| Version | Supported |
|---|---|
| v17.x | ✅ Current |
| < v17 | ❌ Upgrade recommended |
DBA Coworker uses a minimal dependency footprint by design:
| Layer | Dependencies | Count |
|---|---|---|
| Backend | express, cors, pg | 3 |
| Frontend | react, react-dom | 2 |
| Dev | vite, @vitejs/plugin-react | 2 |
| Total | Direct dependencies | 7 |
- No Axios — uses native
fetch()API - No lodash, moment, or heavy utility libraries
- All HTTP calls use Node.js/browser native fetch
The following files contain credentials and are excluded from version control via .gitignore:
backend/servers.json— database connection credentialsbackend/api_key.json— Claude AI API keybackend/cdc_config.json— CDC pipeline configurationbackend/query_history.json— saved SQL queries
Never commit these files to Git.
If you discover a security vulnerability, please:
- Do NOT open a public GitHub issue
- Email the security team directly
- Include steps to reproduce
- Allow 48 hours for initial response
When deploying DBA Coworker:
- Run on internal network only (not internet-facing)
- Use PostgreSQL roles with minimum required privileges
- Rotate database credentials regularly
- Keep Node.js and npm packages updated
- Review
npm auditoutput before deploying