Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.misconfiguration

Harden AJV compile options

AJV should not compile schemas with allErrors true unless strict mode is enabled.

#Metadata

Rule ID
ts.security.ajv-insecure-configuration
Severity
medium
Confidence
0.82
Languages
javascript, typescript
Presets
security, strict
Stability
stable
Applies to
block
Tags
rules-catalog, security, validation

#Why it matters

Missing strict-mode options historically enabled schema compilation DoS and unexpected coercion behavior.

#Remediation

Enable AJV strict options appropriate to your major version and avoid compiling untrusted schemas with permissive settings.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.ajv-insecure-configuration.rule.yaml.

Back to directoryOpen rule in repository