Prisma Client
npm@prisma/clientPrisma Client is the auto-generated type-safe database client for Node.js, used with Prisma ORM to query PostgreSQL, MySQL, SQLite, MongoDB, and other databases. It reads the `DATABASE_URL` environment variable and is the primary data access layer in most Next.js and NestJS applications. A Prisma Client holds credentials for the production database.
Checking Prisma Client
@prisma/client 5.18.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=%40prisma%2Fclient&version=5.18.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "@prisma/client",
"version": "5.18.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
Database ORM packages parse and hold the production database connection string. A compromised version can exfiltrate the connection URL and execute raw queries against the database, bypassing all application-level authorization logic.
Attestd monitors @prisma/client using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
npm_deprecationnpm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.