Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More β†’
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

zenstack

Package Overview
Dependencies
Maintainers
2
Versions
314
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

zenstack

Build scalable web apps with minimum code by defining authorization and validation rules inside the data schema that closer to the database

  • 1.4.1
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
11K
increased by48.51%
Maintainers
2
Weekly downloads
Β 
Created
Source

ZenStack

What it is

ZenStack is a Node.js/TypeScript toolkit that simplifies the development of a web app's backend. It supercharges Prisma ORM with a powerful access control layer and unleashes its full potential for full-stack development.

Our goal is to let you save time writing boilerplate code and focus on building real features!

How it works

Read full documentation at πŸ‘‰πŸ» zenstack.dev.

ZenStack incrementally extends Prisma's power with the following four layers:

1. ZModel - an extended Prisma schema language

ZenStack introduces a data modeling language called "ZModel" - a superset of Prisma schema language. It extended Prisma schema with custom attributes and functions and, based on that, implemented a flexible access control layer around Prisma.

// schema.zmodel

model Post {
    id String @id
    title String
    published Boolean @default(false)
    author User @relation(fields: [authorId], references: [id])
    authorId String

    // πŸ” allow logged-in users to read published posts
    @@allow('read', auth() != null && published)

    // πŸ” allow full CRUD by author
    @@allow('all', author == auth())
}

The zenstack CLI transpiles the ZModel into a standard Prisma schema, which you can use with the regular Prisma workflows.

2. Runtime enhancements to Prisma client

At runtime, transparent proxies are created around Prisma clients for intercepting queries and mutations to enforce access policies.

import { enhance } from '@zenstackhq/runtime';

// a regular Prisma client
const prisma = new PrismaClient();

async function getPosts(userId: string) {
    // create an enhanced Prisma client that has access control enabled
    const enhanced = enhance(prisma, { user: userId });

    // only posts that're visible to the user will be returned
    return enhanced.post.findMany();
}

3. Automatic RESTful APIs through server adapters

Server adapter packages help you wrap an access-control-enabled Prisma client into backend CRUD APIs that can be safely called from the frontend. Here's an example for Next.js:

// pages/api/model/[...path].ts

import { requestHandler } from '@zenstackhq/next';
import { enhance } from '@zenstackhq/runtime';
import { getSessionUser } from '@lib/auth';
import { prisma } from '@lib/db';

// Mount Prisma-style APIs: "/api/model/post/findMany", "/api/model/post/create", etc.
// Can be configured to provide standard RESTful APIs (using JSON:API) instead.
export default requestHandler({
    getPrisma: (req, res) => enhance(prisma, { user: getSessionUser(req, res) }),
});

4. Generated client libraries (hooks) for data access

Plugins can generate strong-typed client libraries that talk to the aforementioned APIs. Here's an example for React:

// components/MyPosts.tsx

import { useFindManyPost } from '@lib/hooks';

const MyPosts = () => {
    // list all posts that're visible to the current user, together with their authors
    const { data: posts } = useFindManyPost({
        include: { author: true },
        orderBy: { createdAt: 'desc' },
    });

    return (
        <ul>
            {posts?.map((post) => (
                <li key={post.id}>
                    {post.title} by {post.author.name}
                </li>
            ))}
        </ul>
    );
};

Architecture

The following diagram gives a high-level architecture overview of ZenStack.

Architecture

Links

Features

  • Access control and data validation rules right inside your Prisma schema
  • Auto-generated OpenAPI (RESTful) specifications, services, and client libraries
  • End-to-end type safety
  • Extensible: custom attributes, functions, and a plugin system
  • A framework-agnostic core with framework-specific adapters
  • Uncompromised performance

Plugins

Framework adapters

Prisma schema extensions

Examples

Todo SaaS App

Check out the Collaborative Todo App for a running example. You can find different implementations below:

Blog App

Community

Join our discord server for chat and updates!

Contributing

If you like ZenStack, join us to make it a better tool! Please use the Contributing Guide for details on how to get started, and don't hesitate to join Discord to share your thoughts.

License

MIT

Keywords

FAQs

Package last updated on 08 Dec 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Fluent Assertions Faces Backlash After Abandoning Open Source Licensing

Security News

Fluent Assertions Faces Backlash After Abandoning Open Source Licensing

Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.

By Sarah GoodingΒ  - Β Jan 18, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚑️ by Socket Inc