Hi Product Hunt! I'm Flavius, the maker of pgfence. I built pgfence after witnessing too many "routine" database migrations take down production apps. A seemingly harmless line like `ALTER TABLE users ADD COLUMN is_verified BOOLEAN NOT NULL DEFAULT false` takes an `ACCESS EXCLUSIVE` lock. It queues behind your longest-running query, and while it waits, every incoming connection cascades behind it. In seconds, your connection pool is exhausted and pods start crashing. The core problem is that modern ORMs (Prisma, TypeORM, Drizzle) completely hide these Postgres locking mechanics from developers. You merge a migration that looks completely benign, only to find out during deployment that it caused massive downtime. While a few migration linters exist in the Ruby and Go ecosystems, there was no native solution for Node.js. That meant parsing through raw DDL outputs, relying on manual reviews, or just hoping for the best. pgfence changes that. It's a source-available CLI written in TypeScript that hooks directly into your CI/CD pipeline or git hooks to catch dangerous migrations before they merge. Here is how it keeps your DB safe: 1. Lock Mode Prediction: It maps your statements to exact Postgres locks (`SHARE`, `ACCESS EXCLUSIVE`, etc.) and tells you what operations will be blocked. 2. DB-Size Aware Risk Scoring: Pass in a snapshot from your replica, and risk levels automatically escalate for large tables (since rewrites take longer). 3. Safe Rewrite Recipes: For every HIGH or CRITICAL finding, it generates the exact zero-downtime expand/contract SQL you should use instead. 4. Policy Enforcement: It fails your CI if your migration is missing critical safeguards like `lock_timeout` or `statement_timeout`. 5. Broad ORM Support: Works natively with Raw SQL, Prisma, TypeORM, Knex, Sequelize, and Drizzle. Running it against your codebase takes less than 30 seconds. I'll be in the comments all day, run it locally and let me know what it catches in your repo! I'm eager to hear your thoughts and feature requests.

pgfence

Stop dangerous Postgres migrations before hitting production

Stop dangerous Postgres migrations before hitting production