@explita/prisma-audit-log
Advanced tools
A Prisma extension for automatic audit logging of database operations.
updatedAt/updated_at changed (noise-free logs)npm install @explita/prisma-audit-log
# or
yarn add @explita/prisma-audit-log
# or
pnpm add @explita/prisma-audit-log
import { PrismaClient } from "@prisma/client";
import { auditLogExtension } from "@explita/prisma-audit-log";
import { getContext } from "..."; // or your auth context
const prisma = new PrismaClient().$extends(
auditLogExtension({
// Optional: Only include specific models
// includeModels: ['User', 'Post'],
// Optional: Exclude specific models
// excludeModels: ['SensitiveData'],
// Get context for audit logs.
// The values returned here will be merged with operation context.
// Make sure whatever returned matches your audit log schema.
getContext: () => {
const { auth, req } = getContext();
return {
userId: auth.id,
companyId: auth.companyId,
ipAddress: req.ip,
metadata: {
ip: req.ip,
browser: req.headers["user-agent"],
},
};
},
// Optional: Mask sensitive fields
maskFields: ["password", "token"],
maskValue: "[REDACTED]", // default value
// Optional: Configure field inclusion/exclusion per model
fieldFilters: {
// Exclude sensitive fields from User model
User: {
exclude: ["password", "tokens", "refreshToken"],
},
// Only include specific fields for Payment model
Payment: {
include: ["id", "amount", "status", "createdAt"],
},
},
// Optional: Truncate long values
maxStringLength: 1000,
maxArrayLength: 50,
// Optional: Custom logger
logger: (log) => {
// Send logs to your logging service
console.log("AUDIT:", log);
// log can be an array of AuditLog objects
},
// Skip logging for specific operations
skip: ({ model, operation, args }) => {
// Skip logging for specific models or operations
if (model === "Session" && operation === "create") return true;
// Skip logging for specific conditions
if (model === "User" && args?.data?.isSystemUpdate) return true;
// Skip logging for specific operations on specific models
if (model === "AuditLog" || model === "audit_logs") return true;
return false;
},
// Timestamp-only updates are skipped automatically, so no extra config needed
})
);
Add this to your Prisma schema:
model AuditLog {
id String @id @default(cuid())
userId String? @map("user_id")
recordId String @map("record_id")
action String
model String
oldData Json? @map("old_data")
newData Json? @map("new_data")
changedFields String[] @map("changed_fields")
ipAddress String? @map("ip_address")
userAgent String? @map("user_agent")
metadata Json?
createdAt DateTime @default(now()) @map("created_at")
@@map("audit_logs")
}
// Example Fastify route
route.put("/test/:id", async (request, reply) => {
// These operations will be automatically logged
await db.branch.update({
where: { id: "123" },
data: { address: "123 Main St" },
});
await db.branch.updateMany({
where: { phone: "0123456789" },
data: { phone: "1023456789" },
});
reply.send("Operations completed");
});
| Option | Type | Description |
|---|---|---|
includeModels | string[] | Only log operations on these models |
excludeModels | string[] | Exclude these models from logging |
getContext | () => AuditContext | Function to get current context (user, IP, etc.) |
maskFields | string[] | Fields to mask in logs |
maskValue | any | Value to use for masked fields (default: [REDACTED]) |
maxStringLength | number | Truncate long strings |
maxArrayLength | number | Truncate large arrays |
maxPayloadBytes | number | Maximum JSON payload size (before truncation) |
fieldFilters | { [model: string]: { include?: string[]; exclude?: string[] } } | Configure field inclusion/exclusion per model. Use include to whitelist fields or exclude to blacklist them. |
skip | (params: { model: string; operation: string; args: any }) => boolean | Promise<boolean> | Skip logging for specific operations |
logger | (log: AuditLog | AuditLog[]) => void | Custom logger function for audit logs |
MIT
Built with ❤️ by Explita
FAQs
A Prisma extension for automatic audit logging
The npm package @explita/prisma-audit-log receives a total of 224 weekly downloads. As such, @explita/prisma-audit-log popularity was classified as not popular.
We found that @explita/prisma-audit-log demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.