Skip to content

fix: add BigInt toJSON polyfill to fix serialization error#174

Merged
GauravKarakoti merged 4 commits into
GauravKarakoti:mainfrom
Yuva-Deekshitha-N:fix/bigint-serialization-error
Jul 9, 2026
Merged

fix: add BigInt toJSON polyfill to fix serialization error#174
GauravKarakoti merged 4 commits into
GauravKarakoti:mainfrom
Yuva-Deekshitha-N:fix/bigint-serialization-error

Conversation

@Yuva-Deekshitha-N

Copy link
Copy Markdown
Contributor

Description

Added a BigInt.prototype.toJSON() polyfill in the Prisma client module to fix the TypeError: Do not know how to serialize a BigInt error that occurs when passing Prisma data (Repository.githubId, PullRequest.githubId) to Client Components via React Server Components or NextResponse.json().

Type of Change

  • New feature
  • Bug fix
  • Documentation update
  • Refactoring
  • Performance improvement

Screenshots (if applicable)

N/A

Testing

  • Verified JSON.stringify() with BigInt values no longer throws and converts to strings
  • Confirmed regular Int fields (e.g., prNumber) remain as numbers
  • TypeScript compilation passes with zero errors
  • Dashboard page loads successfully at http://localhost:9002/dashboard

Related Issues

Closes #144

Checklist

  • My code follows the project's style guidelines
  • I have performed a self-review of my code
  • I have added tests that prove my fix/feature works
  • My commits follow the Conventional Commits format

Additional Notes

The fix is a single line added to src/lib/prisma.ts:

(BigInt.prototype as any).toJSON = function () { return this.toString(); };

This polyfill is automatically applied whenever the Prisma client is imported, covering all API routes and Server Components that fetch data with BigInt fields.

@vercel

vercel Bot commented Jul 9, 2026

Copy link
Copy Markdown

@Yuva-Deekshitha-N is attempting to deploy a commit to the Gaurav's projects Team on Vercel.

A member of the Team first needs to authorize it.

@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

⚠️ Detected 2 potential issues matching your code policies. Please review them before merging.

🟠 HIGH | Secret in src/lib/prisma.ts

A HIGH-level Secret threat breach would occur if an attacker obtains the DATABASE_URL from the compromised prisma.ts file, potentially accessing sensitive database information.

🛠️ View Remediation Suggestions

["Remove sensitive environment variables from source code","Utilize environment variable injectors or .env files securely with least privilege access","Replace the hardcoded DATABASE_URL with a secure, dynamically generated connection string"]


🔴 CRITICAL | Vulnerability in src/lib/prisma.ts

Breach occurs when explicit process.env leak via uncontrolled console.log() statement in src/lib/prisma.ts; attacker gains access to sensitive database credentials.

🛠️ View Remediation Suggestions

["Remove all console.log() statements related to process.env variables","Implement environment-specific configuration using a configuration system like dotenv","Configure Prisma to handle environment variables securely"]


@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

⚠️ Detected 1 potential issues matching your code policies. Please review them before merging.

🔴 CRITICAL | Vulnerability in src/lib/prisma.ts

Using console.log with a variable referencing a sensitive environment variable (process.env.DATABASE_URL) could expose the database connection URL, potentially leading to unauthorized access.

🛠️ View Remediation Suggestions

["   // Remove logging statement","   // Replace with a more secure logging approach using a library like winston or log4js.","   // Use console.error for critical errors only"]


@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

✅ Scan completed successfully. No vulnerabilities found in the 0 analyzed files.

@GauravKarakoti

Copy link
Copy Markdown
Owner
image There are no changes in this pr

@Yuva-Deekshitha-N Yuva-Deekshitha-N force-pushed the fix/bigint-serialization-error branch from ec1b28f to 1858826 Compare July 9, 2026 10:27
@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

⚠️ Detected 1 potential issues matching your code policies. Please review them before merging.

🟡 MEDIUM | Contextual Leak in src/lib/prisma.ts

An attacker has accessed the DATABASE_URL environment variable through the intercepted payload in src/lib/prisma.ts, posing a MEDIUM threat through Contextual Leak. This allows them to establish an unauthorized database connection.

🛠️ View Remediation Suggestions

["Avoid logging process.env variables, replacing them with user-supplied inputs, or utilizing environment variables management platforms for secure configuration."]


@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

✅ Scan completed successfully. No vulnerabilities found in the 0 analyzed files.

@Yuva-Deekshitha-N Yuva-Deekshitha-N force-pushed the fix/bigint-serialization-error branch from a536430 to 1858826 Compare July 9, 2026 10:33
@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

⚠️ Detected 1 potential issues matching your code policies. Please review them before merging.

🔴 CRITICAL | Vulnerability in src/lib/prisma.ts

Exposing sensitive environment variables via process.env.DATABASE_URL can be logged, allowing unauthorized access to data and exploitation of sensitive database connections. A malicious actor can utilize this exposed info to breach the Vault.

🛠️ View Remediation Suggestions

["Always use environment variable loaders that conceal sensitive information","Implement a secrets manager for secure key storage","Limit the scope of environment variables exposed to the codebase"]


@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

✅ Scan completed successfully. No vulnerabilities found in the 0 analyzed files.

@GauravKarakoti

Copy link
Copy Markdown
Owner

Its still the same... most prolly what you are doing and what the codebase already have is the same thing... but it is not working thats why i have raised this issue

@Yuva-Deekshitha-N

Copy link
Copy Markdown
Contributor Author

Thanks for the clarification. I understand the issue now. I apologize for the inconvenience caused. I'll investigate it further, identify the root cause, and work on a proper fix instead of duplicating the existing implementation. I'll update the PR once I have a working solution. Thank you for your patience!

@GauravKarakoti

Copy link
Copy Markdown
Owner

Thanks for the clarification. I understand the issue now. I apologize for the inconvenience caused. I'll investigate it further, identify the root cause, and work on a proper fix instead of duplicating the existing implementation. I'll update the PR once I have a working solution. Thank you for your patience!

alright

@secure-flow

secure-flow Bot commented Jul 9, 2026

Copy link
Copy Markdown

🛡️ SecureFlow AI Security Report

⚠️ Detected 3 potential issues matching your code policies. Please review them before merging.

🔴 CRITICAL | Vulnerability in src/app/dashboard/findings/page.tsx

Breach occurs when an attacker extracts and uses sensitive environment variables from src/app/dashboard/findings/page.tsx, exposing internal system configuration.

🛠️ View Remediation Suggestions

["Verify environment variable usage and store sensitive data in a secrets management system.","Remove direct access to process.env... and inject environment variables through a secure interface.","Implement IAM role-based access control to restrict access to sensitive system components."]


🟠 HIGH | Vulnerability in src/app/dashboard/findings/page.tsx

An attacker could inject malicious SQL syntax into findingsRaw to extract sensitive data or execute unintended database operations.

🛠️ View Remediation Suggestions

["Implement query whitelisting by defining allowed fields in the Prisma schema file to prevent arbitrary query execution.","Use Prisma's built-in query validation to restrict user input."]


🟠 HIGH | Misconfig in src/app/dashboard/page.tsx

Wildcard CORS configuration allows unauthorized origin access, enabling attackers to exploit the application; the intercepted payload retrieves recent PRs without authenticating the origin.

🛠️ View Remediation Suggestions

["Implement origin-specific CORS policies","Verify authentication and authorization mechanisms"]


@GauravKarakoti GauravKarakoti merged commit 48be4fc into GauravKarakoti:main Jul 9, 2026
5 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Fix BigInt Serialization Error in Next.js API Routes

2 participants