Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Prisma Client Python is a next-generation ORM built on top of Prisma that has been designed from the ground up for ease of use and correctness.
Prisma is a TypeScript ORM with zero-cost type safety for your database, although don't worry, Prisma Client Python interfaces with Prisma using Rust, you don't need Node or TypeScript.
Prisma Client Python can be used in any Python backend application. This can be a REST API, a GraphQL API or anything else that needs a database.
Note that the only language server that is known to support this form of autocompletion is Pylance / Pyright.
Unlike other Python ORMs, Prisma Client Python is fully type safe and offers native support for usage with and without async
. All you have to do is specify the type of client you would like to use for your project in the Prisma schema file.
However, the arguably best feature that Prisma Client Python provides is autocompletion support (see the GIF above). This makes writing database queries easier than ever!
Core features:
Supported database providers:
Have any questions or need help using Prisma? Join the community discord!
If you don't want to join the discord you can also:
@Robert Craigie
This section provides a high-level overview of how Prisma works and its most important technical components. For a more thorough introduction, visit the documentation.
Every project that uses a tool from the Prisma toolkit starts with a Prisma schema file. The Prisma schema allows developers to define their application models in an intuitive data modeling language. It also contains the connection to a database and defines a generator:
// database
datasource db {
provider = "sqlite"
url = "file:database.db"
}
// generator
generator client {
provider = "prisma-client-py"
recursive_type_depth = 5
}
// data models
model Post {
id Int @id @default(autoincrement())
title String
content String?
views Int @default(0)
published Boolean @default(false)
author User? @relation(fields: [author_id], references: [id])
author_id Int?
}
model User {
id Int @id @default(autoincrement())
email String @unique
name String?
posts Post[]
}
In this schema, you configure three things:
On this page, the focus is on the generator as this is the only part of the schema that is specific to Prisma Client Python. You can learn more about Data sources and Data models on their respective documentation pages.
A prisma schema can define one or more generators, defined by the generator
block.
A generator determines what assets are created when you run the prisma generate
command. The provider
value defines which Prisma Client will be created. In this case, as we want to generate Prisma Client Python, we use the prisma-client-py
value.
You can also define where the client will be generated to with the output
option. By default Prisma Client Python will be generated to the same location it was installed to, whether that's inside a virtual environment, the global python installation or anywhere else that python packages can be imported from.
For more options see configuring Prisma Client Python.
Just want to play around with Prisma Client Python and not worry about any setup? You can try it out online on gitpod.
The first step with any python project should be to setup a virtual environment to isolate installed packages from your other python projects, however that is out of the scope for this page.
In this example we'll use an asynchronous client, if you would like to use a synchronous client see setting up a synchronous client.
pip install -U prisma
Now that we have Prisma Client Python installed we need to actually generate the client to be able to access the database.
Copy the Prisma schema file shown above to a schema.prisma
file in the root directory of your project and run:
prisma db push
This command will add the data models to your database and generate the client, you should see something like this:
Prisma schema loaded from schema.prisma
Datasource "db": SQLite database "database.db" at "file:database.db"
SQLite database database.db created at file:database.db
🚀 Your database is now in sync with your schema. Done in 26ms
✔ Generated Prisma Client Python to ./.venv/lib/python3.9/site-packages/prisma in 265ms
It should be noted that whenever you make changes to your schema.prisma
file you will have to re-generate the client, you can do this automatically by running prisma generate --watch
.
The simplest asynchronous Prisma Client Python application will either look something like this:
import asyncio
from prisma import Prisma
async def main() -> None:
prisma = Prisma()
await prisma.connect()
# write your queries here
user = await prisma.user.create(
data={
'name': 'Robert',
'email': 'robert@craigie.dev'
},
)
await prisma.disconnect()
if __name__ == '__main__':
asyncio.run(main())
or like this:
import asyncio
from prisma import Prisma
from prisma.models import User
async def main() -> None:
db = Prisma(auto_register=True)
await db.connect()
# write your queries here
user = await User.prisma().create(
data={
'name': 'Robert',
'email': 'robert@craigie.dev'
},
)
await db.disconnect()
if __name__ == '__main__':
asyncio.run(main())
For a more complete list of queries you can perform with Prisma Client Python see the documentation.
All query methods return pydantic models.
Retrieve all User
records from the database
users = await db.user.find_many()
Include the posts
relation on each returned User
object
users = await db.user.find_many(
include={
'posts': True,
},
)
Retrieve all Post
records that contain "prisma"
posts = await db.post.find_many(
where={
'OR': [
{'title': {'contains': 'prisma'}},
{'content': {'contains': 'prisma'}},
]
}
)
Create a new User
and a new Post
record in the same query
user = await db.user.create(
data={
'name': 'Robert',
'email': 'robert@craigie.dev',
'posts': {
'create': {
'title': 'My first post from Prisma!',
},
},
},
)
Update an existing Post
record
post = await db.post.update(
where={
'id': 42,
},
data={
'views': {
'increment': 1,
},
},
)
All Prisma Client Python methods are fully statically typed, this means you can easily catch bugs in your code without having to run it!
For more details see the documentation.
Prisma Client Python connects to the database and executes queries using Prisma's rust-based Query Engine, of which the source code can be found here: https://github.com/prisma/prisma-engines.
Prisma Client Python exposes a CLI interface which wraps the Prisma CLI. This works by downloading a Node binary, if you don't already have Node installed on your machine, installing the CLI with npm
and running the CLI using Node.
The CLI interface is the exact same as the standard Prisma CLI with some additional commands.
Prisma Client Python is not an official Prisma product although it is very generously sponsored by Prisma.
Prisma Client Python is a fairly new project and as such there are some features that are missing or incomplete.
Prisma Client Python query arguments make use of TypedDict
types. Support for completion of these types within the Python ecosystem is now fairly widespread. This section is only here for documenting support.
Supported editors / extensions:
TypedDict
s
user = await db.user.find_first(
where={
'|'
}
)
Given the cursor is where the |
is, an IDE should suggest the following completions:
While there has currently not been any work done on improving the performance of Prisma Client Python queries, they should be reasonably fast as the core query building and connection handling is performed by Prisma. Performance is something that will be worked on in the future and there is room for massive improvements.
Windows, MacOS and Linux are all officially supported.
Prisma Client Python is not stable.
Breaking changes will be documented and released under a new MINOR version following this format.
MAJOR
.MINOR
.PATCH
New releases are scheduled bi-weekly, however as this is a solo project, no guarantees are made that this schedule will be stuck to.
We use conventional commits (also known as semantic commits) to ensure consistent and descriptive commit messages.
See the contributing documentation for more information.
This project would not be possible without the work of the amazing folks over at prisma.
Massive h/t to @steebchen for his work on prisma-client-go which was incredibly helpful in the creation of this project.
This README is also heavily inspired by the README in the prisma/prisma repository.
FAQs
Prisma Client Python is an auto-generated and fully type-safe database client
We found that prisma demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.