Skip to main content

prisma-next-runtime

Facilitates the setup of Prisma Next runtime with PostgreSQL and MongoDB, enabling middleware composition and environment-specific configurations.

Install this skill

or
49/100

Security score

The prisma-next-runtime skill was audited on Jun 11, 2026 and we found 19 security issues across 1 threat category. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Access to .env file

SourceSKILL.md
3description: Wire the Prisma Next runtime — `db.ts` setup using `postgres<Contract>(...)` from `@prisma-next/postgres/runtime`, `sqlite<Contract>(...)` from `@prisma-next/sqlite/runtime`, or `mongo<Co
medium line 20

Access to .env file

SourceSKILL.md
20- User mentions: *db.ts, postgres(), mongo(), middleware, telemetry, lints, budgets, DATABASE_URL, .env, connection pool, poolOptions, dev vs prod, transactions, read replicas, multi-database, script
medium line 36

Access to .env file

SourceSKILL.md
36- **`prisma-next.config.ts` vs `.env`.** The config (`defineConfig({ contract, db, extensions, migrations })`) is for static project shape: contract path, installed extensions, migrations directory, d
low line 53

Access to .env file

SourceSKILL.md
53url: process.env['DATABASE_URL'],
low line 92

Access to .env file

SourceSKILL.md
92await using db = postgres<Contract>({ contractJson, url: process.env.DATABASE_URL! });
low line 106

Access to .env file

SourceSKILL.md
106await using db = postgres<Contract>({ contractJson, url: process.env.DATABASE_URL! });
low line 116

Access to .env file

SourceSKILL.md
116export const db = postgres<Contract>({ contractJson, url: process.env.DATABASE_URL });
low line 150

Access to .env file

SourceSKILL.md
150url: process.env['DATABASE_URL'],
low line 177

Access to .env file

SourceSKILL.md
177url: process.env['DATABASE_URL'],
low line 222

Access to .env file

SourceSKILL.md
222url: process.env['DATABASE_URL'],
low line 231

Access to .env file

SourceSKILL.md
231const pool = new Pool({ connectionString: process.env['DATABASE_URL'] });
medium line 237

Access to .env file

SourceSKILL.md
237`DATABASE_URL` lives in `.env`. The CLI reads it for emit / verify / migration commands; the runtime reads it through `process.env` at `db.ts` load time.
medium line 241

Access to .env file

SourceSKILL.md
241The concept: one `DATABASE_URL` per environment; the rest of the `db.ts` shape is the same. For middleware divergence (e.g. strict lints in dev only), branch in `db.ts` on `process.env['NODE_ENV']`.
low line 244

Access to .env file

SourceSKILL.md
244const isProd = process.env['NODE_ENV'] === 'production';
low line 248

Access to .env file

SourceSKILL.md
248url: process.env['DATABASE_URL'],
medium line 258

Access to .env file

SourceSKILL.md
258`.env` for local; the deploy platform's secrets for prod. Never commit `.env`.
low line 286

Access to .env file

SourceSKILL.md
286export const db = mongo<Contract>({ contractJson, url: process.env['DATABASE_URL'] });
medium line 315

Access to .env file

SourceSKILL.md
3151. **Hardcoding `DATABASE_URL` in `prisma-next.config.ts`.** Leaks credentials; bypasses per-environment overrides. Use `.env`.
medium line 340

Access to .env file

SourceSKILL.md
340- [ ] `DATABASE_URL` lives in `.env`, not in `prisma-next.config.ts`.
Scanned on Jun 11, 2026
View Security Dashboard
Installation guide →
GitHub Stars 317
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
frontendreactdocxapidatabasedevopsbackendbackend-developerdata-engineerdevops-srepostgresqlmongodbdevelopment
prisma/prisma-next