Installations
npm install @prisma/nextjs-monorepo-workaround-pluginDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.20.6
NPM Version
10.8.2
Score
98.6
Supply Chain
73.7
Quality
97.6
Maintenance
100
Vulnerability
100
License
Releases
207
Contributors
286
Languages
7
TypeScript
JavaScript
Shell
Dockerfile
PLpgSQL
TSQL
Batchfile
TypeScript (98.56%)
JavaScript (1.26%)
Shell (0.11%)
Dockerfile (0.05%)
PLpgSQL (0.01%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
2,921,217
Last Day
8,850
Last Week
46,840
Last Month
198,691
Last Year
1,931,609
GitHub Statistics
Apache-2.0 License
41,127 Stars
11,151 Commits
1,620 Forks
237 Watchers
375 Branches
286 Contributors
Updated on Feb 14, 2025
Bundle Size
2.23 kB
Minified
1.00 kB
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
6.3.1
Package Id
@prisma/nextjs-monorepo-workaround-plugin@6.3.1
Unpacked Size
17.73 kB
Size
6.00 kB
File Count
4
NPM Version
10.8.2
Node Version
18.20.6
Published on
Feb 04, 2025
Total Downloads
Cumulative downloads
Total Downloads
2,921,217
Last Day
4.7%
8,850
Compared to previous day
Last Week
-6.1%
46,840
Compared to previous week
Last Month
26.3%
198,691
Compared to previous month
Last Year
95.2%
1,931,609
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
1
What is Prisma?
Prisma ORM is a next-generation ORM that consists of these tools:
- Prisma Client: Auto-generated and type-safe query builder for Node.js & TypeScript
- Prisma Migrate: Declarative data modeling & migration system
- Prisma Studio: GUI to view and edit data in your database
Prisma Client can be used in any Node.js or TypeScript backend application (including serverless applications and microservices). This can be a REST API, a GraphQL API, a gRPC API, or anything else that needs a database.
If you need a database to use with Prisma ORM, check out Prisma Postgres.
Prisma ORM can further be extended with these Prisma products:
- Prisma Accelerate: Global database cache with scalable connection pooling
- Prisma Pulse: Real-time database events with type-safe subscriptions
- Prisma Optimize: AI-powered query optimization and performance insights
- Prisma Studio: A visual editor for the data in your database
Getting started
Quickstart (5min)
The fastest way to get started with Prisma is by following the quickstart guides. You can choose either of two databases:
Bring your own database
If you already have your own database, you can follows these guides:
How Prisma ORM works
This section provides a high-level overview of how Prisma ORM works and its most important technical components. For a more thorough introduction, visit the Prisma documentation.
The Prisma schema
Every project that uses a tool from the Prisma toolkit starts with a Prisma schema file. The Prisma schema allows developers to define their application models in an intuitive data modeling language. It also contains the connection to a database and defines a generator:
1// Data source 2datasource db { 3 provider = "postgresql" 4 url = env("DATABASE_URL") 5} 6 7// Generator 8generator client { 9 provider = "prisma-client-js" 10} 11 12// Data model 13model Post { 14 id Int @id @default(autoincrement()) 15 title String 16 content String? 17 published Boolean @default(false) 18 author User? @relation(fields: [authorId], references: [id]) 19 authorId Int? 20} 21 22model User { 23 id Int @id @default(autoincrement()) 24 email String @unique 25 name String? 26 posts Post[] 27}
In this schema, you configure three things:
- Data source: Specifies your database connection (via an environment variable)
- Generator: Indicates that you want to generate Prisma Client
- Data model: Defines your application models
The Prisma data model
On this page, the focus is on the data model. You can learn more about Data sources and Generators on the respective docs pages.
Functions of Prisma models
The data model is a collection of models. A model has two major functions:
- Represent a table in the underlying database
- Provide the foundation for the queries in the Prisma Client API
Getting a data model
There are two major workflows for "getting" a data model into your Prisma schema:
- Generate the data model from introspecting a database
- Manually writing the data model and mapping it to the database with Prisma Migrate
Once the data model is defined, you can generate Prisma Client which will expose CRUD and more queries for the defined models. If you're using TypeScript, you'll get full type-safety for all queries (even when only retrieving the subsets of a model's fields).
Accessing your database with Prisma Client
Generating Prisma Client
The first step when using Prisma Client is installing its npm package:
npm install @prisma/client
Note that the installation of this package invokes the prisma generate command which reads your Prisma schema and generates the Prisma Client code. The code will be located in node_modules/.prisma/client, which is exported by node_modules/@prisma/client/index.d.ts.
After you change your data model, you'll need to manually re-generate Prisma Client to ensure the code inside node_modules/.prisma/client gets updated:
npx prisma generate
Refer to the documentation for more information about "generating the Prisma client".
Using Prisma Client to send queries to your database
Once the Prisma Client is generated, you can import it in your code and send queries to your database. This is what the setup code looks like.
Import and instantiate Prisma Client
You can import and instantiate Prisma Client as follows:
1import { PrismaClient } from '@prisma/client' 2 3const prisma = new PrismaClient()
or
1const { PrismaClient } = require('@prisma/client') 2 3const prisma = new PrismaClient()
Now you can start sending queries via the generated Prisma Client API, here are a few sample queries. Note that all Prisma Client queries return plain old JavaScript objects.
Learn more about the available operations in the Prisma Client docs or watch this demo video (2 min).
Retrieve all User records from the database
1const allUsers = await prisma.user.findMany()
Include the posts relation on each returned User object
1const allUsers = await prisma.user.findMany({ 2 include: { posts: true }, 3})
Filter all Post records that contain "prisma"
1const filteredPosts = await prisma.post.findMany({ 2 where: { 3 OR: [{ title: { contains: 'prisma' } }, { content: { contains: 'prisma' } }], 4 }, 5})
Create a new User and a new Post record in the same query
1const user = await prisma.user.create({ 2 data: { 3 name: 'Alice', 4 email: 'alice@prisma.io', 5 posts: { 6 create: { title: 'Join us for Prisma Day 2021' }, 7 }, 8 }, 9})
Update an existing Post record
1const post = await prisma.post.update({ 2 where: { id: 42 }, 3 data: { published: true }, 4})
Usage with TypeScript
Note that when using TypeScript, the result of this query will be statically typed so that you can't accidentally access a property that doesn't exist (and any typos are caught at compile-time). Learn more about leveraging Prisma Client's generated types on the Advanced usage of generated types page in the docs.
Community
Prisma has a large and supportive community of enthusiastic application developers. You can join us on Discord and here on GitHub.
Badges
Built something awesome with Prisma? 🌟 Show it off with these badges, perfect for your readme or website.
[](https://prisma.io)
[](https://prisma.io)
Security
If you have a security issue to report, please contact us at security@prisma.io.
Support
Ask a question about Prisma
You can ask questions and initiate discussions about Prisma-related topics in the prisma repository on GitHub.
Create a bug report for Prisma
If you see an error message or run into an issue, please make sure to create a bug report! You can find best practices for creating bug reports (like including additional debugging output) in the docs.
Submit a feature request
If Prisma currently doesn't have a certain feature, be sure to check out the roadmap to see if this is already planned for the future.
If the feature on the roadmap is linked to a GitHub issue, please make sure to leave a 👍 reaction on the issue and ideally a comment with your thoughts about the feature!
Contributing
Refer to our contribution guidelines and Code of Conduct for contributors.
Tests Status
- Prisma Tests Status:
- Ecosystem Tests Status:
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
project is fuzzed
Details
- Info: TypeScriptPropertyBasedTesting integration found: packages/client/tests/functional/decimal/precision/tests.ts:1
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:22
- Warn: no topLevel permission defined: .github/workflows/benchmark.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-engine-branch.yml:1
- Warn: no topLevel permission defined: .github/workflows/bundle-size.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci-aux-files.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/daily-buildpulse.yml:1
- Warn: no topLevel permission defined: .github/workflows/daily-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/label-stale-issues.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint-workflow-files.yml:1
- Warn: no topLevel permission defined: .github/workflows/manage-dist-tag.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-latest.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-template.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-engines-version.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-studio-version.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-engine-branch.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/build-engine-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bundle-size.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/bundle-size.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/codeql-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/daily-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/daily-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-stale-issues.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/label-stale-issues.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-stale-issues.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/label-stale-issues.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-workflow-files.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/lint-workflow-files.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manage-dist-tag.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/manage-dist-tag.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-ci.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-ci.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-ci.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-latest.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-latest.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/release-latest.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:619: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:622: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:665: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:668: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:458: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:496: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:761: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:864: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:906: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:931: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:1049: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:519: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:711: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:714: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:351: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:360: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:573: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-template.yml:584: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-template.yml:788: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-engines-version.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-engines-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-studio-version.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/prisma/prisma/update-studio-version.yml/main?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5
- Warn: containerImage not pinned by hash: docker/mongodb_replica/Dockerfile:3
- Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:1
- Warn: containerImage not pinned by hash: docker/planetscale_proxy/Dockerfile:5: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
- Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:1
- Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:3
- Warn: containerImage not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:23
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:11
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:13
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:14
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:15
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:16
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:17
- Warn: npmCommand not pinned by hash: packages/client/tests/e2e/_utils/standard.dockerfile:18
- Warn: npmCommand not pinned by hash: .github/workflows/scripts/setup.sh:5
- Info: 0 out of 39 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 53 third-party GitHubAction dependencies pinned
- Info: 0 out of 7 containerImage dependencies pinned
- Info: 0 out of 8 npmCommand dependencies pinned
Reason
30 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
- Warn: Project is vulnerable to: GHSA-f8mp-x433-5wpf
- Warn: Project is vulnerable to: GHSA-m95q-7qp3-xv42
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-jqv5-7xpx-qj74
Score
6.6
/10
Last Scanned on 2025-02-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More