Critiq Docs
Get started
security.transport

Use secure WebSocket transport

WebSocket clients should not connect over cleartext `ws://` when sensitive application data is involved.

#Metadata

Rule ID
ts.security.insecure-websocket-transport
Severity
high
Confidence
0.95
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
rules-catalog, security, transport, websocket

#Why it matters

Cleartext WebSocket transport exposes application traffic to interception and manipulation.

#Remediation

Switch the endpoint to `wss://` and keep certificate validation enabled.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.insecure-websocket-transport.rule.yaml.

Back to registryOpen rule in repository