Do not skip throttling on credential routes | Critiq Docs

#Metadata

Rule ID: ts.security.nestjs-skip-throttle-sensitive-route
Severity: medium
Confidence: 0.79
Languages: javascript, typescript
Presets: recommended, security, strict
Stability: experimental
Applies to: block
Tags: nestjs, rules-catalog, security, throttling

#Why it matters

Authentication endpoints are brute-force magnets; removing throttling removes basic abuse resistance.

#Remediation

Remove `@SkipThrottle()` or pair it with an explicit `@Throttle` policy tuned for the handler.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.nestjs-skip-throttle-sensitive-route.rule.yaml.

Back to directory Open rule in repository