# Hardcoded Development URLs

- ID: javascript-hardcoded-dev-urls
- Severity: LOW
- CWE: CWE-547 (CWE-547)
- Languages: JavaScript, TypeScript
- Frameworks: express, fastify, nodejs

## Description

Detects hardcoded development URLs (localhost, 127.0.0.1) in production code that should use environment variables.

## Detection Message

Hardcoded development URL found: {code}
Development URLs like localhost should be configured via environment variables.


## Remediation

Replace hardcoded URLs with environment variables:

Before: const API_URL = 'http://localhost:3000';
After:  const API_URL = process.env.API_URL || 'http://localhost:3000';

For database connections:
Before: host: 'localhost'
After:  host: process.env.DB_HOST || 'localhost'

## Documentation

[object Object]

## Related Rules

- **Hardcoded Development URLs** [LOW]: