June 25, 2024

Introducing global omit for model fields in Prisma ORM 5.16.0!

Discover the powerful new feature in Prisma ORM 5.16.0 that lets you globally or locally omit specific fields from your queries. Whether you need to ensure sensitive information (like a password) is never exposed or you want to streamline data retrieval for a single query, Prisma ORM has you covered. In this blog post, learn how to enhance your data management with code examples and guidance.

An image describing a new feature with Prisma ORM version 5.16.0. It shows a User model with a password field that is omitted. Text reads "globally or locally omit fields returned by Prisma Client queries"

With Prisma ORM 5.16.0, we’re excited to introduce a global way of omitting fields from Prisma Client queries! This highly requested feature was directly influenced by the feedback we’ve received from our community through reactions on GitHub issues as well as feedback on our original implementation of the omitApi Preview feature. Thank you very much to everyone who helped us continue to develop this feature!

We believe that this release helps enhance developers’ need to balance performance and experience against security and privacy. Read on as we use this feature to simplify how you manage sensitive data in your query results.

Omitting fields in Prisma ORM 5.16.0

With the omitApi Preview feature, originally released with Prisma ORM 5.13.0, you can now omit fields from your queries alongside the existing select functionality or on Prisma Client initialization. You can choose to omit fields globally, such as user passwords, or define fields to omit on a per-query basis, such as fields that aren’t necessary in all views. It’s now easier than ever to only send your frontend the data it needs.

How to omit fields globally

On Prisma Client initialization, you have the ability to mark fields as “omitted”. This means that for any query on that Prisma Client instance, those fields will never be returned. For example, you can initialize Prisma Client and always omit user passwords.

This can be overridden at the individual query level, if you want to re-include a globally omitted field:

How to omit fields locally

Originally released in Prisma ORM 5.13.0, the per-query version of the omitApi preview feature is also available. This feature allows you to omit fields at the per-query level, similar to how you would use select.

Now you have the flexibility to omit a field globally and only select it in specific circumstances, or vice versa!

When to omit fields

Now that there are two ways to omit fields, the most common question is “when should I use each approach?”

If you are concerned about security or exposing sensitive information, you will want to use a global omit in most cases. This will guarantee that new queries written do not inadvertently include sensitive data in your queries. A solid use case for this would be always omitting user passwords.

If, however, you are concerned about data optimization, you will want to use a local omit. This will allow you to continue to use all fields on a model in most queries and then slim down the model where amount of data transferred is a concern. For example, if you have a table where the data in each column is fairly light, but there is one column that contains a large amount of JSON or Blob data, you could easily exclude that column so that your app isn’t required to transfer all of that data for each request.

We want your continued feedback!

The ability to omit fields globally is our most requested feature and we’re excited to include this in our 5.16.0 release. If you have feedback please do not hesitate to add to our dedicated GitHub discussion. We’ve had some great conversations about our omitApi Preview feature so far and we’re excited to keep those conversations going.

Don’t miss the next post!

Sign up for the Prisma Newsletter