Skip to main content
The vibrant rules command displays all available rules that Vibrant uses to detect problematic code patterns.

Syntax

vibrant rules

Description

This command lists all detection rules with their severity level and description. Rules are organized by category:
  • Type Safety - Detect unsafe type usage
  • Incomplete Code - Find unfinished implementations
  • Error Handling - Catch poor error handling patterns
  • Security - Identify security vulnerabilities
  • Performance - Spot performance issues
  • Possible Bugs - Find logic errors
  • Code Quality - Detect debugging artifacts
  • AI Telltales - Identify AI-generated patterns

Example output

vibrant rules

  Available Rules

  ✖ no-explicit-any              Using 'any' defeats TypeScript's type checking
  ✖ unimplemented-error          Code throws 'not implemented' error
  ✖ empty-function-body          Function has no implementation
  ✖ empty-catch-block            Catch block silently ignores errors
  ✖ hardcoded-credentials        Potential secrets in code
  ✖ no-sql-injection             Potential SQL injection vulnerability
  ✖ no-unsafe-inner-html         Potential XSS vulnerability
  ✖ no-await-in-loop             Using 'await' inside a loop
  ✖ no-unreachable               Unreachable code after return/throw
  ✖ use-isnan                    Using ===/!== to compare with NaN
  ⚠ console-log-debugging        Debug console statements
  ⚠ ai-comment-emojis            Emojis in code comments
  ⚠ ai-todo-comments             Excessive TODO/FIXME comments
  ⚠ magic-numbers                Unnamed numeric constants

Rule severity icons

  • (red) - Error severity
  • (yellow) - Warning severity

Rule categories

Type safety

no-explicit-any
error
Detects explicit use of the any type in TypeScript. Using any defeats type checking and can cause runtime crashes.

Incomplete code

unimplemented-error
error
Finds code that throws “not implemented” errors. This code will crash when executed.
empty-function-body
error
Detects functions with no implementation that return undefined unexpectedly.

Error handling

empty-catch-block
error
Finds catch blocks that silently ignore errors without any handling logic.

Security

hardcoded-credentials
error
Detects potential hardcoded API keys, passwords, and secrets in code.
no-sql-injection
error
Identifies potential SQL injection vulnerabilities from string concatenation in queries.
no-unsafe-inner-html
error
Finds usage of innerHTML, dangerouslySetInnerHTML, and similar XSS vectors.

Performance

no-await-in-loop
error
Detects await inside loops that could be parallelized with Promise.all().

Possible bugs

no-unreachable
error
Finds unreachable code after return, throw, or other control flow statements.
use-isnan
error
Detects incorrect NaN comparisons. Use Number.isNaN() instead of === NaN.

Code quality

console-log-debugging
warning
Finds debug console statements that shouldn’t be in production code.

AI telltales

ai-comment-emojis
warning
Detects emojis in comments, a common pattern in AI-generated code.
ai-todo-comments
warning
Identifies excessive TODO/FIXME comments often left by AI code generators.

Best practices

magic-numbers
warning
Finds unnamed numeric constants that should be extracted to named variables.

Using rule information

After viewing available rules, you can:
  1. Configure rule severity in vibrant.config.js
  2. Disable specific rules by setting them to "off"
  3. Customize rule options for rules that accept configuration
See rule configuration for details.

See also

Build docs developers (and LLMs) love

Get started for freeTalk to us