Conformance Rules
Last updated March 4, 2025
Conformance is available on Enterprise plans
This page lists all the built-in rules that Conformance will check for by default in your application.
These Conformance rules catch common issues that can happen in Next.js applications.
| Test Name | Description |
|---|---|
| ESLINT_NEXT_RULES_REQUIRED | Requires that ESLint is configured for Next.js. |
| NEXTJS_MISSING_MODULARIZE_IMPORTS | Requires that Next.js applications that use libraries with barrel exports use modularizeImports to minimize impact on dev compilation speed and bundle size. |
| NEXTJS_MISSING_OPTIMIZE_PACKAGE_IMPORTS | Requires that Next.js applications that use libraries with barrel exports use optimizePackageImports to minimize impact on dev compilation speed and bundle size. |
| NEXTJS_MISSING_NEXT13_TYPESCRIPT_PLUGIN | Applications using Next 13 should use the "next" TypeScript plugin for an improved Next.js experience. |
| NEXTJS_MISSING_REACT_STRICT_MODE | Applications using Next.js should enable React Strict Mode to identify unsafe lifecycles and legacy API usage. |
| NEXTJS_MISSING_SECURITY_HEADERS | Requires that important security headers are set correctly for Next.js apps and contain valid directives. |
| NEXTJS_NO_ASYNC_LAYOUT | Ensures that the exported Next.js layout component and its transitive dependencies are not asynchronous, as that can block the rendering of the layout and the rest of the page. |
| NEXTJS_NO_ASYNC_PAGE | Ensures that the exported Next.js page component and its transitive dependencies are not asynchronous, as that blocks the rendering of the page. |
| NEXTJS_NO_BEFORE_INTERACTIVE | Requires review of usage of the beforeInteractive strategy in Script (next/script) elements as this can cause performance issues. |
| NEXTJS_NO_CLIENT_DEPS_IN_MIDDLEWARE | Disallows dependencies on client libraries to improve bundle size and execution time of Next.js middleware. |
| NEXTJS_NO_DYNAMIC_AUTO | Prevent usage of force-dynamic as a dynamic page rendering strategy. |
| NEXTJS_NO_FETCH_IN_SERVER_PROPS | Prevent relative fetch calls in getServerSideProps from being added to Next.js applications. |
| NEXTJS_NO_GET_INITIAL_PROPS | Requires any use of getInitialProps in Next.js pages be reviewed and approved, and encourages using getServerSideProps or getStaticProps instead. |
| NEXTJS_NO_PRODUCTION_SOURCE_MAPS | Applications using Next.js should not enable production source maps so that they don't publicly share source code. |
| NEXTJS_NO_SELF_HOSTED_VIDEOS | Prevent video files from being added to Next.js applications to improve performance and bandwidth usage. |
| NEXTJS_NO_TURBO_CACHE | Prevent Turborepo from caching the Next.js .next/cache folder to prevent an oversized cache. |
| NEXTJS_REQUIRE_EXPLICIT_DYNAMIC | Requires explicitly setting the dynamic route segment option for Next.js pages and routes. |
| NEXTJS_SAFE_NEXT_PUBLIC_ENV_USAGE | Usage process.env.NEXTPUBLIC* environment variables must be allowlisted. |
| NEXTJS_SAFE_SVG_IMAGES | Prevent dangerouslyAllowSVG without Content Security Policy in Next.js applications. |
| NEXTJS_SAFE_URL_IMPORTS | Prevent unsafe URL Imports from being added to Next.js applications. |
| NEXTJS_UNNEEDED_GET_SERVER_SIDE_PROPS | Catches usages of getServerSideProps that could use static rendering instead, improving the performance of those pages. |
| NEXTJS_USE_NATIVE_FETCH | Requires using native fetch which Next.js provides, removing the need for third-party fetch libraries. |
| NEXTJS_USE_NEXT_FONT | Requires using next/font (when possible), which optimizes fonts for improved privacy and performance. |
| NEXTJS_USE_NEXT_IMAGE | Requires that next/image is used for all images for improved performance. |
| NEXTJS_USE_NEXT_SCRIPT | Requires that next/script is used for all scripts for improved performance. |
| NO_FETCH_FROM_MIDDLEWARE | Requires that any fetch call that is depended on transitively by Next.js middleware be reviewed and approved before use for performance reasons. |
| REACT_NO_STATIC_IMPORTS_IN_EVENT_HANDLERS | Prevent static imports that are referenced only in React event handlers from being eagerly loaded in React components. |
These Conformance rules catch issues that negatively affect the performance of your website.
| Test Name | Description |
|---|---|
| BFCACHE_INTEGRITY_NO_UNLOAD_LISTENERS | Disallows the use of the unload event to eliminate a source of eviction from the browser's Back-Forward Cache. |
| BFCACHE_INTEGRITY_REQUIRE_NOOPENER_ATTRIBUTE | Requires that links opened with window.open use the noopener attribute to eliminate a source of eviction from the browser's Back-Forward Cache. |
| NEXTJS_NO_ASYNC_LAYOUT | Ensures that the exported Next.js layout component and its transitive dependencies are not asynchronous, as that can block the rendering of the layout and the rest of the page. |
| NEXTJS_NO_ASYNC_PAGE | Ensures that the exported Next.js page component and its transitive dependencies are not asynchronous, as that blocks the rendering of the page. |
| NEXTJS_NO_BEFORE_INTERACTIVE | Requires review of usage of the beforeInteractive strategy in Script (next/script) elements as this can cause performance issues. |
| NEXTJS_NO_CLIENT_DEPS_IN_MIDDLEWARE | Disallows dependencies on client libraries to improve bundle size and execution time of Next.js middleware. |
| NEXTJS_NO_DYNAMIC_AUTO | Prevent usage of force-dynamic as a dynamic page rendering strategy. |
| NEXTJS_NO_FETCH_IN_SERVER_PROPS | Prevent relative fetch calls in getServerSideProps from being added to Next.js applications. |
| NEXTJS_NO_GET_INITIAL_PROPS | Requires any use of getInitialProps in Next.js pages be reviewed and approved, and encourages using getServerSideProps or getStaticProps instead. |
| NEXTJS_REQUIRE_EXPLICIT_DYNAMIC | Requires explicitly setting the dynamic route segment option for Next.js pages and routes. |
| NEXTJS_UNNEEDED_GET_SERVER_SIDE_PROPS | Catches usages of getServerSideProps that could use static rendering instead, improving the performance of those pages. |
| NEXTJS_USE_NATIVE_FETCH | Requires using native fetch which Next.js provides, removing the need for third-party fetch libraries. |
| NEXTJS_USE_NEXT_IMAGE | Requires that next/image is used for all images for improved performance. |
| NEXTJS_USE_NEXT_SCRIPT | Requires that next/script is used for all scripts for improved performance. |
| NO_EXTERNAL_CSS_AT_IMPORTS | Disallows @import at-rules that import from external URLs. |
| NO_FETCH_FROM_MIDDLEWARE | Requires that any fetch call that is depended on transitively by Next.js middleware be reviewed and approved before use for performance reasons. |
| NO_INLINE_SVG | Prevent the use of svg tags inline. |
| NO_MIXED_ASYNC_MODULES | Prevent imports to modules that contain top-level awaits in your applications. |
| NO_POSTINSTALL_SCRIPT | Prevent the use of "postinstall" script in packages. |
| NO_SERIAL_ASYNC_CALLS | Prevent blocking serial async await calls in your applications. |
| REACT_NO_STATIC_IMPORTS_IN_EVENT_HANDLERS | Prevent static imports that are referenced only in React event handlers from being eagerly loaded in React components. |
| REACT_STABLE_CONTEXT_PROVIDER_VALUE | Prevent non-stable values from being used in React Context providers that could cause unnecessary re-renders. |
These Conformance rules catch issues that could become security vulnerabilities in your application.
| Test Name | Description |
|---|---|
| NEXTJS_MISSING_SECURITY_HEADERS | Requires that important security headers are set correctly for Next.js apps and contain valid directives. |
| NEXTJS_NO_PRODUCTION_SOURCE_MAPS | Applications using Next.js should not enable production source maps so that they don't publicly share source code. |
| NEXTJS_SAFE_NEXT_PUBLIC_ENV_USAGE | Usage process.env.NEXTPUBLIC* environment variables must be allowlisted. |
| NEXTJS_SAFE_SVG_IMAGES | Prevent dangerouslyAllowSVG without Content Security Policy in Next.js applications. |
| NEXTJS_SAFE_URL_IMPORTS | Prevent unsafe URL Imports from being added to Next.js applications |
| NO_ASSIGN_WINDOW_LOCATION | Prevent unsafe assignment to window.location.href in your application. |
| NO_CORS_HEADERS | Requires that CORS header configuration is reviewed and allowlisted since these headers can open up servers to security vulnerabilities. |
| NO_DANGEROUS_HTML | Prevent the unsafe creation of DOM through HTML methods in your application which could lead to security vulnerabilities. |
| NO_DOCUMENT_WRITE | Prevent unsafe usage of document.write() in your application. |
| NO_EVAL | Prevent unsafe usage of eval() in your application since this allows arbitrary code execution. |
| NO_VARIABLE_IMPORT_REFERENCES | Prevents loading of arbitrary modules from import or require statements which could lead to security vulnerabilities. |
| REQUIRE_CARET_DEPENDENCIES | Prevent the use of dependencies without a caret ("^") as a prefix. |
| SET_COOKIE_VALIDATION | Prevents usage of cookies that do not conform to the allowed cookie policy. |
These Conformance rules catch issues that can negatively affect your codebase or code health.
| Test Name | Description |
|---|---|
| ESLINT_CONFIGURATION | Requires that a workspace package is configured with ESLint. |
| ESLINT_REACT_RULES_REQUIRED | Requires that ESLint is configured for React. |
| ESLINT_RULES_REQUIRED | Requires that ESLint has plugins and rules configured correctly. |
| NEXTJS_MISSING_MODULARIZE_IMPORTS | Requires that Next.js applications that use libraries with barrel exports use modularizeImports to minimize impact on dev compilation speed and bundle size. |
| NO_ASSIGN_WINDOW_LOCATION | Prevent unsafe assignment to window.location.href in your application. |
| NO_INSTANCEOF_ERROR | Disallows using error instanceof Error comparisons due to risk of false negatives. |
| NO_UNNECESSARY_PROP_SPREADING | Prevent the use of object spreading as a prop in a JSX component |
| PACKAGE_JSON_DESCRIPTION_REQUIRED | Requires that every package.json file has the description field set. |
| PACKAGE_JSON_DUPLICATE_DEPENDENCIES | Found duplicate dependencies between the list of dependencies and devDependencies or peerDependencies in a package.json file. |
| PACKAGE_JSON_NAME_REQUIRED | Requires that every package.json file has the name field set to ensure each workspace has a unique identifier. |
| PACKAGE_JSON_PRIVATE_REQUIRED | Requires that every package.json file has the private field set to prevent accidental publishing to npm. |
| PACKAGE_JSON_SIDE_EFFECTS_REQUIRED | Requires that every package.json file has the sideEffects field set to ensure tree-shaking works optimally. |
| PACKAGE_JSON_TYPE_REQUIRED | Requires that every package.json file has the type field set to encourage using esm since commonjs is the default. |
| PACKAGE_MANAGEMENT_NO_CIRCULAR_IMPORTS | Circular imports between two files are not allowed. |
| PACKAGE_MANAGEMENT_NO_UNRESOLVED_IMPORTS | Import statements that can not be resolved to a local file or a package from package.json dependencies are not allowed. |
| PACKAGE_MANAGEMENT_REQUIRED_README | Requires that every workspace has a README.md file in the root of the workspace. |
| REQUIRE_DOCS_ON_EXPORTED_FUNCTIONS | Requires that all exported functions have JSDoc comments. |
| REQUIRE_NODE_VERSION_FILE | Requires that workspaces have a valid Node.js version file (.node-version or .nvmrc) file defined. |
| REQUIRE_ONE_VERSION_POLICY | Requires all dependencies in a monorepo to have the same version policy. |
| TESTS_NO_CONDITIONAL_ASSERTIONS | Requires that assertions are not conditional, or that expect.assertions is used. |
| TESTS_NO_ONLY | Requires that focused tests (i.e. it.only()) are unfocused. |
| TYPESCRIPT_CONFIGURATION | Requires that a workspace package that uses TypeScript files has configured TypeScript correctly for that workspace. |
| TYPESCRIPT_ONLY | Requires that a workspace package may only contain TypeScript files and no JavaScript or JSX files. |
| WORKSPACE_MISSING_CONFORMANCE_SCRIPT | All packages must define a conformance script that invokes the CLI binary. |
| WORKSPACE_MISSING_PACKAGE_JSON | All directories that match a workspace glob must include a package.json file. |
Was this helpful?