Avoid returning raw errors from Express error middleware

#Metadata

Rule ID

ts.security.express-error-handler-information-disclosure

Severity

medium

Confidence

0.8

Languages

javascript, typescript

Presets

security, strict

Stability

stable

Applies to

block

Tags

express, information-disclosure, rules-catalog, security

#Why it matters

Returning raw errors leaks stack traces, internal identifiers, and implementation details to attackers.

#Remediation

Log detailed errors server-side and return stable, generic client responses with correlation identifiers.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.express-error-handler-information-disclosure.rule.yaml.