Remove sensitive claims from JWT payloads | Critiq Docs

#Metadata

Rule ID: ts.security.jwt-sensitive-claims
Severity: high
Confidence: 0.9
Languages: javascript, typescript
Presets: recommended, security, strict
Stability: stable
Applies to: block
Tags: jwt, privacy, rules-catalog, security

#Why it matters

Client-visible tokens often outlive a single request and can leak more data than intended.

#Remediation

Keep JWT claims minimal. Prefer stable identifiers, not direct PII or secret-bearing fields.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.jwt-sensitive-claims.rule.yaml.

Back to registry Open rule in repository