eslint-plugin-postgresql
All rules

Security

postgresql/no-grant-all

Disallow `GRANT ALL` (list privileges explicitly).

  • Type suggestion
  • Recommended warn
  • Fixable no

Why this matters

`GRANT ALL` silently expands as new privileges are added to PostgreSQL — and to the object class — over time. List the privileges your callers actually need so the access surface is auditable. `REVOKE ALL` is the safe direction and is not flagged.

Examples

Incorrect

Incorrect 
GRANT ALL ON t TO u;
Incorrect 
GRANT ALL PRIVILEGES ON t TO PUBLIC;

Correct

Correct 
GRANT SELECT ON t TO u;
Correct 
GRANT SELECT, INSERT, UPDATE ON t TO u;
Correct 
REVOKE ALL ON t FROM u; -- REVOKE ALL is the safe direction

Configure it

// eslint.config.js
import postgresql from "eslint-plugin-postgresql";

export default [
  {
    files: ["**/*.sql"],
    languageOptions: {
      parser: postgresql.configs.recommended.languageOptions.parser,
    },
    plugins: { postgresql },
    rules: {
      "postgresql/no-grant-all": "warn",
    },
  },
];

Options

This rule has no options.

Try this rule

Edit the SQL — only no-grant-all is enabled.

Pre-filled with the first incorrect example. Toggle off in the rule shelf to see how the diagnostic disappears.

0 errors 0 warnings parse 0ms · rules 0ms
Diagnostics

No issues found.

2 rules enabled.

Rule under test no-grant-all — plus no-syntax-error as a safety net.
eslint-plugin-postgresql

An ESLint plugin that lints .sql files with real PostgreSQL grammar and a curated set of best-practice rules.

Project
Resources
© 2026 eslint-plugin-postgresql contributors Built on libpg-query · PostgreSQL 17