Critiq Docs
Get started
security.authentication

Add a JWT revocation hook

Express JWT middleware should check revocation state when bearer tokens can be invalidated early.

#Metadata

Rule ID
ts.security.jwt-not-revoked
Severity
medium
Confidence
0.9
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
authentication, jwt, rules-catalog, security

#Why it matters

Signature validation alone does not handle logout, compromise, or forced token invalidation.

#Remediation

Add an `isRevoked` callback or equivalent revocation check for tokens that can be invalidated before expiry.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.jwt-not-revoked.rule.yaml.

Back to registryOpen rule in repository