ESLint Interlace

ESLint Interlace

Guide

Getting Started Examples & Showcases Benchmarks Test Coverage Technical Articles

Advanced Topics

ESLint Plugins (Security)

no-algorithm-confusion no-algorithm-none no-decode-without-verify no-hardcoded-secret no-sensitive-payload no-timestamp-manipulation no-weak-secret require-algorithm-whitelist require-audience-validation require-expiration require-issued-at require-issuer-validation require-max-age

ESLint Plugins (Frameworks)

ESLint Plugins (Architecture)

JWT

Home
JWT

Rules

All JWT security rules for token handling best practices

jwt Rules

Browse all 13 rules for JWT security best practices.

See the sidebar for the complete list of rules.

Known False Negatives

This rule uses pattern-based detection. The following may not be caught:

Dynamic patterns - Runtime-generated code or values
Indirect references - Values passed through multiple variables or functions
External data - Data from APIs, databases, or user input

Overview

JWT security rules for jsonwebtoken, jose, and jwt-decode

no-algorithm-confusion

**Severity:** � Critical

On this page

jwt Rules Known False Negatives