@truto/sqlite-builder 2.0.2-canary.22 → 2.0.2-canary.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +21 -21
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -1,28 +1,28 @@
1
- ],
2
- }
3
- ```
1
+ - **Length Limits**: Queries exceeding 100KB are rejected; `compileFilter()` enforces the same cap on its output
2
+ - **Pattern Limits**: `like`/`ilike`/`regex` patterns are capped at 1024 characters to bound matching cost at the SQLite layer
3
+ - **Filter Security**: JSON filters validate operators, identifiers, and enforce limits
4
4
 
5
- ### Integration with SQL Template
5
+ ### What's Your Responsibility
6
6
 
7
- ```typescript
8
- import { sql, compileFilter } from '@truto/sqlite-builder'
7
+ - **Never use `sql.raw()` with user input**
8
+ - **Validate identifiers before using `sql.ident()`** (though it has built-in validation)
9
+ - **Use `sql.in()` instead of string concatenation** for arrays
10
+ - **Keep your SQLite driver updated**
11
+ - **Load REGEXP extension safely** if using regex filters
9
12
 
10
- // Build the WHERE clause
11
- const filter = {
12
- status: 'ACTIVE',
13
- age: { gte: 18 },
14
- role: { in: ['USER', 'ADMIN'] },
15
- }
13
+ ### Supported Value Types
16
14
 
17
- // Use in complete query — the filter fragment and the LIMIT value are
18
- // collected in order, so query.values lines up with the placeholders.
15
+ ```typescript
16
+ // Safe types (automatically parameterized)
19
17
  const query = sql`
20
- SELECT id, name, email, created_at
21
- FROM users
22
- WHERE ${compileFilter(filter)}
23
- ORDER BY created_at DESC
24
- LIMIT ${limit}
18
+ INSERT INTO users (name, age, active, created_at, data, deleted_at)
19
+ VALUES (
20
+ ${'John'}, // string
21
+ ${30}, // number
22
+ ${true}, // boolean
23
+ ${new Date()}, // Date → 'YYYY-MM-DD HH:MM:SS'
24
+ ${null}, // null
25
+ ${undefined} // undefined → null
26
+ )
25
27
  `
26
28
 
27
- // Execute with driver
28
- const results = db.prepare(query.text).all(...query.values)
package/package.json CHANGED
@@ -1 +1 @@
1
- {"name":"@truto/sqlite-builder","version":"2.0.2-canary.22","description":"debug canary","license":"MIT","main":"index.js"}
1
+ {"name":"@truto/sqlite-builder","version":"2.0.2-canary.25","description":"debug canary","license":"MIT","main":"index.js"}