npmpackage.info

@lsge/instrumentation

Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite, MongoDB and CockroachDB

5.22.1

41,135

Apache-2.0

TypeScript

20.67 kB

194 6.6

Installations

npm install @lsge/instrumentation

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Node Version

20.11.1

NPM Version

10.2.4 Score

58.7

Supply Chain

Quality

76.4

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

24

Total

8,260

Closed

2,518

Merged

5,718

Issues

Open

2,227

Total

10,866

Closed

8,639

Releases

207

6.3.1

Updated on Feb 04, 2025

6.3.0

Updated on Jan 28, 2025

6.2.1

Updated on Jan 08, 2025

6.2.0

Updated on Jan 07, 2025

6.1.0

Updated on Dec 17, 2024

6.0.1

Updated on Dec 02, 2024

View All 207 releases

Contributors

286

View All 286 Contributors

Languages

TypeScript

JavaScript

Shell

Dockerfile

PLpgSQL

TSQL

Batchfile

TypeScript (98.56%)

JavaScript (1.26%)

Shell (0.11%)

Dockerfile (0.05%)

PLpgSQL (0.01%)

Love this project? Help keep it running — sponsor us today! 🚀

Developer

prisma

Download Statistics

Total Downloads

194

Last Day

Last Week

Last Month

Last Year

194

GitHub Statistics

Apache-2.0 License

41,135 Stars

11,151 Commits

1,620 Forks

237 Watchers

375 Branches

286 Contributors

Updated on Feb 15, 2025

Bundle Size

84.73 kB

Minified

20.67 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

5.22.1

Package Id

@lsge/instrumentation@5.22.1

Unpacked Size

46.25 kB

Size

9.45 kB

File Count

NPM Version

10.2.4

Node Version

20.11.1

Published on

Oct 21, 2024

Total Downloads

Cumulative downloads

Total Downloads

194

Last Day

Compared to previous day

Last Week

-66.7%

Compared to previous week

Last Month

46.2%

Compared to previous month

Last Year

194

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@opentelemetry/api @opentelemetry/instrumentation @opentelemetry/sdk-trace-base

Dev Dependencies

@swc/core @types/jest @types/node jest jest-junit typescript @prisma/internals

@prisma/instrumentation

OTEL - OpenTelemetry compliant instrumentation for Prisma Client.

⚠️ Warning: This package is provided as part of the tracing Preview Feature Its release cycle does not follow SemVer, which means we might release breaking changes (change APIs, remove functionality) without any prior warning.

Installing

$ npm install @prisma/instrumentation

Usage

1import { registerInstrumentations } from '@opentelemetry/instrumentation'
2import { PrismaInstrumentation } from '@prisma/instrumentation'
3
4registerInstrumentations({
5  instrumentations: [new PrismaInstrumentation()],
6})

Don't forget to set previewFeatures:

1generator client {
2  provider = "prisma-client-js"
3  previewFeatures = ["tracing"]
4}

Jaeger

Exporting traces to Jaeger Tracing.

1import { context } from '@opentelemetry/api'
2import { AsyncHooksContextManager } from '@opentelemetry/context-async-hooks'
3import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http'
4import { registerInstrumentations } from '@opentelemetry/instrumentation'
5import { Resource } from '@opentelemetry/resources'
6import { BasicTracerProvider, SimpleSpanProcessor } from '@opentelemetry/sdk-trace-base'
7import { SEMRESATTRS_SERVICE_NAME, SEMRESATTRS_SERVICE_VERSION } from '@opentelemetry/semantic-conventions'
8import { PrismaInstrumentation } from '@prisma/instrumentation'
9
10import { PrismaClient } from '.prisma/client'
11
12const contextManager = new AsyncHooksContextManager().enable()
13
14context.setGlobalContextManager(contextManager)
15
16const otlpTraceExporter = new OTLPTraceExporter()
17
18const provider = new BasicTracerProvider({
19  resource: new Resource({
20    [SEMRESATTRS_SERVICE_NAME]: 'test-tracing-service',
21    [SEMRESATTRS_SERVICE_VERSION]: '1.0.0',
22  }),
23})
24
25provider.addSpanProcessor(new SimpleSpanProcessor(otlpTraceExporter))
26provider.register()
27
28registerInstrumentations({
29  instrumentations: [new PrismaInstrumentation()],
30})
31
32async function main() {
33  const prisma = new PrismaClient()
34
35  const email = `user.${Date.now()}@prisma.io`
36
37  await prisma.user.create({
38    data: {
39      email: email,
40    },
41  })
42}
43
44main()

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Maintained

Determines if the project is "actively maintained".

10

License

Determines if the project has defined a license.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Fuzzing

Determines if the project uses fuzzing.

9

Security-Policy

Determines if the project has published a security policy.

7

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/daily-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/daily-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-stale-issues.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/label-stale-issues.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-stale-issues.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/label-stale-issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manage-dist-tag.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/manage-dist-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-ci.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-ci.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:367: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:370: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:388: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:414: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:423: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:435: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:608: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:728: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:731: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:774: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:777: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:994: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:1112: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:582: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:636: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:647: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:851: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:927: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:969: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:465: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:469: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:511: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:521: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:559: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:682: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:685: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:824: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5
Warn: containerImage not pinned by hash: docker/mongodb_replica/Dockerfile:3
Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:1
Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:5: pin your Docker image by updating alpine:latest to alpine:latest@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:1
Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:3
Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:23
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:11
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:13
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:14
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:15
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:16
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:17
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:18
Warn: npmCommand not pinned by hash: .github/workflows/scripts/setup.sh:5
Info: 0 out of 40 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 55 third-party GitHubAction dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

6.6

/10

Last Scanned on 2025-02-10

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More