Gathering detailed insights and metrics for @prisma/client
Gathering detailed insights and metrics for @prisma/client
Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite, MongoDB and CockroachDB
Installations
npm install @prisma/clientScore
63.1
Supply Chain
79.1
Quality
97.6
Maintenance
100
Vulnerability
100
License
Developer
Developer Guide
BETA
Module System
CommonJS, ESM, UMD
Min. Node Version
>=18.18
Typescript Support
Yes
Node Version
18.20.5
NPM Version
10.8.2
Statistics
39,861 Stars
11,017 Commits
1,559 Forks
240 Watching
350 Branches
278 Contributors
Updated on 28 Nov 2024
Bundle Size
233.00 B
Minified
171.00 B
Minified + Gzipped
Languages
TypeScript (98.53%)
JavaScript (1.3%)
Shell (0.11%)
Dockerfile (0.05%)
Batchfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
191,001,391
Last day
0.9%
402,513
Compared to previous day
Last week
6.3%
2,290,357
Compared to previous week
Last month
9%
9,382,284
Compared to previous month
Last year
55.3%
93,424,924
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
95
@cloudflare/workers-types@codspeed/benchmark.js-plugin@faker-js/faker@fast-check/jest@inquirer/prompts@jest/create-cache-key-function@jest/globals@jest/test-sequencer@libsql/client@neondatabase/serverless@opentelemetry/api@opentelemetry/context-async-hooks@opentelemetry/instrumentation@opentelemetry/resources@opentelemetry/sdk-trace-base@opentelemetry/semantic-conventions@planetscale/database@prisma/engines-version@prisma/mini-proxy@prisma/query-engine-wasm@snaplet/copycat@swc-node/register@swc/core@swc/jest@timsuchanek/copy@types/debug@types/fs-extra@types/jest@types/js-levenshtein@types/mssql@types/node@types/pgargbenchmarkci-infodecimal.jsdetect-runtimeenv-pathsesbuildexecaexpect-typeflat-map-polyfillfs-extraget-streamglobbyindent-stringjestjest-extendedjest-junitjest-serializer-ansi-escapesjest-snapshotjs-levenshteinkleurklonamariadbmemfsmssqlnew-github-issue-urlnode-fetchp-retrypgpkg-uppluralizeresolverimrafsimple-statisticssort-keyssource-map-supportsql-template-tagstacktrace-parserstrip-ansistrip-indentts-nodets-patterntsdtypescriptundiciwranglerzx@prisma/adapter-d1@prisma/adapter-libsql@prisma/adapter-pg@prisma/adapter-neon@prisma/adapter-pg-worker@prisma/adapter-planetscale@prisma/debug@prisma/driver-adapter-utils@prisma/engines@prisma/fetch-engine@prisma/generator-helper@prisma/instrumentation@prisma/get-platform@prisma/internals@prisma/migrate@prisma/pg-worker
Versions
What is Prisma?
Prisma ORM is a next-generation ORM that consists of these tools:
- Prisma Client: Auto-generated and type-safe query builder for Node.js & TypeScript
- Prisma Migrate: Declarative data modeling & migration system
- Prisma Studio: GUI to view and edit data in your database
Prisma Client can be used in any Node.js or TypeScript backend application (including serverless applications and microservices). This can be a REST API, a GraphQL API, a gRPC API, or anything else that needs a database.
If you need a database to use with Prisma ORM, check out Prisma Postgres.
Prisma ORM can further be extended with these Prisma products:
- Prisma Accelerate: Global database cache with scalable connection pooling
- Prisma Pulse: Real-time database events with type-safe subscriptions
- Prisma Optimize: AI-powered query optimization and performance insights
- Prisma Studio: A visual editor for the data in your database
Getting started
Quickstart (5min)
The fastest way to get started with Prisma is by following the quickstart guides. You can choose either of two databases:
Bring your own database
If you already have your own database, you can follows these guides:
How Prisma ORM works
This section provides a high-level overview of how Prisma ORM works and its most important technical components. For a more thorough introduction, visit the Prisma documentation.
The Prisma schema
Every project that uses a tool from the Prisma toolkit starts with a Prisma schema file. The Prisma schema allows developers to define their application models in an intuitive data modeling language. It also contains the connection to a database and defines a generator:
1// Data source 2datasource db { 3 provider = "postgresql" 4 url = env("DATABASE_URL") 5} 6 7// Generator 8generator client { 9 provider = "prisma-client-js" 10} 11 12// Data model 13model Post { 14 id Int @id @default(autoincrement()) 15 title String 16 content String? 17 published Boolean @default(false) 18 author User? @relation(fields: [authorId], references: [id]) 19 authorId Int? 20} 21 22model User { 23 id Int @id @default(autoincrement()) 24 email String @unique 25 name String? 26 posts Post[] 27}
In this schema, you configure three things:
- Data source: Specifies your database connection (via an environment variable)
- Generator: Indicates that you want to generate Prisma Client
- Data model: Defines your application models
The Prisma data model
On this page, the focus is on the data model. You can learn more about Data sources and Generators on the respective docs pages.
Functions of Prisma models
The data model is a collection of models. A model has two major functions:
- Represent a table in the underlying database
- Provide the foundation for the queries in the Prisma Client API
Getting a data model
There are two major workflows for "getting" a data model into your Prisma schema:
- Generate the data model from introspecting a database
- Manually writing the data model and mapping it to the database with Prisma Migrate
Once the data model is defined, you can generate Prisma Client which will expose CRUD and more queries for the defined models. If you're using TypeScript, you'll get full type-safety for all queries (even when only retrieving the subsets of a model's fields).
Accessing your database with Prisma Client
Generating Prisma Client
The first step when using Prisma Client is installing its npm package:
npm install @prisma/client
Note that the installation of this package invokes the prisma generate command which reads your Prisma schema and generates the Prisma Client code. The code will be located in node_modules/.prisma/client, which is exported by node_modules/@prisma/client/index.d.ts.
After you change your data model, you'll need to manually re-generate Prisma Client to ensure the code inside node_modules/.prisma/client gets updated:
npx prisma generate
Refer to the documentation for more information about "generating the Prisma client".
Using Prisma Client to send queries to your database
Once the Prisma Client is generated, you can import it in your code and send queries to your database. This is what the setup code looks like.
Import and instantiate Prisma Client
You can import and instantiate Prisma Client as follows:
1import { PrismaClient } from '@prisma/client' 2 3const prisma = new PrismaClient()
or
1const { PrismaClient } = require('@prisma/client') 2 3const prisma = new PrismaClient()
Now you can start sending queries via the generated Prisma Client API, here are a few sample queries. Note that all Prisma Client queries return plain old JavaScript objects.
Learn more about the available operations in the Prisma Client docs or watch this demo video (2 min).
Retrieve all User records from the database
1// Run inside `async` function 2const allUsers = await prisma.user.findMany()
Include the posts relation on each returned User object
1// Run inside `async` function 2const allUsers = await prisma.user.findMany({ 3 include: { posts: true }, 4})
Filter all Post records that contain "prisma"
1// Run inside `async` function 2const filteredPosts = await prisma.post.findMany({ 3 where: { 4 OR: [{ title: { contains: 'prisma' } }, { content: { contains: 'prisma' } }], 5 }, 6})
Create a new User and a new Post record in the same query
1// Run inside `async` function 2const user = await prisma.user.create({ 3 data: { 4 name: 'Alice', 5 email: 'alice@prisma.io', 6 posts: { 7 create: { title: 'Join us for Prisma Day 2021' }, 8 }, 9 }, 10})
Update an existing Post record
1// Run inside `async` function 2const post = await prisma.post.update({ 3 where: { id: 42 }, 4 data: { published: true }, 5})
Usage with TypeScript
Note that when using TypeScript, the result of this query will be statically typed so that you can't accidentally access a property that doesn't exist (and any typos are caught at compile-time). Learn more about leveraging Prisma Client's generated types on the Advanced usage of generated types page in the docs.
Community
Prisma has a large and supportive community of enthusiastic application developers. You can join us on Discord and here on GitHub.
Badges
Built something awesome with Prisma? 🌟 Show it off with these badges, perfect for your readme or website.
[](https://prisma.io)
[](https://prisma.io)
Security
If you have a security issue to report, please contact us at security@prisma.io.
Support
Ask a question about Prisma
You can ask questions and initiate discussions about Prisma-related topics in the prisma repository on GitHub.
Create a bug report for Prisma
If you see an error message or run into an issue, please make sure to create a bug report! You can find best practices for creating bug reports (like including additional debugging output) in the docs.
Submit a feature request
If Prisma currently doesn't have a certain feature, be sure to check out the roadmap to see if this is already planned for the future.
If the feature on the roadmap is linked to a GitHub issue, please make sure to leave a 👍 reaction on the issue and ideally a comment with your thoughts about the feature!
Contributing
Refer to our contribution guidelines and Code of Conduct for contributors.
Tests Status
- Prisma Tests Status:
- Ecosystem Tests Status:
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
project is fuzzed
Details
- Info: TypeScriptPropertyBasedTesting integration found: packages/client/tests/functional/decimal/precision/tests.ts:1
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:22
- Warn: no topLevel permission defined: .github/workflows/benchmark.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-engine-branch.yml:1
- Warn: no topLevel permission defined: .github/workflows/bundle-size.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci-aux-files.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/daily-buildpulse.yml:1
- Warn: no topLevel permission defined: .github/workflows/daily-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/label-stale-issues.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint-workflow-files.yml:1
- Warn: no topLevel permission defined: .github/workflows/manage-dist-tag.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-latest.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-template.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-engines-version.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-studio-version.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/daily-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/daily-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-stale-issues.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/label-stale-issues.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-stale-issues.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/label-stale-issues.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manage-dist-tag.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/manage-dist-tag.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-ci.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-ci.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:458: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:496: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:519: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:665: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:668: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:711: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:714: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:573: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:584: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:761: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:864: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:906: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:931: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:1049: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:351: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:360: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:619: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:622: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:788: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5
- Warn: containerImage not pinned by hash: docker/mongodb_replica/Dockerfile:3
- Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:1
- Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:5: pin your Docker image by updating alpine:latest to alpine:latest@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
- Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:1
- Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:3
- Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:23
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:11
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:13
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:14
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:15
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:16
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:17
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:18
- Warn: npmCommand not pinned by hash: .github/workflows/scripts/setup.sh:5
- Info: 0 out of 39 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 52 third-party GitHubAction dependencies pinned
- Info: 0 out of 7 containerImage dependencies pinned
- Info: 0 out of 8 npmCommand dependencies pinned
Reason
28 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
- Warn: Project is vulnerable to: GHSA-f8mp-x433-5wpf
- Warn: Project is vulnerable to: GHSA-m95q-7qp3-xv42
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-jqv5-7xpx-qj74
Score
6.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More