Critiq Docs
Get started
security.execution

Eval or dynamic code execution

Eval-like helpers, `vm` execution APIs, and string-evaluated timers should not execute dynamic code.

#Metadata

Rule ID
ts.security.no-dynamic-execution
Severity
high
Confidence
0.95
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
execution, rules-catalog, security

#Why it matters

Dynamic execution turns data into code, widens the attack surface, and bypasses normal control flow.

#Remediation

Replace dynamic execution with explicit parsing, fixed dispatch tables, or normal function callbacks.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.no-dynamic-execution.rule.yaml.

Back to registryOpen rule in repository