no-insecure-tls-agent-options
Disallow TLS and HTTPS option objects that disable certificate verification.
Targeted pattern scopeโ
TLS/HTTPS options objects that disable certificate verification.
What this rule reportsโ
rejectUnauthorized: false in option objects.
Why this rule existsโ
Disabling certificate verification removes core TLS trust guarantees.
โ Incorrectโ
new https.Agent({ rejectUnauthorized: false });
โ Correctโ
new https.Agent({ rejectUnauthorized: true });
ESLint flat config exampleโ
import sdl from "eslint-plugin-sdl-2";
export default [
{
plugins: { sdl },
rules: {
"sdl/no-insecure-tls-agent-options": "error",
},
},
];
When not to use itโ
Disable only in tightly scoped debugging or local interception scenarios that cannot affect production traffic.
Package documentationโ
Further readingโ
Rule catalog ID: R041