{"id":17596,"library":"eslint-plugin-safe-kysely","title":"ESLint Plugin for Safe Kysely Operations","description":"eslint-plugin-safe-kysely is an ESLint plugin designed to improve data safety in applications utilizing the Kysely query builder. Currently at version 1.0.1, this plugin enforces the inclusion of a `where` clause in all `updateTable` and `deleteFrom` Kysely call chains. Its primary goal is to prevent accidental mass data modification or deletion of entire tables by requiring explicit targeting of rows for such operations. Unlike runtime checks, this plugin performs static analysis during development, providing immediate feedback through ESLint warnings or errors before code is deployed. This ensures that potentially destructive database queries are identified and corrected early in the development lifecycle, significantly reducing the risk of data loss. While a specific release cadence is not yet established for this relatively new plugin, its initial stable release indicates a commitment to Kysely ecosystem safety. It differentiates itself by offering Kysely-specific static analysis for a critical aspect of database interaction.","status":"active","version":"1.0.1","language":"javascript","source_language":"en","source_url":null,"tags":["javascript","eslint","eslintplugin","eslint-plugin","kysely"],"install":[{"cmd":"npm install eslint-plugin-safe-kysely","lang":"bash","label":"npm"},{"cmd":"yarn add eslint-plugin-safe-kysely","lang":"bash","label":"yarn"},{"cmd":"pnpm add eslint-plugin-safe-kysely","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Required peer dependency for ESLint configuration and execution.","package":"eslint","optional":false}],"imports":[{"note":"ESLint plugins are activated by listing their short name (without the `eslint-plugin-` prefix) in the `plugins` array of your `.eslintrc.json` file. Rules are then enabled under the `rules` section, prefixed with the plugin name.","symbol":"Plugin Registration (JSON Config)","correct":"{\n  \"plugins\": [\"safe-kysely\"],\n  \"rules\": {\n    \"safe-kysely/enforce-where-clause\": \"error\"\n  }\n}"},{"note":"For JavaScript-based ESLint configurations (`.eslintrc.js`), the plugin module can be directly `require`d and passed as an object into the `plugins` array.","wrong":"import safeKyselyPlugin from 'eslint-plugin-safe-kysely'; // CommonJS 'require' is typically used for .eslintrc.js","symbol":"Plugin Object (JavaScript Config)","correct":"const safeKyselyPlugin = require('eslint-plugin-safe-kysely');\n\nmodule.exports = {\n  plugins: [safeKyselyPlugin],\n  rules: {\n    \"safe-kysely/enforce-where-clause\": \"error\"\n  }\n};"},{"note":"Individual rules provided by plugins must always be prefixed with the plugin's registered name (e.g., `safe-kysely/rule-name`) when enabling them in the `rules` section.","wrong":"\"enforce-where-clause\": \"error\" // Missing plugin name prefix","symbol":"Rule Configuration (Specific Options)","correct":"\"safe-kysely/enforce-where-clause\": [\"error\", { /* optional specific rule settings */ }]"}],"quickstart":{"code":"npm install eslint --save-dev\nnpm install eslint-plugin-safe-kysely --save-dev\n\n# .eslintrc.json\n{\n  \"env\": {\n    \"node\": true,\n    \"es2021\": true\n  },\n  \"extends\": [\n    \"eslint:recommended\"\n  ],\n  \"parserOptions\": {\n    \"ecmaVersion\": \"latest\",\n    \"sourceType\": \"module\"\n  },\n  \"plugins\": [\n    \"safe-kysely\"\n  ],\n  \"rules\": {\n    \"safe-kysely/enforce-where-clause\": \"error\"\n  }\n}\n\n// example.ts (assuming Kysely and database client setup)\nimport { Kysely, PostgresDialect } from 'kysely';\nimport { Pool } from 'pg';\n\ninterface Database {\n  person: {\n    id: string;\n    first_name: string;\n    last_name: string;\n    age: number;\n  };\n}\n\nconst db = new Kysely<Database>({\n  dialect: new PostgresDialect({\n    pool: new Pool({\n      connectionString: process.env.DATABASE_URL ?? 'postgresql://user:password@host:port/database',\n    }),\n  }),\n});\n\nasync function updatePersonAge(id: string, newAge: number) {\n  // This operation is valid as it includes a .where() clause\n  await db\n    .updateTable('person')\n    .set({ age: newAge })\n    .where('id', '=', id)\n    .execute();\n  console.log(`Person ${id} age updated to ${newAge}.`);\n}\n\n// Example of an invalid operation (would be flagged by ESLint)\n// await db.updateTable('person').set({ age: 0 }).execute(); \n\nupdatePersonAge('123', 30);\n","lang":"typescript","description":"Demonstrates the installation of the plugin, ESLint configuration to enable the rule, and a Kysely update operation that correctly includes a `where` clause, satisfying the `enforce-where-clause` rule."},"warnings":[{"fix":"Ensure `\"safe-kysely\"` is included in the `plugins` array in your `.eslintrc.json` or `.eslintrc.js` file.","message":"Forgetting to add `safe-kysely` to the `plugins` array in your ESLint configuration will prevent the rule from being recognized or applied.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always use the full rule identifier, such as `\"safe-kysely/enforce-where-clause\": \"error\"`.","message":"When enabling rules from `eslint-plugin-safe-kysely`, you must prefix the rule name with `safe-kysely/`. Omitting this prefix (e.g., just `enforce-where-clause`) will result in ESLint not finding the rule.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Supplement this plugin with manual code reviews or additional static analysis tools for comprehensive database query safety beyond `updateTable` and `deleteFrom`.","message":"This plugin specifically targets `updateTable` and `deleteFrom` methods for `where` clause enforcement. It does not provide checks for other potentially unsafe Kysely operations, such as raw SQL queries or complex builder patterns outside of its defined scope.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Run `npm install eslint-plugin-safe-kysely --save-dev` and ensure `\"safe-kysely\"` is added to the `plugins` array in your `.eslintrc.json` or `.eslintrc.js` file.","cause":"The `eslint-plugin-safe-kysely` package is not installed, or it's not listed in the `plugins` array of your ESLint configuration.","error":"ESLint: Definition for rule 'safe-kysely/enforce-where-clause' was not found"},{"fix":"Add a `.where()` method call to your Kysely query chain to specify the rows to be affected, e.g., `.where('id', '=', 1)` or `.where({ foo: 'bar' })`.","cause":"An `updateTable` or `deleteFrom` operation is attempted without a subsequent `.where()` call in the Kysely query builder chain.","error":"Missing `where` clause with updateTable (or Missing `where` clause with deleteFrom)"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}