Skip to main content

Home Articles npm Scorecard

Build Securely.

Engineering Leader & Open Source Creator. Architect of the Interlace ESLint Ecosystem.

GitHub
Dev.to
LinkedIn
X

© 2026 Ofri Peretz. All rights reserved.

Articles

Engineering writing on static analysis, ESLint, security, and AI-native developer tooling.

Filtered by tag #database · clear filter

Dec 31, 2025
BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.
pool.query('BEGIN') runs on a different pooled client than the UPDATE that follows it — so your 'transaction' isn't atomic and corrupts data under load. The race condition (CWE-362), the dedicated-client fix, and the pg ESLint rule that catches every BEGIN/COMMIT on a pool.
#eslint#postgres#node+1
5 min
Dec 31, 2025
A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.
A node-postgres connection leak took our API down: 100 connections gone in 2 minutes on normal traffic. The post-mortem, the finally/pool.query fix, and the structural ESLint rule that flags a checked-out client that's never released — before it merges.
#eslint#postgres#node+1
005 min0
Dec 31, 2025
pg Lets You Concatenate SQL, Hijack search_path, and Leak Every Connection. 13 ESLint Rules Say No.
SQL injection, search_path schema hijacking, and the missing client.release() that exhausts your pool — node-postgres bugs that pass tests and take down production. 13 CWE-mapped ESLint rules that catch them in CI.
#eslint#postgres#node+1
9 min