# Prisma Unbounded Relation Loading

- ID: prisma-unsafe-include
- Severity: MEDIUM
- CWE: Allocation Without Limits (CWE-770)
- Languages: JavaScript, TypeScript
- Frameworks: prisma

## Description

Unbounded includes without 'take' limits can exhaust database and memory
resources, causing denial of service.

## Detection Message

Relation '{relation}' loaded without 'take' limit. This can cause resource exhaustion if users have many related records.

## Remediation

Add 'take' limits to all relation includes.

```typescript
const user = await prisma.user.findUnique({
  where: { id: userId },
  include: {
    posts: {
      take: 10,
      orderBy: { createdAt: 'desc' }
    }
  }
});
```

Learn more: https://shoulder.dev/learn/typescript/cwe-770/unsafe-include

## Documentation

[object Object]

## Related Rules

- **Request Size Limits in Express.js** [MEDIUM]: 
- **Missing API Rate Limiting** [MEDIUM]: