forbidden-dependencies
Conformance is available on Enterprise plans
The rule type enables you to disallow one or more files from depending on one or more predefined modules.
Unlike , this rule type will check for indirect (or transitive) dependencies, where a module may not directly import the disallowed dependency, but the disallowed dependency is present in the dependency chain. This makes it slower, but more powerful than the rule type.
For example, below we have a utility that imports a package that may cause security keys to be exposed.
We can use this rule type to create a custom rule that prevents any module in from importing any file that depends on our potentially dangerous .
- Performance
- You want to prevent importing packages that are known to increase the size of your client side code
- You want to prevent using a package that is known to perform poorly in specific environments
- Security
- You want to disallow client-side code from depending on a file that exposes secrets
- Error prevention
- You want to prevent errors by disallowing server-side code from importing a module where some methods require browser APIs
To create a custom rule, you'll need to configure the required properties below:
| Property | Type | Description |
|---|---|---|
| The custom rule's type. | ||
| The custom rule's name. | ||
| (optional) | The custom rule's categories. Default is . | |
| The error message, which is shown to users when they encounter this rule. | ||
| (optional) | An optional link to show alongside the error message. | |
| (optional) | The rule description, which is shown in the Vercel Compass dashboard and included in allowlist files. | |
| (optional) | The rule severity added to the allowlists and used to calculate a project's conformance score. | |
| An array of exact module names or glob expressions*. *Note that paths containing square brackets need to be escaped, i.e. would become . | ||
| (optional) | An optional array of exact paths or glob expressions, which restricts the paths that this custom rule applies to. This acts as the overridable default value for *. *Note that paths containing square brackets need to be escaped, i.e. would become . | |
| (optional) | When , this rule will also traverse for transient dependencies. |
When using , module names currently need to be prefixed with (i.e., ). We're working to improve this.
The example below configures a rule named that disallows depending on any package from the workspace except for .
To enable this rule type, you can set the rule to , or provide the following configuration.
| Property | Type | Description |
|---|---|---|
| (optional) | An optional array of exact paths or glob expressions, which restricts the paths that this custom rule applies to*. *Note that paths containing square brackets need to be escaped, i.e. would become . |
The example below enables the custom rule for all files in the directory, excluding test files. In this example, the custom rule is also restricted to the and workspaces, which is optional.
This next example enables the custom rule for all files, and without workspace restrictions.
Was this helpful?