prisma-next-quickstart
Guides users through their first steps with Prisma Next, from project setup to executing queries against a database.
Install this skill
or
42/100
Security score
The prisma-next-quickstart skill was audited on Jun 6, 2026 and we found 14 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 112
Access to .env file
SourceSKILL.md
| 112 | `db.orm.<Model>` is the default ORM lane — model-shaped, fully typed against the contract, lazily connects to the database on first use (it picks up `DATABASE_URL` from `.env` via the runtime's `doten |
medium line 121
Access to .env file
SourceSKILL.md
| 121 | - `DATABASE_URL` is set in `.env` (or wherever the runtime's config tells it to look). |
medium line 147
Access to .env file
SourceSKILL.md
| 147 | - `.env` / `.env.example` — is `DATABASE_URL` set, or only the example? |
medium line 157
Access to .env file
SourceSKILL.md
| 157 | - **`DATABASE_URL` not set.** Have the user set it in `.env` (not in `prisma-next.config.ts` — see Pitfall 5). Then `pnpm prisma-next db init` to apply the current contract to that database and write |
medium line 206
Access to .env file
SourceSKILL.md
| 206 | - `--write-env` — also write `.env` (default writes only `.env.example`; `.env` stays under your control). |
medium line 218
Access to .env file
SourceSKILL.md
| 218 | - `.env.example` (and `.env` if `--write-env`). |
medium line 236
Access to .env file
SourceSKILL.md
| 236 | 1. Set `DATABASE_URL` in `.env` (copy from `.env.example`). |
medium line 254
Access to .env file
SourceSKILL.md
| 254 | Then, with `DATABASE_URL` set in `.env`: |
medium line 309
Access to .env file
SourceSKILL.md
| 309 | 5. **Setting `DATABASE_URL` in `prisma-next.config.ts` instead of `.env`.** The config reads `.env` automatically via `dotenv/config`. Hardcoding the URL leaks credentials and bypasses per-environment |
medium line 332
Access to .env file
SourceSKILL.md
| 332 | - [ ] **First-touch orientation:** read `prisma-next.config.ts`, the contract source, `db.ts`, and `.env` before proposing anything — didn't assume what the scaffold tool / teammate left in place. |
medium line 336
Access to .env file
SourceSKILL.md
| 336 | - [ ] Set `DATABASE_URL` in `.env` and confirmed the value is reachable. |
low line 88
External URL reference
SourceSKILL.md
| 88 | > **Heads up — `prisma-next init` currently scaffolds the wrong layout.** It writes `prisma/contract.{prisma,ts}` and `prisma/db.ts` at the repo root instead of under `src/prisma/`. Tracked as [TML-25 |
low line 145
External URL reference
SourceSKILL.md
| 145 | - The contract source the config declares (canonically `src/prisma/contract.prisma` or `src/prisma/contract.ts`; a project that pre-dates [TML-2532](https://linear.app/prisma-company/issue/TML-2532) m |
low line 204
External URL reference
SourceSKILL.md
| 204 | - `--schema-path <path>` — defaults to `prisma/contract.prisma` (or `prisma/contract.ts`). **Pass `--schema-path src/prisma/contract.prisma` (or `.../contract.ts`)** to scaffold into the canonical `sr |
Scanned on Jun 6, 2026
View Security DashboardGitHub Stars 317
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
frontenddesignplaywrightreactdocxapidatabasebackendbackend-developerdata-engineerproduct-managerpostgresqlmongodbdevelopmentproduct
prisma/prisma-next