Rules
All ESLint security rules provided by eslint-plugin-nestjs-security
6 Security Rules
Essential NestJS security rules for guards, validation pipes, and throttling.
All Rules
| Rule | 💼 | 🔧 | 💡 | ⚠️ | Docs |
|---|---|---|---|---|---|
| no-exposed-debug-endpoints Identifies potential debug, administration, or testing endpoints that are often left exposed in production environmen... | |||||
| no-exposed-private-fields This rule detects sensitive fields (like passwords, tokens, secrets) in entity or DTO classes that are not excluded f... | |||||
| no-missing-validation-pipe The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance: | |||||
| require-class-validator The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance: | |||||
| require-guards The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance: | |||||
| require-throttler This rule detects NestJS controllers and route handlers that lack rate limiting, which can make the application vulne... |
Rule Categories
Authentication & Authorization
Rules requiring proper guards on controllers and endpoints.
Input Validation
Rules enforcing validation pipes and class-validator decorators.
Rate Limiting
Rules requiring throttler configuration to prevent abuse.
Data Protection
Rules preventing exposure of private fields in responses.