npmpackage.info

Gathering detailed insights and metrics for @prisma/client

@prisma/client - 6.11.1 | npmpackage.info

@prisma/client

Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite, MongoDB and CockroachDB

6.11.1

42,795

Apache-2.0

TypeScript

171.00 B

255,338,511 6.6

Installations

npm install @prisma/client

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, ESM, UMD

Min. Node Version

>=18.18

Node Version

18.20.8

NPM Version

10.8.2 Score

79.8

Supply Chain

78.7

Quality

97.6

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

36

Total

8,982

Closed

2,736

Merged

6,210

Issues

Open

2,295

Total

11,242

Closed

8,947

Releases

220

6.11.1

Updated on Jul 03, 2025

6.11.0

Updated on Jul 01, 2025

6.10.1

Updated on Jun 18, 2025

6.10.0

Updated on Jun 17, 2025

6.9.0

Updated on Jun 05, 2025

6.8.2

Updated on May 16, 2025

View All 220 releases

Languages

TypeScript

JavaScript

Shell

Dockerfile

PLpgSQL

TSQL

Batchfile

TypeScript (98.7%)

JavaScript (1.16%)

Shell (0.1%)

Dockerfile (0.03%)

PLpgSQL (0.01%)

Developer

prisma

Download Statistics

Total Downloads

255,338,511

Last Day

176,193

Last Week

2,741,392

Last Month

11,515,923

Last Year

114,023,688

GitHub Statistics

Apache-2.0 License

42,795 Stars

11,639 Commits

1,784 Forks

236 Watchers

475 Branches

298 Contributors

Updated on Jul 08, 2025

Bundle Size

233.00 B

Minified

171.00 B

Minified + Gzipped

Bundlephobia

Maintainers

View All 298 Contributors

Package Meta Information

Latest Version

6.11.1

Package Id

@prisma/client@6.11.1

Unpacked Size

24.56 MB

Size

9.04 MB

File Count

NPM Version

10.8.2

Node Version

18.20.8

Published on

Jul 03, 2025

Total Downloads

Cumulative downloads

Total Downloads

255,338,511

Last Day

2.3%

176,193

Compared to previous day

Last Week

-4.8%

2,741,392

Compared to previous week

Last Month

3.7%

11,515,923

Compared to previous month

Last Year

46.1%

114,023,688

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

prisma typescript

Dev Dependencies

@cloudflare/workers-types @codspeed/benchmark.js-plugin @faker-js/faker @fast-check/jest @inquirer/prompts @jest/create-cache-key-function @jest/globals @jest/test-sequencer @libsql/client @neondatabase/serverless @opentelemetry/api @opentelemetry/context-async-hooks @opentelemetry/instrumentation @opentelemetry/resources @opentelemetry/sdk-trace-base @opentelemetry/semantic-conventions @planetscale/database @prisma/engines-version @prisma/mini-proxy @prisma/query-compiler-wasm @prisma/query-engine-wasm @snaplet/copycat @swc-node/register @swc/core @swc/jest @timsuchanek/copy @types/debug @types/fs-extra @types/jest @types/js-levenshtein @types/mssql @types/node @types/pg arg benchmark decimal.js esbuild execa expect-type fs-extra get-stream globby indent-string jest jest-extended jest-junit jest-serializer-ansi-escapes jest-snapshot js-levenshtein kleur klona mariadb memfs mssql new-github-issue-url p-retry pg resolve rimraf simple-statistics sort-keys source-map-support sql-template-tag stacktrace-parser strip-ansi strip-indent tempy ts-node ts-pattern tsd typescript undici wrangler zx @prisma/adapter-better-sqlite3 @prisma/adapter-d1 @prisma/adapter-libsql @prisma/adapter-mariadb @prisma/adapter-mssql @prisma/adapter-planetscale @prisma/adapter-neon @prisma/adapter-pg @prisma/client-common @prisma/client-engine-runtime @prisma/client-generator-ts @prisma/client-generator-js @prisma/config @prisma/debug @prisma/dmmf @prisma/driver-adapter-utils @prisma/engines @prisma/fetch-engine @prisma/generator @prisma/generator-helper @prisma/get-platform @prisma/instrumentation @prisma/internals @prisma/migrate @prisma/ts-builders

Prisma Client ·

Prisma Client JS is an auto-generated query builder that enables type-safe database access and reduces boilerplate. You can use it as an alternative to traditional ORMs such as Sequelize, TypeORM or SQL query builders like knex.js.

It is part of the Prisma ecosystem. Prisma provides database tools for data access, declarative data modeling, schema migrations and visual data management. Learn more in the main prisma repository or read the documentation.

Getting started

Follow one of these guides to get started with Prisma Client JS:

Quickstart (5 min)
Set up a new project with Prisma (SQL migrations) (15 min)
Set up a new project with Prisma (Prisma Migrate) (15 min)
Add Prisma to an existing project (15 min)

Alternatively you can explore the ready-to-run examples (REST, GraphQL, gRPC, plain JavaScript and TypeScript demos, ...) or watch the demo videos (1-2 min per video).

Contributing

Refer to our contribution guidelines and Code of Conduct for contributors.

Tests Status

Prisma Tests Status:
Ecosystem Tests Status:

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Maintained

Determines if the project is "actively maintained".

10

License

Determines if the project has defined a license.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Fuzzing

Determines if the project uses fuzzing.

9

Security-Policy

Determines if the project has published a security policy.

7

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-close-github-discussions.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/auto-close-github-discussions.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-close-github-discussions.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/auto-close-github-discussions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-close-github-discussions.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/auto-close-github-discussions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-stale-issues.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/label-stale-issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manage-dist-tag.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/manage-dist-tag.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-ci.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:541: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:944: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:1037: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:656: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:1069: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:385: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:388: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:420: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:444: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:447: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:490: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:499: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:511: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:586: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:596: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:633: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:684: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:756: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:767: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:801: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:804: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:729: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:848: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:851: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:895: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:898: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:970: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:1109: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:1150: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:1175: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:1348: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:322: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:348: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
Warn: containerImage not pinned by hash: docker/mongodb_replica/Dockerfile:3
Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:1
Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:5: pin your Docker image by updating alpine:latest to alpine:latest@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:1
Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:3
Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:23
Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:10-18
Warn: npmCommand not pinned by hash: .github/workflows/scripts/setup.sh:5
Info: 0 out of 46 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 54 third-party GitHubAction dependencies pinned
Info: 0 out of 6 containerImage dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

42 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-r2fc-ccr8-96c4
Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
Warn: Project is vulnerable to: GHSA-f8mp-x433-5wpf
Warn: Project is vulnerable to: GHSA-m95q-7qp3-xv42
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-jqv5-7xpx-qj74
Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
Warn: Project is vulnerable to: GHSA-859w-5945-r5v3

Score

6.6

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More