@truto/sqlite-builder 2.0.2-canary.24 → 2.0.2-canary.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +22 -22
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -1,28 +1,28 @@
1
- To use the `regex` operator, you need to load a REGEXP extension in SQLite:
2
-
3
- ```typescript
4
- // With better-sqlite3
5
- import sqlite3 from 'better-sqlite3'
1
+ // Unsafe types (will throw TypeError)
2
+ sql`SELECT * FROM users WHERE data = ${Buffer.from('test')}` // Use sql.raw() for buffers
3
+ sql`SELECT * FROM users WHERE id = ${Symbol('test')}` // Unsupported type
4
+ ```
6
5
 
7
- const db = new sqlite3('database.db')
6
+ ## 📋 Examples
8
7
 
9
- // Load REGEXP extension (varies by implementation)
10
- // This is implementation-specific - check your SQLite setup
11
- db.loadExtension('regexp') // Example - actual method may vary
8
+ ### Basic CRUD Operations
12
9
 
13
- // Now regex filters work
14
- const filter = {
15
- email: { regex: '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$' },
16
- }
17
- ```
10
+ ```typescript
11
+ import { sql } from '@truto/sqlite-builder'
18
12
 
19
- ## 🛡️ Security Model
13
+ // CREATE with array identifiers
14
+ const insertColumns = ['name', 'email', 'age']
15
+ const insertUser = sql`
16
+ INSERT INTO users (${sql.ident(insertColumns)})
17
+ VALUES (${name}, ${email}, ${age})
18
+ `
20
19
 
21
- ### What's Protected
20
+ // READ with specific columns
21
+ const selectColumns = ['id', 'name', 'email', 'created_at']
22
+ const getUser = sql`
23
+ SELECT ${sql.ident(selectColumns)} FROM users
24
+ WHERE id = ${userId}
25
+ `
22
26
 
23
- - **SQL Injection**: All interpolated values are parameterized
24
- - **Unforgeable fragments**: Only fragments created by this library can contribute raw SQL text. A plain `{ text, values }` object (e.g. from `JSON.parse` or a request body) is treated as a value, never as SQL, closing the structural duck-typing bypass
25
- - **Placeholder integrity**: The `sql` tag rejects any query whose `?` count does not match its bound-value count, catching raw fragments that smuggle or drop placeholders
26
- - **Safe `sql.join()` separators**: String separators are validated so they cannot introduce string literals, comments, statement terminators, or unbalanced parentheses; use a `SqlFragment` separator to parameterize the connector itself
27
- - **Stacked Queries**: Queries containing `;` followed by additional SQL are rejected (detection ignores semicolons inside string literals and comments)
28
- - **Identifier Safety**: `sql.ident()` validates against ANSI identifier rules and caps each part at 255 characters
27
+ // UPDATE
28
+ const updateUser = sql`
package/package.json CHANGED
@@ -1 +1 @@
1
- {"name":"@truto/sqlite-builder","version":"2.0.2-canary.24","description":"debug canary","license":"MIT","main":"index.js"}
1
+ {"name":"@truto/sqlite-builder","version":"2.0.2-canary.26","description":"debug canary","license":"MIT","main":"index.js"}