Introduction
Prisma Guard is the ultimate Prisma companion for input sanitization and professional Zod schema generation. Protect your database from unknown fields and validate your data with zero-effort, type-safe schemas.
🚀 Why Prisma Guard?
Prisma is great, but validating inputs and stripping unknown fields can be a manual chore. Prisma Guard bridges this gap by providing:
- 🛡️ Runtime Protection: A Prisma Client extension that silently strips unknown fields from your queries before database execution.
- ⚡ Zod Generation: Automatically transforms your Prisma models into robust, decorated Zod schemas.
- 🧙 IDE Superpowers: Automated VS Code snippets and metadata generation for a seamless local developer experience.
- ✨ Zero-Config: Automatic
.gitignoremanagement, Prettier formatting, and generated directory cleanup. - 📋 CLI Command Reference: A comprehensive CLI tooling utility with direct schema-watching capabilities.
✌️ Two Ways to Use Prisma Guard
Depending on your application needs, you can leverage Prisma Guard in two modes:
Mode 1: Runtime Protection Only
- Add the extension directly to your Prisma Client instance.
- No Zod schemas are generated.
- Any unknown input fields are silently stripped from query payloads.
- Best for: Quick security layering with zero validation overhead.
Mode 2: Full Validation (Recommended)
- Generate matching Zod schemas for your models.
- Validate request payloads before they reach database operations.
- Provide clear, type-safe validation contracts and structured error responses.
- Best for: Production APIs, request body parsing, and rich validation rules.
📦 Installation
Install the package via your preferred package manager:
npm install @explita/prisma-guard
Note: Make sure
@prisma/clientandzodare installed as peer dependencies.
⚡ Quick Start (2 minutes)
Follow these 4 steps to set up runtime protection and validation:
1. Initialize Configuration
Generate the configuration file in your project root:
npx prisma-guard init
This creates a default prisma-guard.config.js in your root folder:
import { defineConfig, v } from "@explita/prisma-guard";
export default defineConfig({
schemaDir: "./prisma",
outputDir: "./generated",
// Config options (decorators, type maps, omissions) can be added here
});
2. Create Prisma Schema Files
Define a model inside your Prisma schema directory (default: ./prisma/schema.prisma):
model User {
id String @id @default(cuid())
email String @unique
password String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
3. Generate Schemas
Scan your Prisma models and generate Zod schemas and runtime mappings:
npx prisma-guard
4. Use in Your Code
Mount the runtime guard extension onto your Prisma Client, and use the generated Zod schemas to validate inputs:
import { PrismaClient } from "@prisma/client";
import { prismaGuard } from "@explita/prisma-guard";
import { UserCreateSchema } from "./generated/zod/user"; // Generated path
// 1. Initialize Client with Runtime Protection
const prisma = new PrismaClient().$extends(prismaGuard());
// 2. Validate user input payload at API boundary
const rawInput = {
email: "user@example.com",
password: "securePassword123",
poisonField: "hacker_attempt", // This will be handled
};
// Public input validation
const validatedData = UserCreateSchema.parse(rawInput);
// 3. Save to database
await prisma.user.create({
data: {
...validatedData,
anotherExtraField: "automatically_stripped_by_extension",
},
});
// Result: validatedData validates fields, and any extra parameters passed to data are silently stripped!