eslint-plugin-drizzle

0.2.3 verified Sat Apr 25 auth: no javascript

An ESLint plugin for Drizzle ORM users to avoid common pitfalls and enforce best practices. Version 0.2.3 (stable). Maintained by the Drizzle team. Provides rules like `enforce-update-with-where` to prevent accidental full table updates/deletes, and `drizzle-object-injection` to detect SQL injection via object keys in Drizzle queries. Works with ESLint 8+. Released as needed with fixes and rule additions.

Common errors

error Error: Failed to load plugin 'drizzle' declared in '.eslintrc.js': Cannot find module 'eslint-plugin-drizzle' ↓

cause Plugin not installed or CommonJS require used.

fix

Run npm install eslint-plugin-drizzle --save-dev and ensure ESM import.

error Error: 'drizzle/enforce-update-with-where' is not a valid ESLint rule name. ↓

cause Rule name mistyped or not registered.

fix

Check rule names: 'enforce-update-with-where', 'drizzle-object-injection', 'invalid-auth-token'.

Warnings

gotcha ESM-only: package does not provide CommonJS export. ↓

fix Use dynamic import or ensure ESLint is configured for ESM.

gotcha Rule names are camelCase but ESLint convention uses kebab-case when referencing in config. ↓

fix Use kebab-case in rules object (e.g., 'drizzle/enforce-update-with-where').

gotcha Plugin requires ESLint >=8.0.0. ↓

fix Upgrade ESLint to version 8 or later.

breaking In v0.2.0, rule 'drizzle-object-injection' was added; prior versions may not have it. ↓

fix Update to v0.2.0+ to use the rule.

Install

npm install eslint-plugin-drizzle

yarn add eslint-plugin-drizzle

pnpm add eslint-plugin-drizzle

Imports

plugin

wrong

const drizzlePlugin = require('eslint-plugin-drizzle')

correct

import drizzlePlugin from 'eslint-plugin-drizzle'

ESM-only; no CommonJS export. Use dynamic import if needed.

rules

wrong

import rules from 'eslint-plugin-drizzle/rules'

correct

import { rules } from 'eslint-plugin-drizzle'

Named export for rules object; direct subpath import not supported.

enforceUpdateDeleteWithWhere

wrong

import { enforceUpdateDeleteWithWhereRule } from 'eslint-plugin-drizzle'

correct

import { enforceUpdateDeleteWithWhere } from 'eslint-plugin-drizzle'

Rule name in camelCase exported directly; no 'Rule' suffix.

drizzleObjectInjection

wrong

import { drizzleObjectInjectionRule } from 'eslint-plugin-drizzle'

correct

import { drizzleObjectInjection } from 'eslint-plugin-drizzle'

Exported as camelCase without 'Rule' suffix.

Quickstart

Configures ESLint to use eslint-plugin-drizzle rules, enforcing safe update/delete patterns and preventing SQL injection via object keys.

// .eslintrc.js
export default {
  plugins: {
    drizzle: await import('eslint-plugin-drizzle')
  },
  rules: {
    'drizzle/enforce-update-with-where': 'error',
    'drizzle/drizzle-object-injection': 'error',
    'drizzle/invalid-auth-token': 'warn'
  }
};