Security rules for Vercel AI SDK usage (prompt injection, data handling).
⭐ If this plugin caught a real bug for you, star the repo — it's the signal that keeps these rules maintained.
This plugin provides Security rules for Vercel AI SDK usage (prompt injection, data handling).
Interlace fosters strength through integration. Instead of stacking isolated rules, we interlace security directly into your workflow to create a resilient fabric of code. We believe tools should guide rather than gatekeep, providing educational feedback that strengthens the developer with every interaction.
- To check out the guide, visit eslint.interlace.tools. 📚
- 要查看中文 指南, 请访问 eslint.interlace.tools. 📚
- 가이드 문서는 eslint.interlace.tools에서 확인하실 수 있습니다. 📚
- ガイドは eslint.interlace.toolsでご確認ください。 📚
- Para ver la guía, visita eslint.interlace.tools. 📚
- للاطلاع على الدليل، قم بزيارة eslint.interlace.tools. 📚
npm install eslint-plugin-vercel-ai-security --save-dev| Preset | Description |
|---|---|
recommended |
Balanced security (7 errors, 7 warnings) |
strict |
Maximum security (17 errors, 2 warnings) |
minimal |
Minimal config |
| Library | npm | Downloads | Detection |
|---|---|---|---|
ai (Vercel AI SDK) |
Prompt Injection, Data Leakage |
All rule messages follow a structured format optimized for AI coding assistants:
🔒 CWE-74 OWASP:A03-Injection CVSS:9 | Unsafe Prompt | CRITICAL [SOC2,GDPR]
Fix: Validate input before use | https://owasp.org/...
By providing this structured context (CWE, OWASP, Fix), we enable AI tools to reason about the security flaw rather than hallucinating. This allows Copilot/Cursor to suggest the exact correct fix immediately.
| Function | Full Coverage |
|---|---|
generateText |
✅ All 19 rules |
streamText |
✅ All 19 rules + abort signal |
generateObject |
✅ All 19 rules |
streamObject |
✅ All 19 rules + abort signal |
tool() helper |
✅ Schema validation |
embed() / embeddings |
✅ Embedding validation |
| Metric | Coverage |
|---|---|
| Rules | 19 |
| Tests | 200 |
| Lines | 98%+ |
| Functions | 100% |
Generic linters guess at patterns. This plugin knows the exact Vercel AI SDK API.
Yes! Designed specifically for ESLint Flat Config — works on ESLint 8 (with flat config), 9, and 10. See the ESLint Version Support Policy for the full matrix.
// eslint-disable-next-line vercel-ai-security/require-validated-prompt
await generateText({ prompt: internalPrompt });TypeScript/JavaScript are memory-safe languages. Memory corruption vulnerabilities (buffer overflows, use-after-free, etc.) are not possible in these environments.
| Package | Version |
|---|---|
ai (Vercel AI SDK) |
|
| ESLint | |
| Node.js |
See the ESLint Version Support Policy for the full matrix.
Legend
| Icon | Description |
|---|---|
| 💼 | Recommended: Included in the recommended preset. |
| Warns: Set to warn in recommended preset. | |
| 🔧 | Auto-fixable: Automatically fixable by the --fix CLI option. |
| 💡 | Suggestions: Providing code suggestions in IDE. |
| 🚫 | Deprecated: This rule is deprecated. |
| 🟢 | Type-unaware: AST-only, runs in oxlint JS-plugin tier. |
| 🟡 | Type-aware (refining): pure-AST primary path; types refine precision. |
| 🟠 | Type-aware (graceful): requires TS program; silent without it. |
| Rule | CWE | OWASP | CVSS | Description | 🧠 | 💼 | 🔧 | 💡 | 🚫 | |
|---|---|---|---|---|---|---|---|---|---|---|
| no-dynamic-system-prompt | CWE-74 | This rule identifies code patterns where system prompts contain dynamic or user-controlled content | 🟢 | |||||||
| no-hardcoded-api-keys | CWE-798 | This rule identifies hardcoded API keys, tokens, and secrets in your codebase that are used with AI SDK pro… | 🟢 | |||||||
| no-sensitive-in-prompt | CWE-200 | This rule identifies code patterns where sensitive data like passwords, API keys, tokens, or personally ide… | 🟢 | |||||||
| no-system-prompt-leak | CWE-200 | This rule identifies code patterns where system prompts or AI instructions are returned in API responses, l… | 🟢 | |||||||
| no-training-data-exposure | CWE-359 | This rule identifies code patterns where user data might be sent to LLM training endpoints or when training… | 🟢 | |||||||
| no-unsafe-output-handling | CWE-94 | This rule identifies code patterns where AI-generated output is passed directly to dangerous functions that… | 🟢 | |||||||
| require-abort-signal | CWE-404 | This rule identifies streaming AI SDK calls (streamText, streamObject) that don't include an AbortSignal fo… | 🟢 | |||||||
| require-audit-logging | CWE-778 | This rule identifies AI SDK calls that aren't preceded by logging statements | 🟢 | |||||||
| require-embedding-validation | CWE-20 | This rule identifies code patterns where embeddings are stored in vector databases without validation. | 🟢 | |||||||
| require-error-handling | CWE-755 | This rule identifies AI SDK calls that aren't wrapped in try-catch blocks | 🟢 | |||||||
| require-max-steps | CWE-834 | This rule identifies AI SDK calls that use tools but don't specify a maxSteps limit | 🟢 | |||||||
| require-max-tokens | CWE-770 | This rule identifies AI SDK calls that don't specify a maxTokens limit | 🟢 | |||||||
| require-output-filtering | CWE-200 | This rule identifies tool execute functions that return raw data from data sources (databases, APIs, file s… | 🟢 | |||||||
| require-output-validation | CWE-707 | This rule identifies code patterns where AI-generated output is displayed to users without validation or fa… | 🟢 | |||||||
| require-rag-content-validation | CWE-74 | This rule identifies code patterns where content retrieved from vector stores or document retrieval systems… | 🟢 | |||||||
| require-request-timeout | CWE-400 | This rule identifies AI SDK calls that don't have timeout or abort signal configuration. | 🟢 | |||||||
| require-tool-confirmation | CWE-862 | This rule identifies destructive tools (delete, transfer, execute, etc.) that don't require human confirmat… | 🟢 | |||||||
| require-tool-schema | CWE-20 | Get weather | 🟢 | |||||||
| require-validated-prompt | CWE-74 | This rule identifies code patterns where user-controlled input is passed directly to AI prompts without val… | 🟢 |
Part of the Interlace ESLint Ecosystem — AI-native security plugins with LLM-optimized error messages:
| Plugin | Downloads | Description |
|---|---|---|
eslint-plugin-secure-coding |
General security rules & OWASP guidelines. | |
eslint-plugin-pg |
PostgreSQL security & best practices. | |
eslint-plugin-node-security |
Node.js core-module security (fs, child_process, vm, crypto, Buffer). | |
eslint-plugin-jwt |
JWT security & best practices. | |
eslint-plugin-browser-security |
Browser-specific security & XSS prevention. | |
eslint-plugin-express-security |
Express.js security hardening rules. | |
eslint-plugin-lambda-security |
AWS Lambda security best practices. | |
eslint-plugin-nestjs-security |
NestJS security rules & patterns. | |
eslint-plugin-mongodb-security |
MongoDB security best practices. | |
eslint-plugin-vercel-ai-security |
Vercel AI SDK security hardening. | |
eslint-plugin-import-next |
Next-gen import sorting & architecture. |
If this plugin caught a real bug for you, star the repo — stars are the signal that keeps the Interlace ESLint ecosystem maintained — and follow the writeups on Dev.to for the benchmarks and security research behind these rules.
MIT © Ofri Peretz
