@photostructure/sqlite 0.2.0 → 0.2.1

package/CHANGELOG.md

@@ -2,28 +2,30 @@
 
 All notable changes to this project will be documented in this file.
 
-## [0.2.0] (unreleased)
+## [0.2.1] (2025-12-01)
 
 ### Added
 
-- **Node.js v25 API sync**: SQLite 3.51.1, native `Symbol.dispose` in C++, Session class exposed in public API
+- Windows ARM64 prebuilt binaries
 
-- **New database open options**: `readBigInts`, `returnArrays`, `allowBareNamedParameters`, `allowUnknownNamedParameters`, `defensive`, `open`
+### Fixed
 
-- **Defensive mode**: `enableDefensive()` method to prevent SQL from deliberately corrupting the database
+- Error message handling on Windows ARM64 (ABI compatibility)
+- Error handling consistency across platforms
 
-- **Statement enhancements**: `setAllowUnknownNamedParameters()` method, `finalized` property
+## [0.2.0] (2025-12-01)
 
-- **Type identification**: `sqlite-type` symbol property on DatabaseSync (Node.js PR #59405)
+### Added
 
+- **Node.js v25 API sync**: SQLite 3.51.1, native `Symbol.dispose` in C++, Session class exposed in public API
+- **New database open options**: `readBigInts`, `returnArrays`, `allowBareNamedParameters`, `allowUnknownNamedParameters`, `defensive`, `open`
+- **Defensive mode**: `enableDefensive()` method to prevent SQL from deliberately corrupting the database
+- **Statement enhancements**: `setAllowUnknownNamedParameters()` method, `finalized` property
+- **Type identification**: `sqlite-type` symbol property on DatabaseSync (Node.js PR #59405)
 - **Enhanced SQLite errors**: New properties `sqliteCode`, `sqliteExtendedCode`, `code`, `sqliteErrorString`, `systemErrno`
-
 - **ARM64 prebuilds**: macOS Apple Silicon and Windows ARM64 binaries
-
 - **Tagged template literals**: `db.createTagStore()` for cached prepared statements (Node.js PR #58748)
-
 - **Authorization API**: `db.setAuthorizer()` for security callbacks (Node.js PR #59928)
-
 - **Standalone backup**: `backup(srcDb, destFile, options?)` for one-liner database backups with progress callbacks
 
 ### Fixed

package/README.md

@@ -1,5 +1,8 @@
 # @photostructure/sqlite
 
+[![npm version](https://img.shields.io/npm/v/@photostructure/sqlite.svg)](https://www.npmjs.com/package/@photostructure/sqlite)
+[![CI](https://github.com/photostructure/node-sqlite/actions/workflows/build.yml/badge.svg)](https://github.com/photostructure/node-sqlite/actions/workflows/build.yml)
+
 Native SQLite for Node.js 20+ without the experimental flag. Drop-in replacement for `node:sqlite`. Updated to Node.js v25 for latest features and native Symbol.dispose resource management.
 
 ## Installation

package/SECURITY.md

@@ -9,6 +9,7 @@ Security updates are provided for the latest released version only.
 **Do not report security vulnerabilities through public GitHub issues.**
 
 Report via:
+
 - Email: security@photostructure.com
 - GitHub's private vulnerability reporting
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@photostructure/sqlite",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Drop-in replacement for node:sqlite",
   "homepage": "https://photostructure.github.io/node-sqlite/",
   "types": "./dist/index.d.ts",

package/src/shims/node_errors.h

@@ -34,7 +34,9 @@ inline void THROW_ERR_INVALID_ARG_VALUE(Napi::Env env,
 
 inline void THROW_ERR_SQLITE_ERROR(Napi::Env env,
                                    const char *message = nullptr) {
-  const char *msg = message ? message : "SQLite error";
+  // Check for both null and empty string - on Windows (MSVC),
+  // std::exception::what() can sometimes return an empty string
+  const char *msg = (message && message[0] != '\0') ? message : "SQLite error";
   Napi::Error::New(env, msg).ThrowAsJavaScriptException();
 }
 

package/src/shims/sqlite_errors.h

@@ -84,7 +84,10 @@ inline const char *GetSqliteErrorCodeName(int code) {
 inline void ThrowEnhancedSqliteError(Napi::Env env, sqlite3 *db,
                                      int sqlite_code,
                                      const std::string &message) {
-  Napi::Error error = Napi::Error::New(env, message);
+  // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
+  // where passing std::string directly to Napi::Error::New can result in
+  // truncated or corrupted error messages
+  Napi::Error error = Napi::Error::New(env, message.c_str());
 
   // Add SQLite error code information
   error.Set("sqliteCode", Napi::Number::New(env, sqlite_code));
@@ -127,7 +130,8 @@ inline void ThrowSqliteError(Napi::Env env, sqlite3 *db,
     ThrowEnhancedSqliteError(env, db, errcode, message);
   } else {
     // Fallback to simple error when no db handle available
-    Napi::Error::New(env, message).ThrowAsJavaScriptException();
+    // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
+    Napi::Error::New(env, message.c_str()).ThrowAsJavaScriptException();
   }
 }
 
@@ -150,8 +154,10 @@ ThrowFromSqliteException(Napi::Env env,
   error.Set("code", Napi::String::New(env, code_name));
 
   // Also set the human-readable error string
+  // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
   if (!ex.error_string().empty()) {
-    error.Set("sqliteErrorString", Napi::String::New(env, ex.error_string()));
+    error.Set("sqliteErrorString",
+              Napi::String::New(env, ex.error_string().c_str()));
   }
 
   error.ThrowAsJavaScriptException();

package/src/sqlite_impl.cpp

@@ -22,7 +22,8 @@ inline void ThrowErrSqliteErrorWithDb(Napi::Env env,
     if (db->HasDeferredAuthorizerException()) {
       std::string deferred_msg = db->GetDeferredAuthorizerException();
       db->ClearDeferredAuthorizerException();
-      Napi::Error::New(env, deferred_msg).ThrowAsJavaScriptException();
+      // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
+      Napi::Error::New(env, deferred_msg.c_str()).ThrowAsJavaScriptException();
     }
     return; // Don't throw SQLite error, JavaScript exception takes precedence
   }
@@ -42,7 +43,8 @@ inline void ThrowEnhancedSqliteErrorWithDB(
     if (db_sync->HasDeferredAuthorizerException()) {
       std::string deferred_msg = db_sync->GetDeferredAuthorizerException();
       db_sync->ClearDeferredAuthorizerException();
-      Napi::Error::New(env, deferred_msg).ThrowAsJavaScriptException();
+      // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
+      Napi::Error::New(env, deferred_msg.c_str()).ThrowAsJavaScriptException();
     }
     return; // Don't throw SQLite error, JavaScript exception takes precedence
   }
@@ -576,6 +578,19 @@ Napi::Value DatabaseSync::Prepare(const Napi::CallbackInfo &info) {
     stmt->InitStatement(this, sql);
 
     return stmt_obj;
+  } catch (const SqliteException &e) {
+    // SqliteException stores message in std::string, avoiding Windows ARM ABI
+    // issues where std::exception::what() can return corrupted strings
+    if (HasDeferredAuthorizerException()) {
+      std::string deferred_msg = GetDeferredAuthorizerException();
+      ClearDeferredAuthorizerException();
+      SetIgnoreNextSQLiteError(false);
+      // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
+      Napi::Error::New(env, deferred_msg.c_str()).ThrowAsJavaScriptException();
+      return env.Undefined();
+    }
+    node::ThrowFromSqliteException(env, e);
+    return env.Undefined();
   } catch (const std::exception &e) {
     // Handle deferred authorizer exceptions:
     //
@@ -586,14 +601,17 @@ Napi::Value DatabaseSync::Prepare(const Napi::CallbackInfo &info) {
     //    empty string, causing message loss.
     //
     // 2. By storing the message in the DatabaseSync instance, we can retrieve
-    //    it here and throw a proper JavaScript exception with the original text.
+    //    it here and throw a proper JavaScript exception with the original
+    //    text.
     //
-    // See also: StatementSync::InitStatement for the other half of this pattern.
+    // See also: StatementSync::InitStatement for the other half of this
+    // pattern.
     if (HasDeferredAuthorizerException()) {
       std::string deferred_msg = GetDeferredAuthorizerException();
       ClearDeferredAuthorizerException();
       SetIgnoreNextSQLiteError(false);
-      Napi::Error::New(env, deferred_msg).ThrowAsJavaScriptException();
+      // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
+      Napi::Error::New(env, deferred_msg.c_str()).ThrowAsJavaScriptException();
       return env.Undefined();
     }
     node::THROW_ERR_SQLITE_ERROR(env, e.what());
@@ -636,7 +654,8 @@ Napi::Value DatabaseSync::Exec(const Napi::CallbackInfo &info) {
       std::string deferred_msg = GetDeferredAuthorizerException();
       ClearDeferredAuthorizerException();
       SetIgnoreNextSQLiteError(false);
-      Napi::Error::New(env, deferred_msg).ThrowAsJavaScriptException();
+      // Use c_str() explicitly to avoid potential ABI issues on Windows ARM
+      Napi::Error::New(env, deferred_msg.c_str()).ThrowAsJavaScriptException();
       return env.Undefined();
     }
     std::string error = error_msg ? error_msg : "Unknown SQLite error";
@@ -1495,7 +1514,8 @@ void StatementSync::InitStatement(DatabaseSync *database,
     //    empty string, causing message loss.
     //
     // 2. By storing the message in the DatabaseSync instance, the caller can
-    //    retrieve it and throw a proper JavaScript exception with the original text.
+    //    retrieve it and throw a proper JavaScript exception with the original
+    //    text.
     //
     // 3. This matches Node.js's behavior where JavaScript exceptions from
     //    authorizer callbacks propagate correctly to the caller.
@@ -1504,8 +1524,11 @@ void StatementSync::InitStatement(DatabaseSync *database,
       // object and will be retrieved by the caller.
       throw std::runtime_error("");
     }
-    std::string error = sqlite3_errmsg(database->connection());
-    throw std::runtime_error("Failed to prepare statement: " + error);
+    std::string error = "Failed to prepare statement: ";
+    error += sqlite3_errmsg(database->connection());
+    // Use SqliteException to capture error info - avoids Windows ARM ABI issues
+    // with std::runtime_error::what() returning corrupted strings
+    throw SqliteException(database->connection(), result, error);
   }
 }