This product was not featured by Product Hunt yet. It will not yet shown by default on their landing page.
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
prisma-firewall
A security firewall for Prisma
Every Prisma developer has a silent risk in their codebase. A single deleteMany() with no where clause wipes an entire table. A findMany() with no limit dumps your entire database to the client. And there's a lesser known attack called operator injection, where an attacker sends { "not": "" } as a password value instead of a plain string, and Prisma accepts it as a valid query operator, bypassing authentication entirely. When tested, Prisma did not block it. prisma-firewall does.
Hey everyone! 👋
I'm Neeraj, a CS student from Singapore.
I built prisma-firewall over 2 days while working on a personal project using Prisma. I kept thinking about how easy it is to make a mistake that causes real damage. A stray deleteMany() with no where clause, a findMany() that dumps your entire database, sensitive fields accidentally returned in a query.
Then I discovered something that really surprised me. There's a vulnerability called operator injection where an attacker sends { "not": "" } as a password value instead of a plain string. Prisma accepts it as a valid query operator and returns the user without ever checking their password. I tested this myself on a real Prisma setup. It went straight through.
That's when I decided to build this properly.
The goal was simple. One line to install, zero changes to your existing queries, runs silently in the background and catches what Prisma misses. A safety net for when things go wrong, because they always do at some point.
Would love to hear feedback from the community, especially if there are security edge cases I haven't covered yet. Happy to answer any questions!
About prisma-firewall on Product Hunt
“A security firewall for Prisma”
prisma-firewall was submitted on Product Hunt and earned 1 upvotes and 1 comments, placing #64 on the daily leaderboard. Every Prisma developer has a silent risk in their codebase. A single deleteMany() with no where clause wipes an entire table. A findMany() with no limit dumps your entire database to the client. And there's a lesser known attack called operator injection, where an attacker sends { "not": "" } as a password value instead of a plain string, and Prisma accepts it as a valid query operator, bypassing authentication entirely. When tested, Prisma did not block it. prisma-firewall does.
On the analytics side, prisma-firewall competes within Developer Tools, GitHub, Tech and Security — topics that collectively have 1.2M followers on Product Hunt. The dashboard above tracks how prisma-firewall performed against the three products that launched closest to it on the same day.
Who hunted prisma-firewall?
prisma-firewall was hunted by Neeraj L. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of prisma-firewall including community comment highlights and product details, visit the product overview.
Neeraj L