Force Using Dangerous Paths

This recipe shows how to configure the generator to allow potentially dangerous output paths while keeping basic safety protections.

warning

This configuration allows dangerous paths but still protects against the worst scenarios like project root directories. Use with caution.

When to Use

You need to output directly to source directories (e.g., ./src, ./lib)
You have existing projects with schemas in source folders
You want warnings but not blocking behavior
You understand the risks but need flexibility

Configuration Options

Method 1: Allow Dangerous Paths Only

zod-generator.config.json
{
  "safety": {
    "allowDangerousPaths": true
  }
}

schema.prisma
generator zod {
  provider                    = "prisma-zod-generator"
  output                      = "./src"
  safetyAllowDangerousPaths  = true
}

Method 2: Permissive Mode (Recommended)

zod-generator.config.json
{
  "safety": {
    "level": "permissive"
  }
}

schema.prisma
generator zod {
  provider    = "prisma-zod-generator"
  output      = "./src"
  safetyLevel = "permissive"
}

Method 3: Warnings Only

zod-generator.config.json
{
  "safety": {
    "warningsOnly": true
  }
}

What Each Approach Does

Allow Dangerous Paths Only

✅ Allows src, lib, components etc. directories
⚠️ Still warns about user files if no manifest exists
❌ Still blocks project root directories (with package.json)
✅ Maintains manifest tracking and smart cleanup

Permissive Mode

✅ Allows dangerous paths with warnings
✅ Allows user files (with warnings)
❌ Still blocks project roots (safer)
✅ Only shows warnings, never blocks generation
✅ Full manifest tracking

Warnings Only

⚠️ Shows warnings for all safety issues
✅ Never blocks generation
✅ Maintains all safety protections except blocking
✅ Full manifest tracking

Example Scenarios

Scenario 1: Existing Project with Schemas in src/

schema.prisma
generator zod {
  provider                   = "prisma-zod-generator"
  output                     = "./src/schemas"
  safetyAllowDangerousPaths = true
}

Result:

✅ Generates to src/schemas/
⚠️ Warning about "src" being dangerous
✅ Manifest tracking prevents deleting your other src/ files

Scenario 2: Component-Colocated Schemas

zod-generator.config.json
{
  "safety": {
    "level": "permissive",
    "customDangerousPaths": ["components"]
  }
}

schema.prisma
generator zod {
  provider = "prisma-zod-generator"
  output   = "./components/schemas"
}

Result:

✅ Generates to components/schemas/
⚠️ Warnings but no blocking
✅ Your existing components remain safe

Still Protected Against

Even with dangerous paths allowed, you're still protected from:

Project root directories - Directories with package.json, tsconfig.json etc.
Too many user files - If manifest is missing and many user files exist
Complete chaos - Basic sanity checks remain active

Environment Variable Override

You can temporarily allow dangerous paths via environment variables:

PRISMA_ZOD_SAFETY_ALLOW_DANGEROUS_PATHS=true npx prisma generate

Safety Progression

Here's a recommended progression from safest to most permissive:

1. Default (Safest)

{
  "safety": {
    "level": "standard"  // Default
  }
}

2. Allow Your Specific Dangerous Path

{
  "safety": {
    "allowDangerousPaths": true
  }
}

3. Permissive Mode

{
  "safety": {
    "level": "permissive"
  }
}

4. Warnings Only

{
  "safety": {
    "warningsOnly": true
  }
}

5. Disabled (Most Dangerous)

{
  "safety": {
    "enabled": false
  }
}

Best Practices

Start Conservative: Begin with allowDangerousPaths: true rather than disabling safety entirely
Use Specific Paths: Instead of outputting to ./src, use ./src/generated or ./src/schemas
Monitor Warnings: Pay attention to warning messages - they guide you toward safer configurations
Backup First: Always commit your changes before running generation with relaxed safety
Review Manifest: Check the .prisma-zod-generator-manifest.json file to understand what will be cleaned up

Migration Strategy

If you're migrating from a setup that pointed to dangerous paths:

Before (dangerous)
generator zod {
  provider = "prisma-zod-generator"
  output   = "./src"
}

After (safer, but compatible)
generator zod {
  provider                   = "prisma-zod-generator"
  output                     = "./src/generated"  // Dedicated subdirectory
  safetyAllowDangerousPaths = false              // Can remove this line
}

Then update your imports:

// Before
import { UserSchema } from './User.schema';

// After  
import { UserSchema } from './generated/User.schema';

info

This approach provides a good balance between safety and flexibility. You get protection against the worst scenarios while still being able to use source directories when necessary.

When to Use​

Configuration Options​

Method 1: Allow Dangerous Paths Only​

Method 2: Permissive Mode (Recommended)​

Method 3: Warnings Only​

What Each Approach Does​

Allow Dangerous Paths Only​

Permissive Mode​

Warnings Only​

Example Scenarios​

Scenario 1: Existing Project with Schemas in src/​

Scenario 2: Component-Colocated Schemas​

Still Protected Against​

Environment Variable Override​

Safety Progression​

1. Default (Safest)​

2. Allow Your Specific Dangerous Path​

3. Permissive Mode​

4. Warnings Only​

5. Disabled (Most Dangerous)​

Best Practices​

Migration Strategy​