CSV Evaluator

A TypeScript library for validating Excel and CSV files before uploading to a server. The library checks file headers against defined criteria and validates data rows for potentially dangerous SQL characters that could cause database injection attacks.

npm: csv-evaluator · GitHub: Repository

Table of Contents

- Features
- Installation
- Quick Start
- Configuration
- Examples
- SQL Injection Detection
- Advanced Usage
- Browser Compatibility
- Development
- License
- Contributing
- Support

Features

- ✅ Multi-format Support: Handles CSV, XLSX, XLS, and XLSM files
- ✅ Header Validation: Validates file headers against expected criteria with configurable options
- ✅ SQL Injection Protection: Detects potentially dangerous characters and patterns in data cells
- ✅ Detailed Error Reporting: Returns specific column, line number, and reason for each validation failure
- ✅ Browser Compatible: Works with browser File objects from file input elements
- ✅ TypeScript Support: Fully typed for excellent developer experience

Installation

``bash
npm install csv-evaluator
`

Quick Start

$3

`typescript
import { validateFile } from 'csv-evaluator';
import { ValidationConfig } from 'csv-evaluator';

// Define your validation configuration
const config: ValidationConfig = {
headers: {
expectedHeaders: ['Name', 'Email', 'Age'],
strictOrder: false, // Headers must be in exact order
caseInsensitive: false, // Case-sensitive header matching
},
validateSqlInjection: true, // Check for SQL injection risks
};

// Get file from file input
const fileInput = document.querySelector('input[type="file"]') as HTMLInputElement;
const file = fileInput.files?.[0];

if (file) {
const result = await validateFile(file, config);

if (result.success) {
console.log('✅', result.message);
// File is valid, proceed with upload
} else {
console.error('❌', result.message);
// Handle validation failures
result.failures.forEach(failure => {
console.error(Column: ${failure.column}, Line: ${failure.line});
console.error(Reason: ${failure.reason});
});
}
}
`

$3

`html

`

Configuration

$3

`typescript
interface ValidationConfig {
headers: HeaderConfig;
validateSqlInjection?: boolean; // Default: true
encoding?: EncodingConfig; // Optional: restrict allowed character encodings
}
`

$3

`typescript
interface HeaderConfig {
expectedHeaders: string[]; // Required: Array of expected header names
strictOrder?: boolean; // Default: true - Headers must match order exactly
caseInsensitive?: boolean; // Default: false - Case-sensitive matching
columnSchemas?: ColumnSchemas; // Optional: type and nullability per column
}
`

$3

Restrict which character encodings are allowed (e.g. UTF8, LATIN1, ASCII, UTF16, WINDOWS1252):

`typescript
encoding: {
allowedEncodings: ['UTF8', 'LATIN1']
}
`

$3

Enforce column types and nullability. Keys must be header names from expectedHeaders:

`typescript
columnSchemas: {
'Age': { type: 'number', allowNull: false },
'Name': { type: 'string', allowNull: false }
}
`

$3

The library returns a ValidationResult type:

`typescript
// Success case
{
success: true;
message: string;
}

// Failure case
{
success: false;
message: string;
failures: ValidationFailure[];
}
`

$3

`typescript
interface ValidationFailure {
column: number | string; // Column index or name
line: number; // 1-based line number (1 = header row)
reason: string; // Description of the failure
}
`

Examples

$3

`typescript
const config: ValidationConfig = {
headers: {
expectedHeaders: ['ID', 'Name', 'Email'],
strictOrder: true, // Headers must be in this exact order
},
};
`

$3

`typescript
const config: ValidationConfig = {
headers: {
expectedHeaders: ['ID', 'Name', 'Email'],
strictOrder: false, // Headers can be in any order, but all must be present
},
};
`

$3

`typescript
const config: ValidationConfig = {
headers: {
expectedHeaders: ['name', 'email'],
caseInsensitive: true, // Will match "Name", "NAME", "name", etc.
},
};
`

$3

`typescript
const config: ValidationConfig = {
headers: {
expectedHeaders: ['Name', 'Email'],
},
validateSqlInjection: false, // Skip SQL injection validation
};
`

SQL Injection Detection

The library detects the following potentially dangerous patterns:

- SQL statement terminators (;)
- SQL comments (--, / /)
- SQL string delimiters (', ")
- Escape characters (\)
- Null bytes and control characters
- Common SQL keywords (SELECT, INSERT, UPDATE, DELETE, DROP, UNION, etc.)
- Extended stored procedures (xp_, sp_)
- EXEC/EXECUTE statements

Advanced Usage

$3

If you just need to parse a file into a multidimensional array:

`typescript
import { parseFile } from 'csv-evaluator';

const file = / ... your file ... /;
const data = await parseFile(file);
// data is string[][], where data[0] is headers
`

Browser Compatibility

This library uses modern JavaScript features and requires:

- Browsers with ES2020 support
- File API support
- For Excel files: FileReader API support

For older browsers, you may need to use a bundler with polyfills.

Development

To build and run the project locally:

`bash

Install dependencies

npm install

Build the library

npm run build

Serve for local testing

npm run serve
``

Then open a browser at http://localhost:3000 to access the test index.

License

MIT

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Support

If you encounter any issues or have questions, please open an issue on GitHub.