AI-coding hygiene

no-mock-data-in-prod

Flag `mockUsers`/`fakeData`/`seedData`/`dummyConfig` arrays and placeholder emails (`john.doe@example.com`).

The "AI wrote the boilerplate, then nobody removed the fake data" antipattern. Two arms: (1) variables whose name matches `mock*`/`fake*`/`dummy*`/`placeholder*`/`stub*`/`seed*`/`sample*` and whose initializer is a literal array or object, including `Object.freeze([...])` and `[...] as const` wrappers; (2) placeholder emails (`john.doe@example.com`, `jane.smith@test.com`, `user@example.com`, etc.) anywhere in production source. Test/fixture/story files are exempted by path.

Behavior

• Fixable: No.
• Suggestions: No.

Examples

Bad:

export const mockUsers = [{ id: 1, email: "john.doe@example.com" }];

Good:

export async function listUsers() { return db.users.findAll(); }

Related rules

• no-placeholder-codeFlag `throw new Error("not implemented")` and TODO/FIXME stubs the AI left behind.
• no-hardcoded-localhostFlag hardcoded `localhost`/`127.0.0.1`/`0.0.0.0` URLs that ship to production.
• no-hardcoded-secretsFlag hardcoded API keys, tokens, and private keys (AWS, GitHub, Stripe, Google, Slack, OpenAI, Anthropic, JWT, PEM).

Use it

Enable no-mock-data-in-prod in your eslint.config.js:

import deslint from '@deslint/eslint-plugin';

export default [
  {
    plugins: { deslint },
    rules: {
      'deslint/no-mock-data-in-prod': 'error',
    },
  },
];

Found a false positive? Report it on GitHub →

← Back to all rules