eslint-plugin-postgresql
All rules

Safety

postgresql/no-set-search-path

Disallow `SET search_path` in versioned SQL; qualify identifiers instead.

  • Type suggestion
  • Recommended warn
  • Fixable no

Why this matters

`SET search_path` makes name resolution depend on session state — a known footgun for SECURITY DEFINER functions and `CREATE TABLE foo` statements that silently target a different schema. Qualify identifiers (`audit.events`, `public.users`) instead.

Examples

Incorrect

Incorrect 
SET search_path TO audit, public;

Correct

Correct 
SELECT id FROM audit.events;

Configure it

// eslint.config.js
import postgresql from "eslint-plugin-postgresql";

export default [
  {
    files: ["**/*.sql"],
    languageOptions: {
      parser: postgresql.configs.recommended.languageOptions.parser,
    },
    plugins: { postgresql },
    rules: {
      "postgresql/no-set-search-path": "warn",
    },
  },
];

Options

This rule has no options.

Try this rule

Edit the SQL — only no-set-search-path is enabled.

Pre-filled with the first incorrect example. Toggle off in the rule shelf to see how the diagnostic disappears.

0 errors 0 warnings parse 0ms · rules 0ms
Diagnostics

No issues found.

2 rules enabled.

Rule under test no-set-search-path — plus no-syntax-error as a safety net.
eslint-plugin-postgresql

An ESLint plugin that lints .sql files with real PostgreSQL grammar and a curated set of best-practice rules.

Project
Resources
© 2026 eslint-plugin-postgresql contributors Built on libpg-query · PostgreSQL 17