# Tests (Node.js) Security

Security vulnerabilities and detection rules for tests framework. 1 rules across 1 CWE categories.

- Total rules: 1
- CWE categories: 1

## CWEs

- **CWE-798**: Use of Hard-coded Credentials

## Rules

- **Security Issues in Test Files** [LOW]: Detects security anti-patterns in test files that could leak into production.

While test files don't run in production, they can still pose security risks:
1. **Hard-coded credentials** - Test credentials committed to repos
2. **Real API keys** - Production keys used in tests
3. **Exposed secrets** - Secrets in test fixtures or mocks
4. **Insecure test patterns** - Patterns that might be copy-pasted to production

This rule helps maintain test hygiene and prevents credential leaks.