From b4939797d31f4ee32036a73f1bf85c2778113f61 Mon Sep 17 00:00:00 2001
From: Bart Louwers <bart@emeel.net>
Date: Sun, 12 Oct 2025 00:13:04 +0200
Subject: [PATCH 1/6] sqlite: allow setting defensive flag

---
 doc/api/sqlite.md                   | 18 +++++++++++
 src/env_properties.h                |  1 +
 src/node_sqlite.cc                  | 45 +++++++++++++++++++++++++++
 src/node_sqlite.h                   |  6 ++++
 test/parallel/test-sqlite-config.js | 47 +++++++++++++++++++++++++++++
 5 files changed, 117 insertions(+)
 create mode 100644 test/parallel/test-sqlite-config.js

diff --git a/doc/api/sqlite.md b/doc/api/sqlite.md
index f5926d65fc686a..189a52446f243c 100644
--- a/doc/api/sqlite.md
+++ b/doc/api/sqlite.md
@@ -140,6 +140,10 @@ changes:
     character (e.g., `foo` instead of `:foo`). **Default:** `true`.
   * `allowUnknownNamedParameters` {boolean} If `true`, unknown named parameters are ignored when binding.
     If `false`, an exception is thrown for unknown named parameters. **Default:** `false`.
+  * `defensive` {boolean} If `true`, enables the defensive flag. When the defensive flag is enabled,
+    language features that allow ordinary SQL to deliberately corrupt the database file are disabled.
+    The defensive flag can also be set using `enableDefensive()`.
+    **Default:** `false`.
 
 Constructs a new `DatabaseSync` instance.
 
@@ -261,6 +265,19 @@ Enables or disables the `loadExtension` SQL function, and the `loadExtension()`
 method. When `allowExtension` is `false` when constructing, you cannot enable
 loading extensions for security reasons.
 
+### `database.enableDefensive(active)`
+
+<!-- YAML
+added:
+  - REPLACEME
+-->
+
+* `active` {boolean} Whether to set the defensive flag.
+
+Enables or disables the defensive flag. When the defensive flag is active,
+language features that allow ordinary SQL to deliberately corrupt the database file are disabled.
+See [`SQLITE_DBCONFIG_DEFENSIVE`][] in the SQLite documentation for details.
+
 ### `database.location([dbName])`
 
 <!-- YAML
@@ -1306,6 +1323,7 @@ callback function to indicate what type of operation is being authorized.
 [Type conversion between JavaScript and SQLite]: #type-conversion-between-javascript-and-sqlite
 [`ATTACH DATABASE`]: https://www.sqlite.org/lang_attach.html
 [`PRAGMA foreign_keys`]: https://www.sqlite.org/pragma.html#pragma_foreign_keys
+[`SQLITE_DBCONFIG_DEFENSIVE`]: https://www.sqlite.org/c3ref/c_dbconfig_defensive.html#sqlitedbconfigdefensive
 [`SQLITE_DETERMINISTIC`]: https://www.sqlite.org/c3ref/c_deterministic.html
 [`SQLITE_DIRECTONLY`]: https://www.sqlite.org/c3ref/c_deterministic.html
 [`SQLITE_MAX_FUNCTION_ARG`]: https://www.sqlite.org/limits.html#max_function_arg
diff --git a/src/env_properties.h b/src/env_properties.h
index 5c5271e344da2b..114f23c9860dcf 100644
--- a/src/env_properties.h
+++ b/src/env_properties.h
@@ -130,6 +130,7 @@
   V(cwd_string, "cwd")                                                         \
   V(data_string, "data")                                                       \
   V(default_is_true_string, "defaultIsTrue")                                   \
+  V(defensive_string, "defensive")                                             \
   V(deserialize_info_string, "deserializeInfo")                                \
   V(dest_string, "dest")                                                       \
   V(destroyed_string, "destroyed")                                             \
diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc
index cf9ce6686cffca..3007a892554e02 100644
--- a/src/node_sqlite.cc
+++ b/src/node_sqlite.cc
@@ -753,6 +753,14 @@ bool DatabaseSync::Open() {
   CHECK_ERROR_OR_THROW(env()->isolate(), this, r, SQLITE_OK, false);
   CHECK_EQ(foreign_keys_enabled, open_config_.get_enable_foreign_keys());
 
+  int defensive_enabled;
+  r = sqlite3_db_config(connection_,
+                        SQLITE_DBCONFIG_DEFENSIVE,
+                        static_cast<int>(open_config_.get_enable_defensive()),
+                        &defensive_enabled);
+  CHECK_ERROR_OR_THROW(env()->isolate(), this, r, SQLITE_OK, false);
+  CHECK_EQ(defensive_enabled, open_config_.get_enable_defensive());
+
   sqlite3_busy_timeout(connection_, open_config_.get_timeout());
 
   if (allow_load_extension_) {
@@ -1065,6 +1073,21 @@ void DatabaseSync::New(const FunctionCallbackInfo<Value>& args) {
             allow_unknown_named_params_v.As<Boolean>()->Value());
       }
     }
+
+    Local<Value> defensive_v;
+    if (!options->Get(env->context(), env->defensive_string())
+             .ToLocal(&defensive_v)) {
+      return;
+    }
+    if (!defensive_v->IsUndefined()) {
+      if (!defensive_v->IsBoolean()) {
+        THROW_ERR_INVALID_ARG_TYPE(
+            env->isolate(),
+            "The \"options.defensive\" argument must be a boolean.");
+        return;
+      }
+      open_config.set_enable_defensive(defensive_v.As<Boolean>()->Value());
+    }
   }
 
   new DatabaseSync(
@@ -1837,6 +1860,26 @@ void DatabaseSync::EnableLoadExtension(
   CHECK_ERROR_OR_THROW(isolate, db, load_extension_ret, SQLITE_OK, void());
 }
 
+void DatabaseSync::EnableDefensive(const FunctionCallbackInfo<Value>& args) {
+  DatabaseSync* db;
+  ASSIGN_OR_RETURN_UNWRAP(&db, args.This());
+  Environment* env = Environment::GetCurrent(args);
+  THROW_AND_RETURN_ON_BAD_STATE(env, !db->IsOpen(), "database is not open");
+
+  auto isolate = args.GetIsolate();
+  if (!args[0]->IsBoolean()) {
+    THROW_ERR_INVALID_ARG_TYPE(isolate,
+                               "The \"active\" argument must be a boolean.");
+    return;
+  }
+
+  const int enable = args[0].As<Boolean>()->Value();
+  int defensive_enabled;
+  const int defensive_ret = sqlite3_db_config(
+      db->connection_, SQLITE_DBCONFIG_DEFENSIVE, enable, &defensive_enabled);
+  CHECK_ERROR_OR_THROW(isolate, db, defensive_ret, SQLITE_OK, void());
+}
+
 void DatabaseSync::LoadExtension(const FunctionCallbackInfo<Value>& args) {
   DatabaseSync* db;
   ASSIGN_OR_RETURN_UNWRAP(&db, args.This());
@@ -3318,6 +3361,8 @@ static void Initialize(Local<Object> target,
                  db_tmpl,
                  "enableLoadExtension",
                  DatabaseSync::EnableLoadExtension);
+  SetProtoMethod(
+      isolate, db_tmpl, "enableDefensive", DatabaseSync::EnableDefensive);
   SetProtoMethod(
       isolate, db_tmpl, "loadExtension", DatabaseSync::LoadExtension);
   SetProtoMethod(
diff --git a/src/node_sqlite.h b/src/node_sqlite.h
index 862c73bf1cdb46..8f0f9f15d621d5 100644
--- a/src/node_sqlite.h
+++ b/src/node_sqlite.h
@@ -65,6 +65,10 @@ class DatabaseOpenConfiguration {
     return allow_unknown_named_params_;
   }
 
+  inline void set_enable_defensive(bool flag) { defensive_ = flag; }
+
+  inline bool get_enable_defensive() const { return defensive_; }
+
  private:
   std::string location_;
   bool read_only_ = false;
@@ -75,6 +79,7 @@ class DatabaseOpenConfiguration {
   bool return_arrays_ = false;
   bool allow_bare_named_params_ = true;
   bool allow_unknown_named_params_ = false;
+  bool defensive_ = false;
 };
 
 class DatabaseSync;
@@ -140,6 +145,7 @@ class DatabaseSync : public BaseObject {
   static void ApplyChangeset(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void EnableLoadExtension(
       const v8::FunctionCallbackInfo<v8::Value>& args);
+  static void EnableDefensive(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void LoadExtension(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void SetAuthorizer(const v8::FunctionCallbackInfo<v8::Value>& args);
   static int AuthorizerCallback(void* user_data,
diff --git a/test/parallel/test-sqlite-config.js b/test/parallel/test-sqlite-config.js
new file mode 100644
index 00000000000000..5f3484f1b141ba
--- /dev/null
+++ b/test/parallel/test-sqlite-config.js
@@ -0,0 +1,47 @@
+'use strict';
+const { skipIfSQLiteMissing } = require('../common/index.mjs');
+const { test } = require('node:test');
+const assert = require('node:assert');
+const { DatabaseSync } = require('node:sqlite');
+skipIfSQLiteMissing();
+
+function checkDefensiveMode(db) {
+  function journalMode() {
+    return db.prepare('PRAGMA journal_mode').get().journal_mode;
+  }
+
+  assert.strictEqual(journalMode(), 'memory');
+  db.exec('PRAGMA journal_mode=OFF');
+
+  switch (journalMode()) {
+    case 'memory': return true; // journal_mode unchanged, defensive mode must be active
+    case 'off': return false;  // journal_mode now 'off', so defensive mode not active
+    default: throw new Error('unexpected journal_mode');
+  }
+}
+
+test('by default, defensive mode is off', (t) => {
+  const db = new DatabaseSync(':memory:');
+  t.assert.strictEqual(checkDefensiveMode(db), false);
+});
+
+test('when passing { defensive: true } as config, defensive mode is on', (t) => {
+  const db = new DatabaseSync(':memory:', {
+    defensive: true
+  });
+  t.assert.strictEqual(checkDefensiveMode(db), true);
+});
+
+test('defensive mode on after calling db.enableDefensive(true)', (t) => {
+  const db = new DatabaseSync(':memory:');
+  db.enableDefensive(true);
+  t.assert.strictEqual(checkDefensiveMode(db), true);
+});
+
+test('defensive mode should be off after calling db.enableDefensive(false)', (t) => {
+  const db = new DatabaseSync(':memory:', {
+    defensive: true
+  });
+  db.enableDefensive(false);
+  t.assert.strictEqual(checkDefensiveMode(db), false);
+});

From bafeb0af2535d3da76be27a230b36c24d2268ac4 Mon Sep 17 00:00:00 2001
From: Bart Louwers <bart@emeel.net>
Date: Sun, 12 Oct 2025 00:41:50 +0200
Subject: [PATCH 2/6] test: add test for wrong argument type

---
 test/parallel/test-sqlite-config.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/test/parallel/test-sqlite-config.js b/test/parallel/test-sqlite-config.js
index 5f3484f1b141ba..13916f7407ed48 100644
--- a/test/parallel/test-sqlite-config.js
+++ b/test/parallel/test-sqlite-config.js
@@ -45,3 +45,12 @@ test('defensive mode should be off after calling db.enableDefensive(false)', (t)
   db.enableDefensive(false);
   t.assert.strictEqual(checkDefensiveMode(db), false);
 });
+
+test('throws if options.defensive is provided but is not a boolean', (t) => {
+  t.assert.throws(() => {
+    new DatabaseSync(':memory:', { defensive: 42 });
+  }, {
+    code: 'ERR_INVALID_ARG_TYPE',
+    message: 'The "options.defensive" argument must be a boolean.',
+  });
+});

From a1ea22de0c380caeb4ec373732eaf961b156063b Mon Sep 17 00:00:00 2001
From: Bart Louwers <bart@emeel.net>
Date: Sun, 12 Oct 2025 01:12:28 +0200
Subject: [PATCH 3/6] sqlite: enable defensive mode by default

---
 src/node_sqlite.h                   |  2 +-
 test/parallel/test-sqlite-config.js | 24 ++++++++++++------------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/node_sqlite.h b/src/node_sqlite.h
index 8f0f9f15d621d5..9f7be0f2b9ef95 100644
--- a/src/node_sqlite.h
+++ b/src/node_sqlite.h
@@ -79,7 +79,7 @@ class DatabaseOpenConfiguration {
   bool return_arrays_ = false;
   bool allow_bare_named_params_ = true;
   bool allow_unknown_named_params_ = false;
-  bool defensive_ = false;
+  bool defensive_ = true;
 };
 
 class DatabaseSync;
diff --git a/test/parallel/test-sqlite-config.js b/test/parallel/test-sqlite-config.js
index 13916f7407ed48..ec2463ae60fb28 100644
--- a/test/parallel/test-sqlite-config.js
+++ b/test/parallel/test-sqlite-config.js
@@ -20,30 +20,30 @@ function checkDefensiveMode(db) {
   }
 }
 
-test('by default, defensive mode is off', (t) => {
+test('by default, defensive mode is on', (t) => {
   const db = new DatabaseSync(':memory:');
-  t.assert.strictEqual(checkDefensiveMode(db), false);
+  t.assert.strictEqual(checkDefensiveMode(db), true);
 });
 
-test('when passing { defensive: true } as config, defensive mode is on', (t) => {
+test('when passing { defensive: false } as config, defensive mode is off', (t) => {
   const db = new DatabaseSync(':memory:', {
-    defensive: true
+    defensive: false
   });
-  t.assert.strictEqual(checkDefensiveMode(db), true);
+  t.assert.strictEqual(checkDefensiveMode(db), false);
 });
 
-test('defensive mode on after calling db.enableDefensive(true)', (t) => {
+test('defensive mode should be off after calling db.enableDefensive(false)', (t) => {
   const db = new DatabaseSync(':memory:');
-  db.enableDefensive(true);
-  t.assert.strictEqual(checkDefensiveMode(db), true);
+  db.enableDefensive(false);
+  t.assert.strictEqual(checkDefensiveMode(db), false);
 });
 
-test('defensive mode should be off after calling db.enableDefensive(false)', (t) => {
+test('defensive mode should be on after calling db.enableDefensive(true)', (t) => {
   const db = new DatabaseSync(':memory:', {
-    defensive: true
+    defensive: false
   });
-  db.enableDefensive(false);
-  t.assert.strictEqual(checkDefensiveMode(db), false);
+  db.enableDefensive(true);
+  t.assert.strictEqual(checkDefensiveMode(db), true);
 });
 
 test('throws if options.defensive is provided but is not a boolean', (t) => {

From 55176d3aadf4d0f764d543d339f22b098fee9ddb Mon Sep 17 00:00:00 2001
From: Bart Louwers <bart@emeel.net>
Date: Sun, 12 Oct 2025 21:11:38 +0200
Subject: [PATCH 4/6] sqlite: revert "sqlite: enable defensive mode by default"

This reverts commit a1ea22de0c380caeb4ec373732eaf961b156063b.
---
 src/node_sqlite.h                   |  2 +-
 test/parallel/test-sqlite-config.js | 24 ++++++++++++------------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/node_sqlite.h b/src/node_sqlite.h
index 9f7be0f2b9ef95..8f0f9f15d621d5 100644
--- a/src/node_sqlite.h
+++ b/src/node_sqlite.h
@@ -79,7 +79,7 @@ class DatabaseOpenConfiguration {
   bool return_arrays_ = false;
   bool allow_bare_named_params_ = true;
   bool allow_unknown_named_params_ = false;
-  bool defensive_ = true;
+  bool defensive_ = false;
 };
 
 class DatabaseSync;
diff --git a/test/parallel/test-sqlite-config.js b/test/parallel/test-sqlite-config.js
index ec2463ae60fb28..13916f7407ed48 100644
--- a/test/parallel/test-sqlite-config.js
+++ b/test/parallel/test-sqlite-config.js
@@ -20,30 +20,30 @@ function checkDefensiveMode(db) {
   }
 }
 
-test('by default, defensive mode is on', (t) => {
+test('by default, defensive mode is off', (t) => {
   const db = new DatabaseSync(':memory:');
-  t.assert.strictEqual(checkDefensiveMode(db), true);
+  t.assert.strictEqual(checkDefensiveMode(db), false);
 });
 
-test('when passing { defensive: false } as config, defensive mode is off', (t) => {
+test('when passing { defensive: true } as config, defensive mode is on', (t) => {
   const db = new DatabaseSync(':memory:', {
-    defensive: false
+    defensive: true
   });
-  t.assert.strictEqual(checkDefensiveMode(db), false);
+  t.assert.strictEqual(checkDefensiveMode(db), true);
 });
 
-test('defensive mode should be off after calling db.enableDefensive(false)', (t) => {
+test('defensive mode on after calling db.enableDefensive(true)', (t) => {
   const db = new DatabaseSync(':memory:');
-  db.enableDefensive(false);
-  t.assert.strictEqual(checkDefensiveMode(db), false);
+  db.enableDefensive(true);
+  t.assert.strictEqual(checkDefensiveMode(db), true);
 });
 
-test('defensive mode should be on after calling db.enableDefensive(true)', (t) => {
+test('defensive mode should be off after calling db.enableDefensive(false)', (t) => {
   const db = new DatabaseSync(':memory:', {
-    defensive: false
+    defensive: true
   });
-  db.enableDefensive(true);
-  t.assert.strictEqual(checkDefensiveMode(db), true);
+  db.enableDefensive(false);
+  t.assert.strictEqual(checkDefensiveMode(db), false);
 });
 
 test('throws if options.defensive is provided but is not a boolean', (t) => {

From a52226229a1c6adb3a2369feb254291bb3a1f392 Mon Sep 17 00:00:00 2001
From: Bart Louwers <bart@emeel.net>
Date: Sun, 12 Oct 2025 22:10:06 +0200
Subject: [PATCH 5/6] sqlite: add changes YAML

---
 doc/api/sqlite.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/api/sqlite.md b/doc/api/sqlite.md
index 189a52446f243c..26a99fec143ced 100644
--- a/doc/api/sqlite.md
+++ b/doc/api/sqlite.md
@@ -103,6 +103,10 @@ changes:
       - v22.18.0
     pr-url: https://github.com/nodejs/node/pull/58697
     description: Add new SQLite database options.
+  - version:
+      - REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/60217
+    description: Add `defensive` option.
 -->
 
 * `path` {string | Buffer | URL} The path of the database. A SQLite database can be

From af876694493e09708db41d9bd3b806bbe610fd4e Mon Sep 17 00:00:00 2001
From: Bart Louwers <bart@emeel.net>
Date: Sun, 12 Oct 2025 22:19:10 +0200
Subject: [PATCH 6/6] doc: fix order changes list

---
 doc/api/sqlite.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/api/sqlite.md b/doc/api/sqlite.md
index 26a99fec143ced..b8eafe8a64ca85 100644
--- a/doc/api/sqlite.md
+++ b/doc/api/sqlite.md
@@ -98,15 +98,15 @@ exposed by this class execute synchronously.
 <!-- YAML
 added: v22.5.0
 changes:
+  - version:
+      - REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/60217
+    description: Add `defensive` option.
   - version:
       - v24.4.0
       - v22.18.0
     pr-url: https://github.com/nodejs/node/pull/58697
     description: Add new SQLite database options.
-  - version:
-      - REPLACEME
-    pr-url: https://github.com/nodejs/node/pull/60217
-    description: Add `defensive` option.
 -->
 
 * `path` {string | Buffer | URL} The path of the database. A SQLite database can be