SlowQL is an offline SQL static analyzer with 272 rules across 14 dialects. It catches SQL injection, DELETE without WHERE, leading wildcards that kill indexes, cartesian joins, hardcoded credentials and cloud cost antipatterns before they reach production. Works in VS Code as you type, in CI via GitHub Actions, as a pre-commit hook, or via CLI and Docker. Schema-aware validation against your DDL files. Safe autofix engine with diff preview.

Framer — Launch websites with enterprise needs at startup speeds.

Launch websites with enterprise needs at startup speeds.

Hey Product Hunt! I built SlowQL after a SELECT * on a 10 million row table took down production for an entire weekend. One query that nobody caught in review because it looked completely fine on a small dataset. 18 months later SlowQL is live with 272 rules across 14 SQL dialects. It catches the patterns that cause incidents before they ship in your editor, in your CI pipeline, before code review even starts. The VS Code extension ships real-time diagnostics as you write. The GitHub Action blocks dangerous SQL from merging. Everything runs completely offline. Happy to answer any questions about the rules, the architecture or the decisions behind it. What SQL pattern has caused your worst production incident?

Framer — Launch websites with enterprise needs at startup speeds.

Launch websites with enterprise needs at startup speeds.

SlowQL

Offline SQL static analyzer that catches dangerous queries

Offline SQL static analyzer that catches dangerous queries