MigrationPilot vs Flyway
Flyway runs your migrations. MigrationPilot tells you if they're safe to run. 80 static analysis rules catch lock contention, data loss, and downtime risks — before you merge.
Different Tools for Different Problems
Flyway
Migration execution engine
- -Runs SQL migrations in order against your database
- -Tracks which migrations have been applied (schema_version table)
- -Java-based — requires JVM on CI runners and developer machines
- -Configuration via flyway.conf, environment variables, or CLI flags
- -Does not check whether your DDL is safe to run
MigrationPilot
Migration safety linter
- +83 rules catch unsafe DDL patterns statically
- +Lock type analysis — shows exactly which locks each statement takes
- +Zero config — npx one-liner, no JVM needed
- +GitHub Action with inline PR annotations
- +Auto-fix for 12 common issues
They're complementary. Use Flyway to execute your migrations. Use MigrationPilot in CI to lint them before they reach production. MigrationPilot auto-detects Flyway migration directories and versioning patterns.
Feature Comparison
| Feature | Flyway | MigrationPilot |
|---|---|---|
| Primary purpose | Migration execution | Migration safety linting |
| DDL safety rules | None | 83 rules |
| Lock type analysis | No | Yes (per-statement) |
| Risk scoring | No | RED/YELLOW/GREEN |
| Auto-fix | No | 12 rules |
| GitHub Action | Community | Official + inline annotations |
| SARIF output | No | Yes (GitHub Code Scanning) |
| Runtime required | JVM (Java 8+) | Node.js (or npx) |
| Configuration | flyway.conf + env vars | Zero-config (optional YAML) |
| Install size | ~50MB (JVM + Flyway) | npx (zero install) |
| PostgreSQL parser | No (execution only) | Yes (libpg-query) |
| Schema versioning | Yes (schema_version table) | No (lint only) |
| Multi-database | Yes (PG, MySQL, Oracle, etc.) | PostgreSQL focused |
| Framework detection | N/A | 14 frameworks (incl. Flyway) |
| RLS safety | No | Yes (MP057) |
| Replication safety | No | Yes (MP055, MP060) |
| License | Apache 2.0 / Commercial | MIT |
What Flyway Doesn't Catch
Flyway will happily execute any valid SQL. These dangerous patterns pass Flyway validation but cause production incidents:
Blocks all writes for the entire duration of index creation. On a 50M row table, this can be 10+ minutes of downtime.
CREATE INDEX idx_users_email ON users (email);
CREATE INDEX CONCURRENTLY idx_users_email ON users (email);
Before PG 11, adding a column with a DEFAULT rewrites the entire table under ACCESS EXCLUSIVE lock.
ALTER TABLE orders ADD COLUMN created_at TIMESTAMP DEFAULT now();
ALTER TABLE orders ADD COLUMN created_at TIMESTAMP; -- Backfill in batches, then add default
Foreign key validation scans the entire table while holding a SHARE ROW EXCLUSIVE lock.
ALTER TABLE orders ADD CONSTRAINT fk_user FOREIGN KEY (user_id) REFERENCES users(id);
ALTER TABLE orders ADD CONSTRAINT fk_user FOREIGN KEY (user_id) REFERENCES users(id) NOT VALID; ALTER TABLE orders VALIDATE CONSTRAINT fk_user;
Changing a column type rewrites the entire table and all indexes. On large tables this causes extended downtime.
ALTER TABLE users ALTER COLUMN age TYPE bigint;
-- Use expand-contract: add new column, backfill, swap
Add MigrationPilot to Your Flyway Workflow
Lint Flyway migrations in CI
MigrationPilot auto-detects Flyway's V__*.sql versioning pattern.
# .github/workflows/migration-lint.yml
name: Lint Migrations
on: pull_request
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: mickelsamuel/migrationpilot@v1
with:
path: sql/ # Your Flyway migrations directoryOr run locally before committing
# Analyze all Flyway migrations npx migrationpilot analyze sql/ # Auto-fix common issues npx migrationpilot analyze sql/ --fix --dry-run # Install pre-commit hook npx migrationpilot hook install
Keep Flyway for execution
MigrationPilot is a linter, not a migration runner. Keep using flyway migrate for execution. MigrationPilot checks your SQL files before Flyway touches the database.
Flyway runs your migrations. MigrationPilot makes them safe.
83 safety rules. Zero config. No JVM required. Add to your Flyway workflow in 30 seconds.