@photostructure/sqlite 0.0.1 → 0.2.1

package/src/sqlite_impl.h

@@ -82,12 +82,38 @@ public:
   void set_timeout(int timeout) { timeout_ = timeout; }
   int get_timeout() const { return timeout_; }
 
+  bool get_read_big_ints() const { return read_big_ints_; }
+  void set_read_big_ints(bool flag) { read_big_ints_ = flag; }
+
+  bool get_return_arrays() const { return return_arrays_; }
+  void set_return_arrays(bool flag) { return_arrays_ = flag; }
+
+  bool get_allow_bare_named_params() const { return allow_bare_named_params_; }
+  void set_allow_bare_named_params(bool flag) {
+    allow_bare_named_params_ = flag;
+  }
+
+  bool get_allow_unknown_named_params() const {
+    return allow_unknown_named_params_;
+  }
+  void set_allow_unknown_named_params(bool flag) {
+    allow_unknown_named_params_ = flag;
+  }
+
+  bool get_enable_defensive() const { return defensive_; }
+  void set_enable_defensive(bool flag) { defensive_ = flag; }
+
 private:
   std::string location_;
   bool read_only_ = false;
   bool enable_foreign_keys_ = true;
   bool enable_dqs_ = false;
   int timeout_ = 0;
+  bool read_big_ints_ = false;
+  bool return_arrays_ = false;
+  bool allow_bare_named_params_ = true;
+  bool allow_unknown_named_params_ = false;
+  bool defensive_ = false;
 };
 
 // Main database class
@@ -103,6 +129,7 @@ public:
   // Database operations
   Napi::Value Open(const Napi::CallbackInfo &info);
   Napi::Value Close(const Napi::CallbackInfo &info);
+  Napi::Value Dispose(const Napi::CallbackInfo &info);
   Napi::Value Prepare(const Napi::CallbackInfo &info);
   Napi::Value Exec(const Napi::CallbackInfo &info);
 
@@ -125,6 +152,9 @@ public:
   Napi::Value EnableLoadExtension(const Napi::CallbackInfo &info);
   Napi::Value LoadExtension(const Napi::CallbackInfo &info);
 
+  // Defensive mode
+  Napi::Value EnableDefensive(const Napi::CallbackInfo &info);
+
   // Session support
   Napi::Value CreateSession(const Napi::CallbackInfo &info);
   Napi::Value ApplyChangeset(const Napi::CallbackInfo &info);
@@ -132,11 +162,39 @@ public:
   // Backup support
   Napi::Value Backup(const Napi::CallbackInfo &info);
 
+  // Authorization API
+  Napi::Value SetAuthorizer(const Napi::CallbackInfo &info);
+
+  // Static callback for SQLite authorization
+  static int AuthorizerCallback(void *user_data, int action_code,
+                                const char *param1, const char *param2,
+                                const char *param3, const char *param4);
+
   // Session management
   void AddSession(Session *session);
   void RemoveSession(Session *session);
   void DeleteAllSessions();
 
+  // Error handling for user functions
+  void SetIgnoreNextSQLiteError(bool ignore) {
+    ignore_next_sqlite_error_ = ignore;
+  }
+  bool ShouldIgnoreSQLiteError() const { return ignore_next_sqlite_error_; }
+
+  // Deferred exception handling for authorizer callbacks
+  void SetDeferredAuthorizerException(const std::string &message) {
+    deferred_authorizer_exception_ = message;
+  }
+  void ClearDeferredAuthorizerException() {
+    deferred_authorizer_exception_.reset();
+  }
+  bool HasDeferredAuthorizerException() const {
+    return deferred_authorizer_exception_.has_value();
+  }
+  const std::string &GetDeferredAuthorizerException() const {
+    return deferred_authorizer_exception_.value();
+  }
+
 private:
   void InternalOpen(DatabaseOpenConfiguration config);
   void InternalClose();
@@ -150,10 +208,22 @@ private:
   std::set<Session *> sessions_;      // Track all active sessions
   mutable std::mutex sessions_mutex_; // Protect sessions_ for thread safety
   std::thread::id creation_thread_;
-  napi_env env_; // Store for cleanup purposes
+  napi_env env_;                          // Store for cleanup purposes
+  bool ignore_next_sqlite_error_ = false; // For user function error handling
+
+  // Deferred exception from authorizer callback - stored when exception occurs
+  // in callback context, thrown after SQLite operation completes
+  std::optional<std::string> deferred_authorizer_exception_;
+
+  // Authorization callback storage
+  std::unique_ptr<Napi::FunctionReference> authorizer_callback_;
+
+  // Store database-level defaults for statement options
+  DatabaseOpenConfiguration config_;
 
   bool ValidateThread(Napi::Env env) const;
   friend class Session;
+  friend class StatementSync;
 };
 
 // Statement class
@@ -175,15 +245,18 @@ public:
   Napi::Value All(const Napi::CallbackInfo &info);
   Napi::Value Iterate(const Napi::CallbackInfo &info);
   Napi::Value FinalizeStatement(const Napi::CallbackInfo &info);
+  Napi::Value Dispose(const Napi::CallbackInfo &info);
 
   // Properties
   Napi::Value SourceSQLGetter(const Napi::CallbackInfo &info);
   Napi::Value ExpandedSQLGetter(const Napi::CallbackInfo &info);
+  Napi::Value FinalizedGetter(const Napi::CallbackInfo &info);
 
   // Configuration methods
   Napi::Value SetReadBigInts(const Napi::CallbackInfo &info);
   Napi::Value SetReturnArrays(const Napi::CallbackInfo &info);
   Napi::Value SetAllowBareNamedParameters(const Napi::CallbackInfo &info);
+  Napi::Value SetAllowUnknownNamedParameters(const Napi::CallbackInfo &info);
 
   // Metadata methods
   Napi::Value Columns(const Napi::CallbackInfo &info);
@@ -194,7 +267,11 @@ private:
   Napi::Value CreateResult();
   void Reset();
 
-  DatabaseSync *database_;
+  DatabaseSync *database_ = nullptr;
+  // Strong reference to database object to prevent GC while statement exists.
+  // This fixes use-after-free when database is GC'd before its statements.
+  // See: https://github.com/nodejs/node/pull/56840
+  Napi::ObjectReference database_ref_;
   sqlite3_stmt *statement_ = nullptr;
   std::string source_sql_;
   bool finalized_ = false;
@@ -204,6 +281,7 @@ private:
   bool use_big_ints_ = false;
   bool return_arrays_ = false;
   bool allow_bare_named_params_ = false;
+  bool allow_unknown_named_params_ = false;
 
   // Bare named parameters mapping (bare name -> full name with prefix)
   std::optional<std::map<std::string, std::string>> bare_named_params_;
@@ -246,6 +324,7 @@ public:
   Napi::Value Changeset(const Napi::CallbackInfo &info);
   Napi::Value Patchset(const Napi::CallbackInfo &info);
   Napi::Value Close(const Napi::CallbackInfo &info);
+  Napi::Value Dispose(const Napi::CallbackInfo &info);
 
   // Get the underlying SQLite session
   sqlite3_session *GetSession() const { return session_; }
@@ -272,10 +351,9 @@ struct BackupProgress {
 // Backup job for asynchronous database backup
 class BackupJob : public Napi::AsyncProgressWorker<BackupProgress> {
 public:
-  BackupJob(Napi::Env env, DatabaseSync *source,
-            const std::string &destination_path, const std::string &source_db,
-            const std::string &dest_db, int pages, Napi::Function progress_func,
-            Napi::Promise::Deferred deferred);
+  BackupJob(Napi::Env env, DatabaseSync *source, std::string destination_path,
+            std::string source_db, std::string dest_db, int pages,
+            Napi::Function progress_func, Napi::Promise::Deferred deferred);
   ~BackupJob();
 
   void Execute(const ExecutionProgress &progress) override;

package/src/{stack_path.ts → stack-path.ts}

@@ -12,6 +12,10 @@ export function getCallerDirname(): string {
 const patterns =
   process.platform === "win32"
     ? [
+        // File URLs: "at functionName (file:///C:/path/file.js:1:1)"
+        /\bat\s.+?\((?<path>file:\/\/\/.+?):\d+:\d+\)$/,
+        // File URLs direct: "at file:///C:/path/file.js:1:1"
+        /\bat\s(?<path>file:\/\/\/.+?):\d+:\d+$/,
         // Standard: "at functionName (C:\path\file.js:1:1)"
         /\bat\s.+?\((?<path>[A-Z]:\\.+):\d+:\d+\)$/,
         // direct: "at C:\path\file.js:1:1"
@@ -25,7 +29,8 @@ const patterns =
         // Standard: "at functionName (/path/file.js:1:1)"
         /\bat\s.+?\((?<path>\/.+?):\d+:\d+\)$/,
         // Anonymous or direct: "at /path/file.js:1:1"
-        /\bat\s(.+[^/]\s)?(?<path>\/.+?):\d+:\d+$/,
+        // eslint-disable-next-line security/detect-unsafe-regex -- Pattern is safe: no nested quantifiers
+        /\bat\s(?:[^\s()]+\s)?(?<path>\/[^:]+):\d+:\d+$/,
       ];
 
 const MaybeUrlRE = /^[a-z]{2,5}:\/\//i;
@@ -42,6 +47,7 @@ export function extractCallerPath(stack: string): string {
     throw new Error("Invalid stack trace format: missing caller frame");
   }
   for (let i = callerFrame + 1; i < frames.length; i++) {
+    // eslint-disable-next-line security/detect-object-injection -- Index is from controlled for-loop
     const frame = frames[i];
     for (const pattern of patterns) {
       const g = frame?.trim().match(pattern)?.groups;

package/src/types/aggregate-options.ts

@@ -0,0 +1,22 @@
+/**
+ * Configuration options for creating SQLite aggregate functions.
+ * Used with `DatabaseSync.aggregate()` to define custom aggregate operations.
+ */
+export interface AggregateOptions {
+  /** The initial value for the aggregation. */
+  readonly start?: any;
+  /** Function called for each row to update the aggregate state. */
+  readonly step: (accumulator: any, ...args: any[]) => any;
+  /** Optional function for window function support to reverse a step. */
+  readonly inverse?: (accumulator: any, ...args: any[]) => any;
+  /** Optional function to compute the final result from the accumulator. */
+  readonly result?: (accumulator: any) => any;
+  /** If `true`, sets the `SQLITE_DETERMINISTIC` flag. @default false */
+  readonly deterministic?: boolean;
+  /** If `true`, sets the `SQLITE_DIRECTONLY` flag. @default false */
+  readonly directOnly?: boolean;
+  /** If `true`, converts integer arguments to `BigInt`s. @default false */
+  readonly useBigIntArguments?: boolean;
+  /** If `true`, allows function to be invoked with variable arguments. @default false */
+  readonly varargs?: boolean;
+}

package/src/types/changeset-apply-options.ts

@@ -0,0 +1,18 @@
+/**
+ * Configuration options for applying changesets to a database.
+ * Used with `DatabaseSync.applyChangeset()` to handle conflicts and filter tables.
+ */
+export interface ChangesetApplyOptions {
+  /**
+   * Function called when a conflict is detected during changeset application.
+   * @param conflictType The type of conflict (SQLITE_CHANGESET_CONFLICT, etc.)
+   * @returns One of SQLITE_CHANGESET_OMIT, SQLITE_CHANGESET_REPLACE, or SQLITE_CHANGESET_ABORT
+   */
+  readonly onConflict?: (conflictType: number) => number;
+  /**
+   * Function called to filter which tables to apply changes to.
+   * @param tableName The name of the table
+   * @returns true to include the table, false to skip it
+   */
+  readonly filter?: (tableName: string) => boolean;
+}

package/src/types/database-sync-instance.ts

@@ -0,0 +1,203 @@
+import { Session, StatementOptions } from "../index";
+import { AggregateOptions } from "./aggregate-options";
+import { ChangesetApplyOptions } from "./changeset-apply-options";
+import { SessionOptions } from "./session-options";
+import { SQLTagStoreInstance } from "./sql-tag-store-instance";
+import { StatementSyncInstance } from "./statement-sync-instance";
+import { UserFunctionOptions } from "./user-functions-options";
+
+/**
+ * Represents a SQLite database connection.
+ * This interface represents an instance of the DatabaseSync class.
+ */
+
+export interface DatabaseSyncInstance {
+  /** Indicates whether the database connection is open. */
+  readonly isOpen: boolean;
+  /** Indicates whether a transaction is currently active. */
+  readonly isTransaction: boolean;
+
+  /**
+   * Opens a database connection. This method should only be used when the database
+   * was created with { open: false }. An exception is thrown if the database is already open.
+   */
+  open(): void;
+  /**
+   * Closes the database connection. This method should be called to ensure that
+   * the database connection is properly cleaned up. Once a database is closed,
+   * it cannot be used again.
+   */
+  close(): void;
+  /**
+   * Returns the location of the database file. For attached databases, you can specify
+   * the database name. Returns null for in-memory databases.
+   * @param dbName The name of the database. Defaults to 'main' (the primary database).
+   * @returns The file path of the database, or null for in-memory databases.
+   */
+  location(dbName?: string): string | null;
+  /**
+   * Compiles an SQL statement and returns a StatementSyncInstance object.
+   * @param sql The SQL statement to prepare.
+   * @param options Optional configuration for the statement.
+   * @returns A StatementSyncInstance object that can be executed multiple times.
+   */
+  prepare(sql: string, options?: StatementOptions): StatementSyncInstance;
+  /**
+   * This method allows one or more SQL statements to be executed without
+   * returning any results. This is useful for commands like CREATE TABLE,
+   * INSERT, UPDATE, or DELETE.
+   * @param sql The SQL statement(s) to execute.
+   */
+  exec(sql: string): void;
+
+  /**
+   * This method creates SQLite user-defined functions, wrapping sqlite3_create_function_v2().
+   * @param name The name of the SQLite function to create.
+   * @param func The JavaScript function to call when the SQLite function is invoked.
+   */
+  function(name: string, func: Function): void;
+  /**
+   * This method creates SQLite user-defined functions, wrapping sqlite3_create_function_v2().
+   * @param name The name of the SQLite function to create.
+   * @param options Optional configuration settings.
+   * @param func The JavaScript function to call when the SQLite function is invoked.
+   */
+  function(name: string, options: UserFunctionOptions, func: Function): void;
+
+  /**
+   * This method creates SQLite aggregate functions, wrapping sqlite3_create_window_function().
+   * @param name The name of the SQLite aggregate function to create.
+   * @param options Configuration object containing step function and other settings.
+   */
+  aggregate(name: string, options: AggregateOptions): void;
+  /**
+   * Create a new session to record database changes.
+   * @param options Optional configuration for the session.
+   * @returns A Session object for recording changes.
+   */
+  createSession(options?: SessionOptions): Session;
+  /**
+   * Create a new SQLTagStore for cached prepared statements via tagged template syntax.
+   * @param capacity Optional maximum number of statements to cache. @default 1000
+   * @returns A SQLTagStore instance.
+   * @example
+   * ```typescript
+   * const sql = db.createTagStore();
+   * sql.run`INSERT INTO users VALUES (${id}, ${name})`;
+   * const user = sql.get`SELECT * FROM users WHERE id = ${id}`;
+   * ```
+   */
+  createTagStore(capacity?: number): SQLTagStoreInstance;
+  /**
+   * Apply a changeset to the database.
+   * @param changeset The changeset data to apply.
+   * @param options Optional configuration for applying the changeset.
+   * @returns true if successful, false if aborted.
+   */
+  applyChangeset(changeset: Buffer, options?: ChangesetApplyOptions): boolean;
+  /**
+   * Enables or disables the loading of SQLite extensions.
+   * @param enable If true, enables extension loading. If false, disables it.
+   */
+  enableLoadExtension(enable: boolean): void;
+  /**
+   * Loads an SQLite extension from the specified file path.
+   * @param path The path to the extension library.
+   * @param entryPoint Optional entry point function name. If not provided, uses the default entry point.
+   */
+  loadExtension(path: string, entryPoint?: string): void;
+  /**
+   * Enables or disables the defensive flag. When the defensive flag is active,
+   * language features that allow ordinary SQL to deliberately corrupt the
+   * database file are disabled.
+   * @param active Whether to enable or disable the defensive flag.
+   * @see https://sqlite.org/c3ref/c_dbconfig_defensive.html
+   */
+  enableDefensive(active: boolean): void;
+
+  /**
+   * Sets an authorization callback that is invoked before each SQL operation.
+   * The authorizer can allow, deny, or ignore each operation.
+   *
+   * @param callback The authorization callback function, or null to remove the authorizer.
+   *   - actionCode: The action being requested (e.g., SQLITE_SELECT, SQLITE_INSERT)
+   *   - param1: First parameter (varies by action, often table name)
+   *   - param2: Second parameter (varies by action, often column name)
+   *   - param3: Third parameter (usually database name like "main")
+   *   - param4: Fourth parameter (trigger or view name if applicable)
+   *
+   *   The callback must return one of:
+   *   - constants.SQLITE_OK: Allow the operation
+   *   - constants.SQLITE_DENY: Deny the operation and abort the SQL statement
+   *   - constants.SQLITE_IGNORE: Silently ignore/skip the operation
+   *
+   * @example
+   * ```typescript
+   * // Block all DELETE operations
+   * db.setAuthorizer((actionCode, table, column, dbName, trigger) => {
+   *   if (actionCode === constants.SQLITE_DELETE) {
+   *     return constants.SQLITE_DENY;
+   *   }
+   *   return constants.SQLITE_OK;
+   * });
+   *
+   * // Remove the authorizer
+   * db.setAuthorizer(null);
+   * ```
+   *
+   * @see https://sqlite.org/c3ref/set_authorizer.html
+   */
+  setAuthorizer(
+    callback:
+      | ((
+          actionCode: number,
+          param1: string | null,
+          param2: string | null,
+          param3: string | null,
+          param4: string | null,
+        ) => number)
+      | null,
+  ): void;
+
+  /**
+   * Makes a backup of the database. This method abstracts the sqlite3_backup_init(),
+   * sqlite3_backup_step() and sqlite3_backup_finish() functions.
+   *
+   * The backed-up database can be used normally during the backup process. Mutations
+   * coming from the same connection will be reflected in the backup right away.
+   * However, mutations from other connections will cause the backup process to restart.
+   *
+   * @param path The path where the backup will be created. If the file already exists, the contents will be overwritten.
+   * @param options Optional configuration for the backup operation.
+   * @param options.rate Number of pages to be transmitted in each batch of the backup. @default 100
+   * @param options.source Name of the source database. This can be 'main' (the default primary database) or any other database that have been added with ATTACH DATABASE. @default 'main'
+   * @param options.target Name of the target database. This can be 'main' (the default primary database) or any other database that have been added with ATTACH DATABASE. @default 'main'
+   * @param options.progress Callback function that will be called with the number of pages copied and the total number of pages.
+   * @returns A promise that resolves when the backup is completed and rejects if an error occurs.
+   *
+   * @example
+   * // Basic backup
+   * await db.backup('./backup.db');
+   *
+   * @example
+   * // Backup with progress
+   * await db.backup('./backup.db', {
+   *   rate: 10,
+   *   progress: ({ totalPages, remainingPages }) => {
+   *     console.log(`Progress: ${totalPages - remainingPages}/${totalPages}`);
+   *   }
+   * });
+   */
+  backup(
+    path: string | Buffer | URL,
+    options?: {
+      rate?: number;
+      source?: string;
+      target?: string;
+      progress?: (info: { totalPages: number; remainingPages: number }) => void;
+    },
+  ): Promise<number>;
+
+  /** Dispose of the database resources using the explicit resource management protocol. */
+  [Symbol.dispose](): void;
+}

package/src/types/database-sync-options.ts

@@ -0,0 +1,69 @@
+/**
+ * Configuration options for opening a database.
+ * This interface matches Node.js sqlite module's DatabaseSyncOptions.
+ */
+export interface DatabaseSyncOptions {
+  /** Path to the database file. Use ':memory:' for an in-memory database. */
+  readonly location?: string;
+  /** If true, the database is opened in read-only mode. @default false */
+  readonly readOnly?: boolean;
+  /** If true, foreign key constraints are enforced. @default true */
+  readonly enableForeignKeyConstraints?: boolean;
+  /**
+   * If true, double-quoted string literals are allowed.
+   *
+   * If enabled, double quotes can be misinterpreted as identifiers instead of
+   * string literals, leading to confusing errors.
+   *
+   * **The SQLite documentation strongly recommends avoiding double-quoted
+   * strings entirely.**
+ 
+   * @see https://sqlite.org/quirks.html#dblquote
+   * @default false
+   */
+  readonly enableDoubleQuotedStringLiterals?: boolean;
+  /**
+   * Sets the busy timeout in milliseconds.
+   * @default 0
+   */
+  readonly timeout?: number;
+  /** If true, enables loading of SQLite extensions. @default false */
+  readonly allowExtension?: boolean;
+  /**
+   * If true, SQLite integers are returned as JavaScript BigInt values.
+   * If false, integers are returned as JavaScript numbers.
+   * @default false
+   */
+  readonly readBigInts?: boolean;
+  /**
+   * If true, query results are returned as arrays instead of objects.
+   * @default false
+   */
+  readonly returnArrays?: boolean;
+  /**
+   * If true, allows binding named parameters without the prefix character.
+   * For example, allows using 'foo' instead of ':foo' or '$foo'.
+   * @default true
+   */
+  readonly allowBareNamedParameters?: boolean;
+  /**
+   * If true, unknown named parameters are ignored during binding.
+   * If false, an exception is thrown for unknown named parameters.
+   * @default false
+   */
+  readonly allowUnknownNamedParameters?: boolean;
+  /**
+   * If true, enables the defensive flag. When the defensive flag is enabled,
+   * language features that allow ordinary SQL to deliberately corrupt the
+   * database file are disabled. The defensive flag can also be set using
+   * `enableDefensive()`.
+   * @see https://sqlite.org/c3ref/c_dbconfig_defensive.html
+   * @default false
+   */
+  readonly defensive?: boolean;
+  /**
+   * If true, the database is opened immediately. If false, the database is not opened until the first operation.
+   * @default true
+   */
+  readonly open?: boolean;
+}

package/src/types/session-options.ts

@@ -0,0 +1,10 @@
+/**
+ * Configuration options for creating SQLite sessions.
+ * Used with `DatabaseSync.createSession()` to track database changes.
+ */
+export interface SessionOptions {
+  /** The table to track changes for. If omitted, all tables are tracked. */
+  readonly table?: string;
+  /** The database name. @default "main" */
+  readonly db?: string;
+}

package/src/types/sql-tag-store-instance.ts

@@ -0,0 +1,51 @@
+import { DatabaseSyncInstance } from "./database-sync-instance";
+
+/**
+ * SQLTagStore provides cached prepared statements via tagged template syntax.
+ * Statements are cached by their SQL string and reused across invocations.
+ */
+export interface SQLTagStoreInstance {
+  /** Returns the associated database instance. */
+  readonly db: DatabaseSyncInstance;
+  /** Returns the maximum capacity of the statement cache. */
+  readonly capacity: number;
+  /**
+   * Returns the current number of cached statements.
+   */
+  size(): number;
+  /**
+   * Clears all cached statements.
+   */
+  clear(): void;
+  /**
+   * Execute an INSERT, UPDATE, DELETE or other statement that doesn't return rows.
+   * @param strings Template literal strings array.
+   * @param values Values to bind to the placeholders.
+   * @returns An object with `changes` and `lastInsertRowid`.
+   */
+  run(
+    strings: TemplateStringsArray,
+    ...values: unknown[]
+  ): { changes: number; lastInsertRowid: number | bigint };
+  /**
+   * Execute a query and return the first row, or undefined if no rows.
+   * @param strings Template literal strings array.
+   * @param values Values to bind to the placeholders.
+   */
+  get(strings: TemplateStringsArray, ...values: unknown[]): unknown;
+  /**
+   * Execute a query and return all rows as an array.
+   * @param strings Template literal strings array.
+   * @param values Values to bind to the placeholders.
+   */
+  all(strings: TemplateStringsArray, ...values: unknown[]): unknown[];
+  /**
+   * Execute a query and return an iterator over the rows.
+   * @param strings Template literal strings array.
+   * @param values Values to bind to the placeholders.
+   */
+  iterate(
+    strings: TemplateStringsArray,
+    ...values: unknown[]
+  ): IterableIterator<unknown>;
+}

package/src/types/sqlite-authorization-actions.ts

@@ -0,0 +1,77 @@
+/**
+ * Authorization action codes passed to `setAuthorizer()` callbacks.
+ *
+ * These constants are compatible with `node:sqlite`.
+ *
+ * @see https://sqlite.org/c3ref/c_alter_table.html
+ */
+export interface SqliteAuthorizationActions {
+  /** Create a new index. */
+  SQLITE_CREATE_INDEX: number;
+  /** Create a new table. */
+  SQLITE_CREATE_TABLE: number;
+  /** Create a new temporary index. */
+  SQLITE_CREATE_TEMP_INDEX: number;
+  /** Create a new temporary table. */
+  SQLITE_CREATE_TEMP_TABLE: number;
+  /** Create a new temporary trigger. */
+  SQLITE_CREATE_TEMP_TRIGGER: number;
+  /** Create a new temporary view. */
+  SQLITE_CREATE_TEMP_VIEW: number;
+  /** Create a new trigger. */
+  SQLITE_CREATE_TRIGGER: number;
+  /** Create a new view. */
+  SQLITE_CREATE_VIEW: number;
+  /** Delete rows from a table. */
+  SQLITE_DELETE: number;
+  /** Drop an index. */
+  SQLITE_DROP_INDEX: number;
+  /** Drop a table. */
+  SQLITE_DROP_TABLE: number;
+  /** Drop a temporary index. */
+  SQLITE_DROP_TEMP_INDEX: number;
+  /** Drop a temporary table. */
+  SQLITE_DROP_TEMP_TABLE: number;
+  /** Drop a temporary trigger. */
+  SQLITE_DROP_TEMP_TRIGGER: number;
+  /** Drop a temporary view. */
+  SQLITE_DROP_TEMP_VIEW: number;
+  /** Drop a trigger. */
+  SQLITE_DROP_TRIGGER: number;
+  /** Drop a view. */
+  SQLITE_DROP_VIEW: number;
+  /** Insert rows into a table. */
+  SQLITE_INSERT: number;
+  /** Execute a PRAGMA statement. */
+  SQLITE_PRAGMA: number;
+  /** Read a column from a table. */
+  SQLITE_READ: number;
+  /** Execute a SELECT statement. */
+  SQLITE_SELECT: number;
+  /** Begin/commit/rollback a transaction. */
+  SQLITE_TRANSACTION: number;
+  /** Update rows in a table. */
+  SQLITE_UPDATE: number;
+  /** Attach a database. */
+  SQLITE_ATTACH: number;
+  /** Detach a database. */
+  SQLITE_DETACH: number;
+  /** Alter a table. */
+  SQLITE_ALTER_TABLE: number;
+  /** Reindex. */
+  SQLITE_REINDEX: number;
+  /** Analyze a table or index. */
+  SQLITE_ANALYZE: number;
+  /** Create a virtual table. */
+  SQLITE_CREATE_VTABLE: number;
+  /** Drop a virtual table. */
+  SQLITE_DROP_VTABLE: number;
+  /** Call a function. */
+  SQLITE_FUNCTION: number;
+  /** Create/release/rollback a savepoint. */
+  SQLITE_SAVEPOINT: number;
+  /** No longer used (historical). */
+  SQLITE_COPY: number;
+  /** Recursive query. */
+  SQLITE_RECURSIVE: number;
+}

package/src/types/sqlite-authorization-results.ts

@@ -0,0 +1,15 @@
+/**
+ * Authorization callback return values for `setAuthorizer()`.
+ *
+ * These constants are compatible with `node:sqlite`.
+ *
+ * @see https://sqlite.org/c3ref/c_deny.html
+ */
+export interface SqliteAuthorizationResults {
+  /** Allow the operation. */
+  SQLITE_OK: number;
+  /** Deny the operation and abort the SQL statement with an error. */
+  SQLITE_DENY: number;
+  /** Silently ignore/skip the operation (e.g., return NULL for column reads). */
+  SQLITE_IGNORE: number;
+}