@carno.js/orm 0.2.3 → 0.2.5

package/dist/SqlBuilder.d.ts

@@ -10,12 +10,14 @@ export declare class SqlBuilder<T> {
     private updatedColumns;
     private originalColumns;
     private conditionBuilder;
-    private modelTransformer;
     private columnManager;
-    private joinManager;
     private cacheManager?;
+    private _modelTransformer?;
+    private _joinManager?;
+    private readonly boundGetAlias;
     constructor(model: new () => T);
-    private initializeCacheManager;
+    private get modelTransformer();
+    private get joinManager();
     select(columns?: AutoPath<T, never, '*'>[]): SqlBuilder<T>;
     setStrategy(strategy?: 'joined' | 'select'): SqlBuilder<T>;
     setInstance(instance: T): SqlBuilder<T>;

package/dist/SqlBuilder.js

@@ -19,10 +19,11 @@ class SqlBuilder {
         this.driver = orm.driverInstance;
         this.logger = orm.logger;
         this.entityStorage = entities_1.EntityStorage.getInstance();
-        this.initializeCacheManager();
+        this.cacheManager = orm.queryCacheManager;
         this.getEntity(model);
         this.statements.hooks = this.entity.hooks;
-        this.modelTransformer = new model_transformer_1.ModelTransformer(this.entityStorage);
+        // Pre-bind once
+        this.boundGetAlias = this.getAlias.bind(this);
         this.columnManager = new sql_column_manager_1.SqlColumnManager(this.entityStorage, this.statements, this.entity);
         const applyJoinWrapper = (relationship, value, alias) => {
             return this.joinManager.applyJoin(relationship, value, alias);
@@ -30,16 +31,20 @@ class SqlBuilder {
         this.conditionBuilder = new sql_condition_builder_1.SqlConditionBuilder(this.entityStorage, applyJoinWrapper, this.statements);
         const subqueryBuilder = new sql_subquery_builder_1.SqlSubqueryBuilder(this.entityStorage, () => this.conditionBuilder);
         this.conditionBuilder.setSubqueryBuilder(subqueryBuilder);
-        this.joinManager = new sql_join_manager_1.SqlJoinManager(this.entityStorage, this.statements, this.entity, this.model, this.driver, this.logger, this.conditionBuilder, this.columnManager, this.modelTransformer, () => this.originalColumns, this.getAlias.bind(this));
     }
-    initializeCacheManager() {
-        try {
-            const orm = orm_1.Orm.getInstance();
-            this.cacheManager = orm.queryCacheManager;
+    // Lazy getter for modelTransformer - only created when transform is needed
+    get modelTransformer() {
+        if (!this._modelTransformer) {
+            this._modelTransformer = new model_transformer_1.ModelTransformer(this.entityStorage);
         }
-        catch (error) {
-            this.cacheManager = undefined;
+        return this._modelTransformer;
+    }
+    // Lazy getter for joinManager - only created when joins are needed
+    get joinManager() {
+        if (!this._joinManager) {
+            this._joinManager = new sql_join_manager_1.SqlJoinManager(this.entityStorage, this.statements, this.entity, this.model, this.driver, this.logger, this.conditionBuilder, this.columnManager, this.modelTransformer, () => this.originalColumns, this.boundGetAlias);
         }
+        return this._joinManager;
     }
     select(columns) {
         const tableName = this.entity.tableName || this.model.name.toLowerCase();

package/dist/cache/cache-key-generator.d.ts

@@ -9,5 +9,5 @@ export declare class CacheKeyGenerator {
     private addLimits;
     private addJoins;
     private combineKeyParts;
-    private hashKey;
+    private hashFNV1a;
 }

package/dist/cache/cache-key-generator.js

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CacheKeyGenerator = void 0;
-const crypto_1 = require("crypto");
+const FNV_OFFSET_BASIS = 2166136261;
+const FNV_PRIME = 16777619;
 class CacheKeyGenerator {
     generate(statement) {
         const parts = this.buildKeyParts(statement);
         const combined = this.combineKeyParts(parts);
-        return this.hashKey(combined);
+        return this.hashFNV1a(combined);
     }
     buildKeyParts(statement) {
         const parts = [];
@@ -57,10 +58,13 @@ class CacheKeyGenerator {
     combineKeyParts(parts) {
         return parts.join('::');
     }
-    hashKey(key) {
-        return (0, crypto_1.createHash)('md5')
-            .update(key)
-            .digest('hex');
+    hashFNV1a(str) {
+        let hash = FNV_OFFSET_BASIS;
+        for (let i = 0; i < str.length; i++) {
+            hash ^= str.charCodeAt(i);
+            hash = Math.imul(hash, FNV_PRIME);
+        }
+        return (hash >>> 0).toString(16);
     }
 }
 exports.CacheKeyGenerator = CacheKeyGenerator;

package/dist/cache/query-cache-manager.d.ts

@@ -4,11 +4,13 @@ export declare class QueryCacheManager {
     private cacheService;
     private keyGenerator;
     private namespaceKeys;
-    constructor(cacheService: CacheService);
+    private readonly maxKeysPerNamespace;
+    constructor(cacheService: CacheService, maxKeysPerNamespace?: number);
     get<T>(statement: Statement<T>): Promise<any>;
     set<T>(statement: Statement<T>, value: any, ttl?: number): Promise<void>;
     invalidate<T>(statement: Statement<T>): Promise<void>;
     private registerKeyInNamespace;
+    private evictOldestKey;
     private getNamespace;
     private generateKey;
 }

package/dist/cache/query-cache-manager.js

@@ -2,11 +2,13 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.QueryCacheManager = void 0;
 const cache_key_generator_1 = require("./cache-key-generator");
+const DEFAULT_MAX_KEYS_PER_NAMESPACE = 1000;
 class QueryCacheManager {
-    constructor(cacheService) {
+    constructor(cacheService, maxKeysPerNamespace = DEFAULT_MAX_KEYS_PER_NAMESPACE) {
         this.cacheService = cacheService;
         this.namespaceKeys = new Map();
         this.keyGenerator = new cache_key_generator_1.CacheKeyGenerator();
+        this.maxKeysPerNamespace = maxKeysPerNamespace;
     }
     async get(statement) {
         const key = this.generateKey(statement);
@@ -32,7 +34,19 @@ class QueryCacheManager {
         if (!this.namespaceKeys.has(namespace)) {
             this.namespaceKeys.set(namespace, new Set());
         }
-        this.namespaceKeys.get(namespace).add(key);
+        const keys = this.namespaceKeys.get(namespace);
+        if (keys.has(key)) {
+            return;
+        }
+        if (keys.size >= this.maxKeysPerNamespace) {
+            this.evictOldestKey(keys);
+        }
+        keys.add(key);
+    }
+    evictOldestKey(keys) {
+        const oldest = keys.values().next().value;
+        keys.delete(oldest);
+        this.cacheService.del(oldest);
     }
     getNamespace(statement) {
         return statement.table || 'unknown';

package/dist/domain/base-entity.d.ts

@@ -4,7 +4,10 @@ export declare abstract class BaseEntity {
     private _oldValues;
     private _changedValues;
     private $_isPersisted;
+    private $_isHydrating;
     constructor();
+    $_startHydration(): void;
+    $_endHydration(): void;
     /**
      * Gets current entity's Repository.
      */

package/dist/domain/base-entity.js

@@ -10,26 +10,34 @@ class BaseEntity {
         this._oldValues = {};
         this._changedValues = {};
         this.$_isPersisted = false;
+        this.$_isHydrating = false;
         return new Proxy(this, {
             set(target, p, newValue) {
                 if (p.startsWith('$') || p.startsWith('_')) {
                     target[p] = newValue;
                     return true;
                 }
-                // se oldvalue não existir, é porque é a primeira vez que o atributo está sendo setado
+                if (target.$_isHydrating) {
+                    target[p] = newValue;
+                    return true;
+                }
                 if (!(p in target._oldValues)) {
                     target._oldValues[p] = newValue;
                 }
-                // se o valor for diferente do valor antigo, é porque o valor foi alterado
                 if (target._oldValues[p] !== newValue) {
                     target._changedValues[p] = newValue;
-                    this.$_isPersisted = false;
                 }
                 target[p] = newValue;
                 return true;
             },
         });
     }
+    $_startHydration() {
+        this.$_isHydrating = true;
+    }
+    $_endHydration() {
+        this.$_isHydrating = false;
+    }
     /**
      * Gets current entity's Repository.
      */

package/dist/driver/bun-driver.base.d.ts

@@ -28,7 +28,6 @@ export declare abstract class BunDriverBase implements Partial<DriverInterface>
     private getExecutionContext;
     transaction<T>(callback: (tx: SQL) => Promise<T>): Promise<T>;
     protected toDatabaseValue(value: unknown): string | number | boolean;
-    protected escapeString(value: string): string;
     protected escapeIdentifier(identifier: string): string;
     protected buildWhereClause(where: string | undefined): string;
     protected buildOrderByClause(orderBy: string[] | undefined): string;

package/dist/driver/bun-driver.base.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BunDriverBase = void 0;
 const bun_1 = require("bun");
 const transaction_context_1 = require("../transaction/transaction-context");
+const sql_escape_1 = require("../utils/sql-escape");
 class BunDriverBase {
     constructor(options) {
         this.connectionString = this.buildConnectionString(options);
@@ -79,20 +80,17 @@ class BunDriverBase {
         }
         switch (typeof value) {
             case "string":
-                return `'${this.escapeString(value)}'`;
+                return `'${(0, sql_escape_1.escapeString)(value)}'`;
             case "number":
                 return value;
             case "boolean":
                 return value;
             case "object":
-                return `'${this.escapeString(JSON.stringify(value))}'`;
+                return `'${(0, sql_escape_1.escapeString)(JSON.stringify(value))}'`;
             default:
-                return `'${this.escapeString(String(value))}'`;
+                return `'${(0, sql_escape_1.escapeString)(String(value))}'`;
         }
     }
-    escapeString(value) {
-        return value.replace(/'/g, "''");
-    }
     escapeIdentifier(identifier) {
         return `"${identifier}"`;
     }

package/dist/driver/driver.interface.d.ts

@@ -44,6 +44,9 @@ export type SnapshotConstraintInfo = {
     consDef: string;
     type: string;
 };
+export interface CacheSettings {
+    maxKeysPerTable?: number;
+}
 export interface ConnectionSettings<T extends DriverInterface = DriverInterface> {
     host?: string;
     port?: number;
@@ -59,6 +62,7 @@ export interface ConnectionSettings<T extends DriverInterface = DriverInterface>
     driver: new (options: ConnectionSettings<T>) => T;
     entities?: Function[] | string;
     migrationPath?: string;
+    cache?: CacheSettings;
 }
 export type ConditionOperators<T, C> = {
     $ne?: T;

package/dist/identity-map/entity-registry.d.ts

@@ -1,6 +1,7 @@
 export declare class EntityRegistry {
     private store;
-    private finalizationRegistry;
+    private finalizationRegistry?;
+    private readonly useWeakRefs;
     constructor();
     private setupFinalizationRegistry;
     get<T>(key: string): T | undefined;

package/dist/identity-map/entity-registry.js

@@ -4,7 +4,11 @@ exports.EntityRegistry = void 0;
 class EntityRegistry {
     constructor() {
         this.store = new Map();
-        this.setupFinalizationRegistry();
+        // Bun can GC WeakRefs early; keep strong refs there for identity stability.
+        this.useWeakRefs = typeof Bun === 'undefined';
+        if (this.useWeakRefs) {
+            this.setupFinalizationRegistry();
+        }
     }
     setupFinalizationRegistry() {
         this.finalizationRegistry = new FinalizationRegistry((key) => {
@@ -12,11 +16,14 @@ class EntityRegistry {
         });
     }
     get(key) {
-        const weakRef = this.store.get(key);
-        if (!weakRef) {
+        const value = this.store.get(key);
+        if (!value) {
             return undefined;
         }
-        const entity = weakRef.deref();
+        if (!this.useWeakRefs) {
+            return value;
+        }
+        const entity = value.deref();
         if (!entity) {
             this.store.delete(key);
             return undefined;
@@ -24,9 +31,13 @@ class EntityRegistry {
         return entity;
     }
     set(key, entity) {
+        if (!this.useWeakRefs) {
+            this.store.set(key, entity);
+            return;
+        }
         const weakRef = new WeakRef(entity);
         this.store.set(key, weakRef);
-        this.finalizationRegistry.register(entity, key, entity);
+        this.finalizationRegistry?.register(entity, key, entity);
     }
     has(key) {
         return this.get(key) !== undefined;

package/dist/orm.js

@@ -16,17 +16,19 @@ const SqlBuilder_1 = require("./SqlBuilder");
 const query_cache_manager_1 = require("./cache/query-cache-manager");
 const transaction_context_1 = require("./transaction/transaction-context");
 const orm_session_context_1 = require("./orm-session-context");
+const DEFAULT_MAX_KEYS_PER_TABLE = 10000;
 let Orm = Orm_1 = class Orm {
     constructor(logger, cacheService) {
         this.logger = logger;
         this.cacheService = cacheService;
         Orm_1.instance = this;
-        this.initializeQueryCacheManager();
     }
-    initializeQueryCacheManager() {
-        if (this.cacheService) {
-            this.queryCacheManager = new query_cache_manager_1.QueryCacheManager(this.cacheService);
+    initializeQueryCacheManager(cacheSettings) {
+        if (!this.cacheService) {
+            return;
         }
+        const maxKeys = cacheSettings?.maxKeysPerTable ?? DEFAULT_MAX_KEYS_PER_TABLE;
+        this.queryCacheManager = new query_cache_manager_1.QueryCacheManager(this.cacheService, maxKeys);
     }
     static getInstance() {
         const scoped = orm_session_context_1.ormSessionContext.getOrm();
@@ -39,6 +41,7 @@ let Orm = Orm_1 = class Orm {
         this.connection = connection;
         // @ts-ignore
         this.driverInstance = new this.connection.driver(connection);
+        this.initializeQueryCacheManager(connection.cache);
     }
     createQueryBuilder(model) {
         return new SqlBuilder_1.SqlBuilder(model);

package/dist/query/index-condition-builder.d.ts

@@ -1,7 +1,6 @@
 import { FilterQuery } from '../driver/driver.interface';
 export declare class IndexConditionBuilder<T> {
     private columnMap;
-    private readonly OPERATORS;
     private lastKeyNotOperator;
     constructor(columnMap: Record<string, string>);
     build(condition: FilterQuery<T>): string;
@@ -29,7 +28,6 @@ export declare class IndexConditionBuilder<T> {
     private isPrimitive;
     private formatPrimitive;
     private formatJson;
-    private escapeString;
     private isScalarValue;
     private isArrayValue;
     private isLogicalOperator;

package/dist/query/index-condition-builder.js

@@ -3,23 +3,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.IndexConditionBuilder = void 0;
 const value_object_1 = require("../common/value-object");
 const utils_1 = require("../utils");
+const sql_escape_1 = require("../utils/sql-escape");
+const OPERATORS_SET = new Set([
+    '$eq', '$ne', '$in', '$nin', '$like',
+    '$gt', '$gte', '$lt', '$lte',
+    '$and', '$or', '$nor',
+]);
+const LOGICAL_OPERATORS_SET = new Set(['$or', '$and']);
+const PRIMITIVES_SET = new Set(['string', 'number', 'boolean', 'bigint']);
 class IndexConditionBuilder {
     constructor(columnMap) {
         this.columnMap = columnMap;
-        this.OPERATORS = [
-            '$eq',
-            '$ne',
-            '$in',
-            '$nin',
-            '$like',
-            '$gt',
-            '$gte',
-            '$lt',
-            '$lte',
-            '$and',
-            '$or',
-            '$nor',
-        ];
         this.lastKeyNotOperator = '';
     }
     build(condition) {
@@ -82,9 +76,9 @@ class IndexConditionBuilder {
     }
     buildOperatorConditions(key, value) {
         const parts = [];
-        for (const operator of this.OPERATORS) {
-            if (operator in value) {
-                const condition = this.buildOperatorCondition(key, operator, value[operator]);
+        for (const opKey in value) {
+            if (OPERATORS_SET.has(opKey)) {
+                const condition = this.buildOperatorCondition(key, opKey, value[opKey]);
                 parts.push(condition);
             }
         }
@@ -138,7 +132,8 @@ class IndexConditionBuilder {
     }
     buildLikeCondition(key, value) {
         const column = this.resolveColumnName(key);
-        return `${column} LIKE '${value}'`;
+        const escaped = (0, sql_escape_1.escapeString)(value);
+        return `${column} LIKE '${escaped}'`;
     }
     buildComparisonCondition(key, value, operator) {
         const column = this.resolveColumnName(key);
@@ -182,28 +177,26 @@ class IndexConditionBuilder {
         return value === null || value === undefined;
     }
     isPrimitive(value) {
-        return ['string', 'number', 'boolean', 'bigint'].includes(typeof value);
+        return PRIMITIVES_SET.has(typeof value);
     }
     formatPrimitive(value) {
-        if (typeof value === 'string')
-            return `'${this.escapeString(value)}'`;
+        if (typeof value === 'string') {
+            return `'${(0, sql_escape_1.escapeString)(value)}'`;
+        }
         return `${value}`;
     }
     formatJson(value) {
-        return `'${this.escapeString(JSON.stringify(value))}'`;
-    }
-    escapeString(value) {
-        return value.replace(/'/g, "''");
+        return `'${(0, sql_escape_1.escapeString)(JSON.stringify(value))}'`;
     }
     isScalarValue(value) {
         const isDate = value instanceof Date;
         return typeof value !== 'object' || value === null || isDate;
     }
     isArrayValue(key, value) {
-        return !this.OPERATORS.includes(key) && Array.isArray(value);
+        return !OPERATORS_SET.has(key) && Array.isArray(value);
     }
     isLogicalOperator(key) {
-        return ['$or', '$and'].includes(key);
+        return LOGICAL_OPERATORS_SET.has(key);
     }
     isNorOperator(key) {
         return key === '$nor';
@@ -212,7 +205,7 @@ class IndexConditionBuilder {
         return key.toUpperCase().replace('$', '');
     }
     trackLastNonOperatorKey(key) {
-        if (!this.OPERATORS.includes(key)) {
+        if (!OPERATORS_SET.has(key)) {
             this.lastKeyNotOperator = key;
         }
     }

package/dist/query/model-transformer.d.ts

@@ -4,6 +4,8 @@ export declare class ModelTransformer {
     private entityStorage;
     constructor(entityStorage: EntityStorage);
     transform<T>(model: any, statement: Statement<any>, data: any): T;
+    private startHydration;
+    private endHydration;
     private registerInstancesInIdentityMap;
     private createInstances;
     private createInstance;

package/dist/query/model-transformer.js

@@ -11,12 +11,30 @@ class ModelTransformer {
     transform(model, statement, data) {
         const { instanceMap, cachedAliases } = this.createInstances(model, statement, data);
         const optionsMap = this.buildOptionsMap(instanceMap);
+        this.startHydration(instanceMap, cachedAliases);
         this.populateProperties(data, instanceMap, optionsMap, cachedAliases);
         this.linkJoinedEntities(statement, instanceMap, optionsMap);
         this.resetChangedValues(instanceMap, cachedAliases);
+        this.endHydration(instanceMap, cachedAliases);
         this.registerInstancesInIdentityMap(instanceMap, cachedAliases);
         return instanceMap[statement.alias];
     }
+    startHydration(instanceMap, cachedAliases) {
+        for (const [alias, instance] of Object.entries(instanceMap)) {
+            if (cachedAliases.has(alias)) {
+                continue;
+            }
+            instance.$_startHydration?.();
+        }
+    }
+    endHydration(instanceMap, cachedAliases) {
+        for (const [alias, instance] of Object.entries(instanceMap)) {
+            if (cachedAliases.has(alias)) {
+                continue;
+            }
+            instance.$_endHydration?.();
+        }
+    }
     registerInstancesInIdentityMap(instanceMap, cachedAliases) {
         Object.entries(instanceMap).forEach(([alias, instance]) => {
             // Skip registering entities that were already in cache
@@ -42,13 +60,14 @@ class ModelTransformer {
         return { instanceMap, cachedAliases };
     }
     createInstance(model, primaryKey) {
-        const cached = identity_map_1.IdentityMapIntegration.getEntity(model, primaryKey);
-        if (cached) {
-            return { instance: cached, wasCached: true };
+        if (primaryKey !== undefined && primaryKey !== null) {
+            const cached = identity_map_1.IdentityMapIntegration.getEntity(model, primaryKey);
+            if (cached) {
+                return { instance: cached, wasCached: true };
+            }
         }
         const instance = new model();
         instance.$_isPersisted = true;
-        // Note: Registration happens later in registerInstancesInIdentityMap after properties are populated
         return { instance, wasCached: false };
     }
     addJoinedInstances(statement, instanceMap, data, cachedAliases) {

package/dist/query/sql-condition-builder.d.ts

@@ -6,7 +6,6 @@ export declare class SqlConditionBuilder<T> {
     private entityStorage;
     private applyJoinCallback;
     private statements;
-    private readonly OPERATORS;
     private lastKeyNotOperator;
     private subqueryBuilder?;
     constructor(entityStorage: EntityStorage, applyJoinCallback: ApplyJoinCallback, statements: Statement<T>);
@@ -36,7 +35,6 @@ export declare class SqlConditionBuilder<T> {
     private isPrimitive;
     private formatPrimitive;
     private formatJson;
-    private escapeString;
     private findRelationship;
     private isScalarValue;
     private isArrayValue;

package/dist/query/sql-condition-builder.js

@@ -3,12 +3,19 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SqlConditionBuilder = void 0;
 const value_object_1 = require("../common/value-object");
 const utils_1 = require("../utils");
+const sql_escape_1 = require("../utils/sql-escape");
+const OPERATORS_SET = new Set([
+    '$eq', '$ne', '$in', '$nin', '$like',
+    '$gt', '$gte', '$lt', '$lte',
+    '$and', '$or', '$exists', '$nexists',
+]);
+const LOGICAL_OPERATORS_SET = new Set(['$or', '$and']);
+const PRIMITIVES_SET = new Set(['string', 'number', 'boolean', 'bigint']);
 class SqlConditionBuilder {
     constructor(entityStorage, applyJoinCallback, statements) {
         this.entityStorage = entityStorage;
         this.applyJoinCallback = applyJoinCallback;
         this.statements = statements;
-        this.OPERATORS = ['$eq', '$ne', '$in', '$nin', '$like', '$gt', '$gte', '$lt', '$lte', '$and', '$or', '$exists', '$nexists'];
         this.lastKeyNotOperator = '';
     }
     setSubqueryBuilder(subqueryBuilder) {
@@ -79,9 +86,9 @@ class SqlConditionBuilder {
     }
     buildOperatorConditions(key, value, alias, model) {
         const parts = [];
-        for (const operator of this.OPERATORS) {
-            if (operator in value) {
-                const condition = this.buildOperatorCondition(key, operator, value[operator], alias, model);
+        for (const opKey in value) {
+            if (OPERATORS_SET.has(opKey)) {
+                const condition = this.buildOperatorCondition(key, opKey, value[opKey], alias, model);
                 parts.push(condition);
             }
         }
@@ -137,7 +144,8 @@ class SqlConditionBuilder {
     }
     buildLikeCondition(key, value, alias, model) {
         const column = this.resolveColumnName(key, model);
-        return `${alias}.${column} LIKE '${value}'`;
+        const escaped = (0, sql_escape_1.escapeString)(value);
+        return `${alias}.${column} LIKE '${escaped}'`;
     }
     buildComparisonCondition(key, value, alias, operator, model) {
         const column = this.resolveColumnName(key, model);
@@ -181,18 +189,16 @@ class SqlConditionBuilder {
         return `${alias}.${column} IS NULL`;
     }
     isPrimitive(value) {
-        return ['string', 'number', 'boolean', 'bigint'].includes(typeof value);
+        return PRIMITIVES_SET.has(typeof value);
     }
     formatPrimitive(value) {
-        if (typeof value === 'string')
-            return `'${this.escapeString(value)}'`;
+        if (typeof value === 'string') {
+            return `'${(0, sql_escape_1.escapeString)(value)}'`;
+        }
         return `${value}`;
     }
     formatJson(value) {
-        return `'${this.escapeString(JSON.stringify(value))}'`;
-    }
-    escapeString(value) {
-        return value.replace(/'/g, "''");
+        return `'${(0, sql_escape_1.escapeString)(JSON.stringify(value))}'`;
     }
     findRelationship(key, model) {
         const entity = this.entityStorage.get(model);
@@ -203,16 +209,16 @@ class SqlConditionBuilder {
         return typeof value !== 'object' || value === null || isDate;
     }
     isArrayValue(key, value) {
-        return !this.OPERATORS.includes(key) && Array.isArray(value);
+        return !OPERATORS_SET.has(key) && Array.isArray(value);
     }
     isLogicalOperator(key) {
-        return ['$or', '$and'].includes(key);
+        return LOGICAL_OPERATORS_SET.has(key);
     }
     extractLogicalOperator(key) {
         return key.toUpperCase().replace('$', '');
     }
     trackLastNonOperatorKey(key, model) {
-        if (!this.OPERATORS.includes(key)) {
+        if (!OPERATORS_SET.has(key)) {
             this.lastKeyNotOperator = key;
         }
     }

package/dist/utils/sql-escape.d.ts

@@ -0,0 +1,11 @@
+/**
+ * SQL String Escape Utility
+ *
+ * Provides secure string escaping for SQL queries.
+ *
+ * SECURITY NOTE: While this escaping is robust, parameterized queries
+ * (prepared statements) are the gold standard for SQL injection prevention.
+ * This utility should be used only when parameterized queries are not feasible.
+ */
+export declare function escapeString(value: string): string;
+export declare function escapeLikePattern(value: string): string;

package/dist/utils/sql-escape.js

@@ -0,0 +1,25 @@
+"use strict";
+/**
+ * SQL String Escape Utility
+ *
+ * Provides secure string escaping for SQL queries.
+ *
+ * SECURITY NOTE: While this escaping is robust, parameterized queries
+ * (prepared statements) are the gold standard for SQL injection prevention.
+ * This utility should be used only when parameterized queries are not feasible.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.escapeString = escapeString;
+exports.escapeLikePattern = escapeLikePattern;
+const QUOTE_REGEX = /'/g;
+const BACKSLASH_REGEX = /\\/g;
+function escapeString(value) {
+    if (value.indexOf('\x00') !== -1) {
+        throw new Error('SQL injection attempt detected: null byte in string value');
+    }
+    return value.replace(QUOTE_REGEX, "''").replace(BACKSLASH_REGEX, '\\\\');
+}
+function escapeLikePattern(value) {
+    const escaped = escapeString(value);
+    return escaped.replace(/[%_]/g, (char) => '\\' + char);
+}

package/dist/utils.d.ts

@@ -1,3 +1,3 @@
 export declare function getDefaultLength(type: string): number;
-export declare function toSnakeCase(propertyKey1: string): string;
+export declare function toSnakeCase(str: string): string;
 export declare function extendsFrom(baseClass: any, instance: any): boolean;

package/dist/utils.js

@@ -6,9 +6,15 @@ exports.extendsFrom = extendsFrom;
 function getDefaultLength(type) {
     return null;
 }
-function toSnakeCase(propertyKey1) {
-    propertyKey1 = propertyKey1[0].toLowerCase() + propertyKey1.slice(1);
-    return propertyKey1.replace(/([A-Z])/g, '_$1').toLowerCase();
+const snakeCaseCache = new Map();
+function toSnakeCase(str) {
+    let cached = snakeCaseCache.get(str);
+    if (cached) {
+        return cached;
+    }
+    cached = str[0].toLowerCase() + str.slice(1).replace(/([A-Z])/g, '_$1').toLowerCase();
+    snakeCaseCache.set(str, cached);
+    return cached;
 }
 function extendsFrom(baseClass, instance) {
     if (!instance)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@carno.js/orm",
-  "version": "0.2.3",
+  "version": "0.2.5",
   "description": "A simple ORM for Carno.js.",
   "type": "commonjs",
   "main": "dist/index.js",
@@ -30,7 +30,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+ssh://git@github.com:mlusca/carno.js.git"
+    "url": "git+ssh://git@github.com:carnojs/carno.js.git"
   },
   "devDependencies": {
     "@types/uuid": "^9.0.6",
@@ -55,5 +55,5 @@
     "bun",
     "value-object"
   ],
-  "gitHead": "179037d66f41ab7014a008b141afce3c9232190e"
+  "gitHead": "2be3063988696f2cd3eb13363e1f679b9f58c2f1"
 }