sequelize-sql-tag
A template tag for writing elegant parameterized SQL queries based on ES2015 tagged template literals using sequelize.
Status
Installation
Install the package via npm
:
npm install --save sequelize-sql-tag
Compatibility
Due to the constant changes in sequelize
, the usage of this module varies significantly.
Since versions >=3.14.0
sequelize supports parameterized queries, i.e., queries that can be sent to the server separately from the arguments, which is a recommended form of protection against SQL injections. This requires installing sequelize-sql-tag@2.0.0 only as exemplified below.
From versions >=2.0.4 <3.14.0
, sequelize only supports text queries, i.e., queries that are sent to the server in plain text and escaped by the client (or framework). Version sql-tag@0.0.1 outputs a format that is directly compatible with sequelize without requiring any additional patching.
For versions >=1.7.0 <2.0.4
, in addition to sql-tag@0.0.1
, a patch is required to make sequelize understand text queries as output by sql-tag
. This patch was made available on an earlier version of this module (sequelize-sql-tag@1.0.0).
Usage
const Sequelize = ;const sql = ;const sequelize = 'sqlite' 'sqlite' 'sqlite' dialect: 'sqlite' logging: false ; sequelize;// => [ [ { foo: 2 } ], Statement { sql: 'SELECT $1 as foo' } ]
Tests
npm test
Release
npm version [<newversion> | major | minor | patch] -m "Release %s"
License
MIT