Critiq Docs
Get started
security.misconfiguration

Avoid exposed directory listings

Directory listing middleware should not be enabled on public paths without a deliberate review.

#Metadata

Rule ID
ts.security.exposed-directory-listing
Severity
medium
Confidence
0.95
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
express, filesystem, rules-catalog, security

#Why it matters

Directory listings expose internal file names and make unintended resources easier to discover and fetch.

#Remediation

Remove directory listing middleware or protect it behind strict authorization and path scoping.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.exposed-directory-listing.rule.yaml.

Back to registryOpen rule in repository