Conformance Rules
Last updated March 4, 2025
Conformance is available on Enterprise plans
This page lists all the built-in rules that Conformance will check for by default in your application.
These Conformance rules catch common issues that can happen in Next.js applications.
| Test Name | Description |
|---|---|
| ESLINT_NEXT_RULES_REQUIRED | Requires that ESLint is configured for Next.js. |
| NEXTJS_MISSING_MODULARIZE_IMPORTS | Requires that Next.js applications that use libraries with barrel exports use to minimize impact on dev compilation speed and bundle size. |
| NEXTJS_MISSING_OPTIMIZE_PACKAGE_IMPORTS | Requires that Next.js applications that use libraries with barrel exports use to minimize impact on dev compilation speed and bundle size. |
| NEXTJS_MISSING_NEXT13_TYPESCRIPT_PLUGIN | Applications using Next 13 should use the "next" TypeScript plugin for an improved Next.js experience. |
| NEXTJS_MISSING_REACT_STRICT_MODE | Applications using Next.js should enable React Strict Mode to identify unsafe lifecycles and legacy API usage. |
| NEXTJS_MISSING_SECURITY_HEADERS | Requires that important security headers are set correctly for Next.js apps and contain valid directives. |
| NEXTJS_NO_ASYNC_LAYOUT | Ensures that the exported Next.js component and its transitive dependencies are not asynchronous, as that can block the rendering of the layout and the rest of the page. |
| NEXTJS_NO_ASYNC_PAGE | Ensures that the exported Next.js component and its transitive dependencies are not asynchronous, as that blocks the rendering of the page. |
| NEXTJS_NO_BEFORE_INTERACTIVE | Requires review of usage of the strategy in () elements as this can cause performance issues. |
| NEXTJS_NO_CLIENT_DEPS_IN_MIDDLEWARE | Disallows dependencies on client libraries to improve bundle size and execution time of Next.js middleware. |
| NEXTJS_NO_DYNAMIC_AUTO | Prevent usage of as a dynamic page rendering strategy. |
| NEXTJS_NO_FETCH_IN_SERVER_PROPS | Prevent relative calls in from being added to Next.js applications. |
| NEXTJS_NO_GET_INITIAL_PROPS | Requires any use of in Next.js pages be reviewed and approved, and encourages using or instead. |
| NEXTJS_NO_PRODUCTION_SOURCE_MAPS | Applications using Next.js should not enable production source maps so that they don't publicly share source code. |
| NEXTJS_NO_SELF_HOSTED_VIDEOS | Prevent video files from being added to Next.js applications to improve performance and bandwidth usage. |
| NEXTJS_NO_TURBO_CACHE | Prevent Turborepo from caching the Next.js folder to prevent an oversized cache. |
| NEXTJS_REQUIRE_EXPLICIT_DYNAMIC | Requires explicitly setting the route segment option for Next.js pages and routes. |
| NEXTJS_SAFE_NEXT_PUBLIC_ENV_USAGE | Usage process.env.NEXTPUBLIC* environment variables must be allowlisted. |
| NEXTJS_SAFE_SVG_IMAGES | Prevent without Content Security Policy in Next.js applications. |
| NEXTJS_SAFE_URL_IMPORTS | Prevent unsafe URL Imports from being added to Next.js applications. |
| NEXTJS_UNNEEDED_GET_SERVER_SIDE_PROPS | Catches usages of that could use static rendering instead, improving the performance of those pages. |
| NEXTJS_USE_NATIVE_FETCH | Requires using native which Next.js provides, removing the need for third-party fetch libraries. |
| NEXTJS_USE_NEXT_FONT | Requires using (when possible), which optimizes fonts for improved privacy and performance. |
| NEXTJS_USE_NEXT_IMAGE | Requires that is used for all images for improved performance. |
| NEXTJS_USE_NEXT_SCRIPT | Requires that is used for all scripts for improved performance. |
| NO_FETCH_FROM_MIDDLEWARE | Requires that any call that is depended on transitively by Next.js middleware be reviewed and approved before use for performance reasons. |
| REACT_NO_STATIC_IMPORTS_IN_EVENT_HANDLERS | Prevent static imports that are referenced only in React event handlers from being eagerly loaded in React components. |
These Conformance rules catch issues that negatively affect the performance of your website.
| Test Name | Description |
|---|---|
| BFCACHE_INTEGRITY_NO_UNLOAD_LISTENERS | Disallows the use of the event to eliminate a source of eviction from the browser's Back-Forward Cache. |
| BFCACHE_INTEGRITY_REQUIRE_NOOPENER_ATTRIBUTE | Requires that links opened with use the attribute to eliminate a source of eviction from the browser's Back-Forward Cache. |
| NEXTJS_NO_ASYNC_LAYOUT | Ensures that the exported Next.js component and its transitive dependencies are not asynchronous, as that can block the rendering of the layout and the rest of the page. |
| NEXTJS_NO_ASYNC_PAGE | Ensures that the exported Next.js component and its transitive dependencies are not asynchronous, as that blocks the rendering of the page. |
| NEXTJS_NO_BEFORE_INTERACTIVE | Requires review of usage of the strategy in () elements as this can cause performance issues. |
| NEXTJS_NO_CLIENT_DEPS_IN_MIDDLEWARE | Disallows dependencies on client libraries to improve bundle size and execution time of Next.js middleware. |
| NEXTJS_NO_DYNAMIC_AUTO | Prevent usage of as a dynamic page rendering strategy. |
| NEXTJS_NO_FETCH_IN_SERVER_PROPS | Prevent relative calls in from being added to Next.js applications. |
| NEXTJS_NO_GET_INITIAL_PROPS | Requires any use of in Next.js pages be reviewed and approved, and encourages using or instead. |
| NEXTJS_REQUIRE_EXPLICIT_DYNAMIC | Requires explicitly setting the route segment option for Next.js pages and routes. |
| NEXTJS_UNNEEDED_GET_SERVER_SIDE_PROPS | Catches usages of that could use static rendering instead, improving the performance of those pages. |
| NEXTJS_USE_NATIVE_FETCH | Requires using native which Next.js provides, removing the need for third-party fetch libraries. |
| NEXTJS_USE_NEXT_IMAGE | Requires that is used for all images for improved performance. |
| NEXTJS_USE_NEXT_SCRIPT | Requires that is used for all scripts for improved performance. |
| NO_EXTERNAL_CSS_AT_IMPORTS | Disallows at-rules that import from external URLs. |
| NO_FETCH_FROM_MIDDLEWARE | Requires that any call that is depended on transitively by Next.js middleware be reviewed and approved before use for performance reasons. |
| NO_INLINE_SVG | Prevent the use of tags inline. |
| NO_MIXED_ASYNC_MODULES | Prevent imports to modules that contain top-level awaits in your applications. |
| NO_POSTINSTALL_SCRIPT | Prevent the use of script in packages. |
| NO_SERIAL_ASYNC_CALLS | Prevent blocking serial async await calls in your applications. |
| REACT_NO_STATIC_IMPORTS_IN_EVENT_HANDLERS | Prevent static imports that are referenced only in React event handlers from being eagerly loaded in React components. |
| REACT_STABLE_CONTEXT_PROVIDER_VALUE | Prevent non-stable values from being used in React Context providers that could cause unnecessary re-renders. |
These Conformance rules catch issues that could become security vulnerabilities in your application.
| Test Name | Description |
|---|---|
| NEXTJS_MISSING_SECURITY_HEADERS | Requires that important security headers are set correctly for Next.js apps and contain valid directives. |
| NEXTJS_NO_PRODUCTION_SOURCE_MAPS | Applications using Next.js should not enable production source maps so that they don't publicly share source code. |
| NEXTJS_SAFE_NEXT_PUBLIC_ENV_USAGE | Usage process.env.NEXTPUBLIC* environment variables must be allowlisted. |
| NEXTJS_SAFE_SVG_IMAGES | Prevent without Content Security Policy in Next.js applications. |
| NEXTJS_SAFE_URL_IMPORTS | Prevent unsafe URL Imports from being added to Next.js applications |
| NO_ASSIGN_WINDOW_LOCATION | Prevent unsafe assignment to in your application. |
| NO_CORS_HEADERS | Requires that CORS header configuration is reviewed and allowlisted since these headers can open up servers to security vulnerabilities. |
| NO_DANGEROUS_HTML | Prevent the unsafe creation of DOM through HTML methods in your application which could lead to security vulnerabilities. |
| NO_DOCUMENT_WRITE | Prevent unsafe usage of in your application. |
| NO_EVAL | Prevent unsafe usage of in your application since this allows arbitrary code execution. |
| NO_VARIABLE_IMPORT_REFERENCES | Prevents loading of arbitrary modules from or statements which could lead to security vulnerabilities. |
| REQUIRE_CARET_DEPENDENCIES | Prevent the use of dependencies without a caret ("^") as a prefix. |
| SET_COOKIE_VALIDATION | Prevents usage of cookies that do not conform to the allowed cookie policy. |
These Conformance rules catch issues that can negatively affect your codebase or code health.
| Test Name | Description |
|---|---|
| ESLINT_CONFIGURATION | Requires that a workspace package is configured with ESLint. |
| ESLINT_REACT_RULES_REQUIRED | Requires that ESLint is configured for React. |
| ESLINT_RULES_REQUIRED | Requires that ESLint has plugins and rules configured correctly. |
| NEXTJS_MISSING_MODULARIZE_IMPORTS | Requires that Next.js applications that use libraries with barrel exports use to minimize impact on dev compilation speed and bundle size. |
| NO_ASSIGN_WINDOW_LOCATION | Prevent unsafe assignment to in your application. |
| NO_INSTANCEOF_ERROR | Disallows using comparisons due to risk of false negatives. |
| NO_UNNECESSARY_PROP_SPREADING | Prevent the use of object spreading as a prop in a JSX component |
| PACKAGE_JSON_DESCRIPTION_REQUIRED | Requires that every file has the field set. |
| PACKAGE_JSON_DUPLICATE_DEPENDENCIES | Found duplicate dependencies between the list of and or in a file. |
| PACKAGE_JSON_NAME_REQUIRED | Requires that every file has the field set to ensure each workspace has a unique identifier. |
| PACKAGE_JSON_PRIVATE_REQUIRED | Requires that every file has the field set to prevent accidental publishing to npm. |
| PACKAGE_JSON_SIDE_EFFECTS_REQUIRED | Requires that every file has the field set to ensure tree-shaking works optimally. |
| PACKAGE_JSON_TYPE_REQUIRED | Requires that every file has the field set to encourage using since is the default. |
| PACKAGE_MANAGEMENT_NO_CIRCULAR_IMPORTS | Circular imports between two files are not allowed. |
| PACKAGE_MANAGEMENT_NO_UNRESOLVED_IMPORTS | Import statements that can not be resolved to a local file or a package from dependencies are not allowed. |
| PACKAGE_MANAGEMENT_REQUIRED_README | Requires that every workspace has a file in the root of the workspace. |
| REQUIRE_DOCS_ON_EXPORTED_FUNCTIONS | Requires that all exported functions have JSDoc comments. |
| REQUIRE_NODE_VERSION_FILE | Requires that workspaces have a valid Node.js version file ( or ) file defined. |
| REQUIRE_ONE_VERSION_POLICY | Requires all dependencies in a monorepo to have the same version policy. |
| TESTS_NO_CONDITIONAL_ASSERTIONS | Requires that assertions are not conditional, or that is used. |
| TESTS_NO_ONLY | Requires that focused tests (i.e. ) are unfocused. |
| TYPESCRIPT_CONFIGURATION | Requires that a workspace package that uses TypeScript files has configured TypeScript correctly for that workspace. |
| TYPESCRIPT_ONLY | Requires that a workspace package may only contain TypeScript files and no JavaScript or JSX files. |
| WORKSPACE_MISSING_CONFORMANCE_SCRIPT | All packages must define a script that invokes the CLI binary. |
| WORKSPACE_MISSING_PACKAGE_JSON | All directories that match a workspace glob must include a file. |
Was this helpful?