DEV Community

Cover image for When Clean Code Becomes a Performance Nightmare: The Hidden Cost of ORMs
Sauman Arshad
Sauman Arshad

Posted on • Originally published at Medium

When Clean Code Becomes a Performance Nightmare: The Hidden Cost of ORMs

#webdev #database

In modern web development, we crave abstraction. We want our data to feel like a collection of objects, clean, predictable, and type-safe.

Enter the Object-Relational Mapper (ORM). Tools like TypeORM, Prisma, and Sequelize have saved developers millions of lines of boilerplate SQL. They let us stay in "TypeScript land," treating database tables like simple classes.

But there is a fundamental conflict at play:

  • ORMs optimize for Developer Experience (DX)
  • Databases optimize for Execution Plans

These goals are rarely aligned. If you aren't actively inspecting the SQL your code emits, you're outsourcing performance decisions to an abstraction — and sometimes, that abstraction silently kills performance.

1. The N+1 Monster and Connection Exhaustion

The most infamous ORM failure is the N+1 problem. In a local dev environment, it looks harmless. On a production server under load, it's a death spiral.

Scenario: You want to list 50 blog posts and show their authors. With a "lazy-loading" ORM, you might write this:

// The "Clean" Code that hides the disaster
const posts = await postRepository.find(); // Query 1: Get 50 posts
for (const post of posts) {
    const author = await post.author; // +50 Queries: One for each author
    console.log(`${post.title} by ${author.name}`);
}
Enter fullscreen mode Exit fullscreen mode

At first glance, this doesn't feel like a crisis. 50 queries at 5ms each is only 250ms. Your local machine handles it fine.

But at scale — say 200 requests per second (RPS) — the numbers explode:
Total Queries = 200 req/s × 51 queries/req = 10,200 queries/sec

The result: your database CPU spikes to 100%, and your connection pool is instantly exhausted. New requests begin queuing, waiting for a connection that never comes. Suddenly, your API is down because of a four-line "clean" loop.

The Fix: Use relations in find options to fetch everything in a single query:

const posts = await postRepository.find({
    relations: { author: true } // One query, all data
});
Enter fullscreen mode Exit fullscreen mode

2. The "Select *" Tax

ORMs often default to fetching every column to populate the class definition.

Example: Your User table has a 2MB profile_picture or a heavy JSONB metadata column. But for a login check, you only need email.

Fetching unnecessary data:

  • Wastes network I/O
  • Prevents the database from using Covering Indexes
  • Slows down queries, even if the dataset seems small

The Fix: Use .select() in QueryBuilder. Move only the data you actually need:

const user = await userRepository
    .createQueryBuilder("user")
    .select(["user.id", "user.email"])
    .where("user.id = :id", { id })
    .getOne();
Enter fullscreen mode Exit fullscreen mode

3. Double Writes: The save() vs. insert() Trap

In TypeORM, repository.save(entity) is convenient because it handles both inserts and updates.

The Catch: To decide whether to insert or update, save() often runs a SELECT first to check if the record exists. You are literally doubling the database load for every write.

The Fix: If you know you're creating a new record, use .insert(). One trip, not two.

4. The "Database Agnostic" Fallacy

Many developers say: "I use an ORM so I can switch from PostgreSQL to MySQL easily later."

Reality check: you aren't switching.

By writing "generic" code, you leave massive performance on the table. PostgreSQL has powerful features — JSONB indexes, Lateral Joins, Partial Indexes — that solve hard problems. Ignoring them to stay "generic" is expensive.

When in doubt, break the abstraction:

const activeUsers = await repository.query(`
    SELECT u.name, p.bio 
    FROM users u 
    INNER JOIN profiles p ON p.user_id = u.id 
    WHERE u.active = true
`);
Enter fullscreen mode Exit fullscreen mode

SQL in your code isn't dirty. Ignoring your database engine is.

5. Production Reality: The Cascading Failure

Inefficient ORM-generated SQL doesn't just slow down a single request — it creates contention:

  1. Long-running queries hold locks longer
  2. Locked rows block updates
  3. Blocked updates fill the connection pool
  4. Your entire production environment goes down

A "simple" entity change can trigger all of this if you're not paying attention.

6. The Leaky Abstraction Rule

Abstractions are leaky. Eventually, the underlying complexity — SQL — will seep through and affect your app.

To operate at a senior level, you must:

  • Enable Query Logging: If one page load generates a wall of SQL, you have a problem
  • Stop treating databases as "Object Bags": They are relational engines, not collections of in-memory objects
  • Break the abstraction when needed: A senior dev knows the ORM syntax; a lead dev knows when to ditch it for raw SQL

The best abstraction is the one you can see through.

Top comments (0)