Require select property in a query argument while using Prisma.
You'll first need to install ESLint:
# npm
npm install eslint --save-dev
# yarn
yarn add eslint --dev
# pnpm
pnpm add eslint -DNext, install eslint-plugin-require-prisma-select:
# npm
npm install eslint-plugin-require-prisma-select --save-dev
# yarn
yarn add eslint-plugin-require-prisma-select --dev
# pnpm
pnpm add eslint-plugin-require-prisma-select -DAdd require-prisma-select to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
{
"plugins": ["require-prisma-select"]
}Then, add the rule to the rules section of your .eslintrc:
{
"rules": {
"require-prisma-select/require-prisma-select": "error"
}
}If the missing property is detected, the rule also provides a suggestion to add it.
Omitting the select property during Prisma CRUD operations results in fetching all fields for a specified model. This can lead to private information leakage, security vulnerabilities, or complications in executing zero downtime deployments. Unfortunately, Prisma lacks a mechanism to hide or mark selected fields as private, preventing them from being queried unless explicitly specified. Additionally, there's no option to generate a select property as required in Prisma types.
A potential solution involves creating a script to override generated types and make the select property required. However, this script would need to run after every types regeneration. The custom ESLint rule offers a more efficient approach to address this issue.
The rule parses the Abstract Syntax Tree (AST) and analyzes Typescript types to detect Prisma client usages. If a method accepts an argument with an optional select property, this rule ensures it's defined.