name when required to enable prepared statements. This improves performance as only a short name is sent to be parsed, rather than a full query, and the DB is able to re-use cached query plans for common queries.

'use strict';

let co     = require('co');
let config = {dialect: 'mysql2', host: 'localhost', database: 'test'};
let orm    = require('sqlmagic')(config);

co(function*() {
  let id = 1;
  let row = yield orm.execute`
    SELECT *
    FROM users
    WHERE user_id = ${id}`;
  orm.close();
});

// With mysql2: 'SELECT * FROM users WHERE user_id = ?', [1]
// With pg: 'SELECT * FROM users WHERE user_id = $1', [1]

To prevent errors such as forgetting to parametrize a query, orm.execute must be invoked in one of the following ways:

let foo = 'bar';
// Used as a tag for a tagged template string as seen above
orm.execute`SELECT * FROM...{$foo}`;
// Passed a query string and array of values:
orm.execute('SELECT * FROM...?', [foo]);
// Passed an object of the form:
orm.execute({text: 'SELECT * FROM...?', values: [foo]});

Invoking the function with a string, without an array of values, will result in an error.

let id = req.query.id;

// Not safe, since id hasn't been escaped/filtered/validated, and isn't
// being used in a parametrized query
orm.execute(`SELECT * FROM products WHERE product_id = ${id}`).catch((err) => {
  // Error: Expected array of values for prepared statement
});

orm.execute`SELECT * FROM products WHERE product_id = ${id}`.then((res) => {
  // Succeeds. Your query is safe!
});

Supported drivers

Since SQLMagic requires parametrized queries and encourages prepared statements, the mysql module is not supported. The only supported drivers are: mysql2, pg and sqlite3.