# typescript (TypeScript) Security Rules

5 detection rules for typescript framework in TypeScript

- Total rules: 5
- CWE coverage: 3

## HIGH (4)

- **TypeScript Access Modifier Bypass**: TypeScript private/protected modifiers are compile-time only. Bracket notation and
type assertions bypass them at runtime, exposing sensitive data like passwords and tokens.
- **TypeScript Strict Mode Disabled**: Disabled TypeScript strict mode flags weaken type safety and allow null/undefined errors,
implicit any types, and unsafe function parameters that lead to runtime vulnerabilities.
- **TypeScript Unsafe Decorator Usage**: Decorators that use eval(), modify global state, or accept user input as parameters
enable code injection, prototype pollution, and authorization bypass.
- **TypeScript Unsafe Type Guard**: Type guards that always return true or use assertions without validation create
type confusion, allowing untrusted data to bypass security checks.

## MEDIUM (1)

- **TypeScript Unconstrained Generic Type Parameters**: Unconstrained generics (<T> or <T extends any>) allow any type to pass through,
causing runtime errors and type confusion when accessing properties that do not exist.