This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
prisma-firewall
A security firewall for Prisma
Every Prisma developer has a silent risk in their codebase. A single deleteMany() with no where clause wipes an entire table. A findMany() with no limit dumps your entire database to the client. And there's a lesser known attack called operator injection, where an attacker sends { "not": "" } as a password value instead of a plain string, and Prisma accepts it as a valid query operator, bypassing authentication entirely. When tested, Prisma did not block it. prisma-firewall does.
Hey everyone! 👋
I'm Neeraj, a CS student from Singapore.
I built prisma-firewall over 2 days while working on a personal project using Prisma. I kept thinking about how easy it is to make a mistake that causes real damage. A stray deleteMany() with no where clause, a findMany() that dumps your entire database, sensitive fields accidentally returned in a query.
Then I discovered something that really surprised me. There's a vulnerability called operator injection where an attacker sends { "not": "" } as a password value instead of a plain string. Prisma accepts it as a valid query operator and returns the user without ever checking their password. I tested this myself on a real Prisma setup. It went straight through.
That's when I decided to build this properly.
The goal was simple. One line to install, zero changes to your existing queries, runs silently in the background and catches what Prisma misses. A safety net for when things go wrong, because they always do at some point.
Would love to hear feedback from the community, especially if there are security edge cases I haven't covered yet. Happy to answer any questions!
About prisma-firewall on Product Hunt
“A security firewall for Prisma”
prisma-firewall was submitted on Product Hunt and earned 1 upvotes and 1 comments, placing #64 on the daily leaderboard. Every Prisma developer has a silent risk in their codebase. A single deleteMany() with no where clause wipes an entire table. A findMany() with no limit dumps your entire database to the client. And there's a lesser known attack called operator injection, where an attacker sends { "not": "" } as a password value instead of a plain string, and Prisma accepts it as a valid query operator, bypassing authentication entirely. When tested, Prisma did not block it. prisma-firewall does.
On the analytics side, prisma-firewall competes within Developer Tools, GitHub, Tech and Security — topics that collectively have 1.2M followers on Product Hunt. The dashboard above tracks how prisma-firewall performed against the three products that launched closest to it on the same day.
Who hunted prisma-firewall?
prisma-firewall was hunted by Neeraj L. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of prisma-firewall including community comment highlights and product details, visit the product overview.
Neeraj L