@elytrasec/engine 0.4.7 → 0.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +3 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -3985,7 +3985,9 @@ var performanceRules = [
|
|
|
3985
3985
|
title: "Potential N+1 query \u2014 database call inside a loop",
|
|
3986
3986
|
description: "A database query inside a loop makes N separate round-trips instead of 1 batch query. This causes severe performance degradation at scale.",
|
|
3987
3987
|
suggestion: "Batch the queries: collect all IDs first, then execute a single WHERE IN query.",
|
|
3988
|
-
|
|
3988
|
+
// Tightened: only fire on PROMISE-shaped DB calls. Array.prototype.find/map on a local var
|
|
3989
|
+
// is NOT an N+1 — must be `await ...` OR namespaced like `db.find`/`prisma.user.findUnique`.
|
|
3990
|
+
multilinePattern: /(?:for|while)\s*\([^)]*\)\s*\{[\s\S]{0,500}?(?:await\s+\w+(?:\.\w+)*\.(?:find|findOne|findUnique|query|execute)\s*\(|\b(?:db|prisma|sequelize|knex|mongoose|repo|repository)\.\w+\.\s*(?:find|findOne|findUnique|query|execute)\s*\(|SELECT\b.*FROM)/,
|
|
3989
3991
|
severity: "high",
|
|
3990
3992
|
category: "performance",
|
|
3991
3993
|
confidence: "medium",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@elytrasec/engine",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.8",
|
|
4
4
|
"description": "Core analysis engine for Elytra \u2014 196 detection rules across Solidity, Solana/Anchor (Rust), JS/TS, Python, Go, IaC. 12 famous-hack patterns, 11 rug-surface, 5 modern-DeFi + 3 modern-Solidity-v2, 12 Solana detectors.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "ElytraSec <hello@elytrasec.io>",
|