orm-doctor 1.0.0 → 1.0.1

package/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2026 Noctis Nova
+Built and maintained by Noctis Nova — https://noctisnova.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "orm-doctor",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Static analysis CLI for detecting ORM/database bottlenecks in TypeScript and Prisma/Drizzle codebases.",
   "type": "module",
   "bin": {

package/src/advanced.js

@@ -1,4 +1,4 @@
-/**
+/**
  * advanced.js — orm-doctor
  *
  * The advanced query-analysis engine. These rules catch the database bugs that
@@ -128,7 +128,7 @@ export async function scanUnsafeRawQueries(projectPath) {
           `\`${name}\` is called with a dynamically-built SQL string — this is a SQL injection hole. ` +
           "Any user input in that string can run arbitrary SQL. Use a tagged-template `prisma.$queryRaw\\`...\\`` " +
           "with ${} placeholders (auto-parameterised), or pass values as separate parameters to the Unsafe variant.",
-        docs: "https://noctisnova.com/docs/orm/raw-query-safety",
+        docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
         penalty: PENALTY_UNSAFE_RAW,
       });
     }
@@ -179,7 +179,7 @@ export async function scanMassMutations(projectPath) {
           `\`${name}\` has no \`where\` clause — it will ${name === "deleteMany" ? "DELETE every row" : "UPDATE every row"} in the table. ` +
           "A single accidental call wipes or rewrites all your data. Always scope mass mutations with a `where` filter " +
           "(use `where: {}` explicitly only if you truly mean the whole table, and guard it).",
-        docs: "https://noctisnova.com/docs/orm/mass-mutations",
+        docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
         penalty: PENALTY_MASS_MUTATION,
       });
     }
@@ -228,7 +228,7 @@ export async function scanMissingPagination(projectPath) {
           "`findMany()` has no `take` or `cursor` — it loads the ENTIRE table into memory. " +
           "That's fine with 10 rows and fatal with 1,000,000: the query slows linearly and can OOM the server. " +
           "Add `take` (and `cursor`/`skip`) to paginate.",
-        docs: "https://noctisnova.com/docs/orm/pagination",
+        docs: "https://noctisnova.com/tools/orm-doctor/orm-performance-checklist",
         penalty: PENALTY_MISSING_PAGINATION,
       });
     }
@@ -291,7 +291,7 @@ export async function scanPrismaSingleton(projectPath) {
       line,
       snippet: trimSnippet(lines[line - 1] ?? "new PrismaClient()"),
       message,
-      docs: "https://noctisnova.com/docs/orm/prisma-singleton",
+      docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
       penalty: PENALTY_PRISMA_SINGLETON,
     });
   }
@@ -352,7 +352,7 @@ export async function scanMissingTransaction(projectPath) {
           `This function performs ${writes.length} write operations that aren't wrapped in a transaction. ` +
           "If the process crashes between writes, your data is left half-updated (e.g. money debited but not credited). " +
           "Wrap dependent writes in `prisma.$transaction([...])` (or the interactive `$transaction(async (tx) => {...})`) so they all commit or all roll back.",
-        docs: "https://noctisnova.com/docs/orm/transactions",
+        docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
         penalty: PENALTY_MISSING_TX,
       });
     }
@@ -428,7 +428,7 @@ export async function scanMissingRelationActions(schemaPath) {
           `Relation \`${block.name}.${item.name}\` has no \`onDelete\` action. The default (\`Restrict\`/\`SetNull\`) ` +
           "is often not what you want — deleting a parent can either fail unexpectedly or silently orphan children. " +
           "Set it explicitly: `onDelete: Cascade` (delete children) or `Restrict` (block) so the behaviour is intentional.",
-        docs: "https://noctisnova.com/docs/orm/referential-actions",
+        docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
         penalty: PENALTY_RELATION_ACTION,
       });
     }

package/src/scanner.js

@@ -1,4 +1,4 @@
-/**
+/**
  * scanner.js
  * AST-based static analyzer for ORM/database bottleneck detection.
  * Uses ts-morph for TypeScript traversal and @mrleebo/prisma-ast for schema parsing.
@@ -525,7 +525,7 @@ export async function scanSeedFiles(projectPath) {
           message:
             "Hardcoded ID in seed data — conflicts on re-seed and breaks across environments. " +
             "Let Prisma generate IDs with @default(cuid()) and store references in variables.",
-          docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+          docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
           penalty: SEED_HARDCODED_ID_PENALTY,
         });
       }
@@ -554,7 +554,7 @@ export async function scanSeedFiles(projectPath) {
           "Seed file creates records without first clearing existing data. " +
           "Re-running the seed (common in CI) will throw duplicate key errors. " +
           "Add prisma.<model>.deleteMany({}) at the top of your seed in dependency order.",
-        docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+        docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
         penalty: SEED_NO_TRUNCATE_PENALTY,
       });
     }
@@ -576,7 +576,7 @@ export async function scanSeedFiles(projectPath) {
           "Seed file does not call prisma.$disconnect(). " +
           "The Node.js process will hang in CI until the connection times out. " +
           "Wrap your seed in try/finally and call prisma.$disconnect() in the finally block.",
-        docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+        docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
         penalty: SEED_NO_DISCONNECT_PENALTY,
       });
     }
@@ -597,7 +597,7 @@ export async function scanSeedFiles(projectPath) {
         message:
           `Seed file contains ${totalCreates} create() calls — this may exceed CI timeout limits (typically 30s). ` +
           "Use createMany() with a data array for bulk inserts, or split into chunked batches with Promise.all.",
-        docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+        docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
         penalty: SEED_LARGE_BATCH_PENALTY,
       });
     }

package/src/ui.js

@@ -1,4 +1,4 @@
-/**
+/**
  * ui.js
  * Terminal UI components for orm-doctor.
  * Produces a react-doctor-style numbered issue list with severity badges,
@@ -55,7 +55,7 @@ const RULE_META = {
       "`$queryRawUnsafe(`SELECT * FROM users WHERE email = '${email}'`)` lets an attacker pass " +
       "`' OR '1'='1` and dump your whole users table. This is the #1 most-exploited web vulnerability.",
     severity: "critical",
-    docs: "https://noctisnova.com/docs/orm/raw-query-safety",
+    docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
   },
 
   "mass-mutation": {
@@ -71,7 +71,7 @@ const RULE_META = {
       "`prisma.user.deleteMany()` with no where deletes every user in the database. There's no undo. " +
       "This has ended companies — a missing where on a delete is a data-loss incident waiting to happen.",
     severity: "critical",
-    docs: "https://noctisnova.com/docs/orm/mass-mutations",
+    docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
   },
 
   "missing-pagination": {
@@ -87,7 +87,7 @@ const RULE_META = {
       "A dashboard that does `findMany()` on an `events` table is instant at launch and times out (or OOMs " +
       "the server) a year later when that table has 5 million rows. Pagination would have kept it at 20ms.",
     severity: "warning",
-    docs: "https://noctisnova.com/docs/orm/pagination",
+    docs: "https://noctisnova.com/tools/orm-doctor/orm-performance-checklist",
   },
 
   "prisma-singleton": {
@@ -104,7 +104,7 @@ const RULE_META = {
       "In Next.js dev, every file save creates another PrismaClient — after a few minutes you hit " +
       "'too many connections' and the whole app stops talking to the database until you restart.",
     severity: "warning",
-    docs: "https://noctisnova.com/docs/orm/prisma-singleton",
+    docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
   },
 
   "missing-transaction": {
@@ -120,7 +120,7 @@ const RULE_META = {
       "A transfer that debits one account then credits another: if the server crashes between the two writes, " +
       "money vanishes. A transaction guarantees both happen or neither does.",
     severity: "warning",
-    docs: "https://noctisnova.com/docs/orm/transactions",
+    docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
   },
 
   "missing-relation-action": {
@@ -136,7 +136,7 @@ const RULE_META = {
       "Deleting a User whose Posts have no onDelete either errors out ('foreign key constraint') or leaves " +
       "orphaned Posts pointing at a user that no longer exists. Setting it explicitly removes the surprise.",
     severity: "info",
-    docs: "https://noctisnova.com/docs/orm/referential-actions",
+    docs: "https://noctisnova.com/tools/orm-doctor/database-safety-and-performance",
   },
 
   "missing-index": {
@@ -170,7 +170,7 @@ const RULE_META = {
       "Re-running a seed in CI after the first run throws a unique constraint violation and fails " +
       "the build. Copying the seed to a new environment creates silent data conflicts.",
     severity: "warning",
-    docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+    docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
   },
 
   "seed-no-truncate": {
@@ -187,7 +187,7 @@ const RULE_META = {
       "Your CI suite passes on the first run after a fresh database, then fails every subsequent " +
       "run with 'Unique constraint failed' until someone manually wipes the database.",
     severity: "warning",
-    docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+    docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
   },
 
   "seed-no-disconnect": {
@@ -203,7 +203,7 @@ const RULE_META = {
       "CI jobs appear to complete (seed ran successfully) but the process never exits — the job " +
       "hits a timeout minutes later and is marked as failed.",
     severity: "info",
-    docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+    docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
   },
 
   "seed-large-batch": {
@@ -220,7 +220,7 @@ const RULE_META = {
       "A seed with 200 individual create() calls takes 4–8 seconds locally and 20–60 seconds in " +
       "CI depending on DB latency. Batching into createMany() cuts that to under 1 second.",
     severity: "warning",
-    docs: "https://noctisnova.com/docs/orm/seed-best-practices",
+    docs: "https://noctisnova.com/tools/orm-doctor/seed-best-practices",
   },
 };