darraghoriordan · SchroederSteffen · Jul 21, 2025 · Jul 21, 2025 · SchroederSteffen · Jul 21, 2025
@@ -108,9 +108,7 @@ There are some tightly coupled but untyped decorators and things like that in ne
 
 ### 4. Security
 
-There is a CVE for class-transformer when using random javascript objects. You need to be careful about configuring the ValidationPipe in NestJs. See
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18413
-https://github.com/typestack/class-validator/issues/438
+There is a CVE for class-transformer when using random javascript objects. You need to be careful about configuring the ValidationPipe in NestJs. See [`should-specify-forbid-unknown-values`](./src/docs/rules/should-specify-forbid-unknown-values.md).
 
 ## To install
 
@@ -208,8 +206,7 @@ Note: You can easily turn off all the swagger rules if you don't use swagger by
 Disable a single rule with the full name e.g. in your eslint configuration...
 
 ```ts
-   rules: {
-   "@darraghor/nestjs-typed/api-property-returning-array-should-set-array":
-            "off",
-   }
+    rules: {
+        "@darraghor/nestjs-typed/api-property-returning-array-should-set-array": "off",
+    }
 ```
@@ -1,12 +1,11 @@
-### Rule: validation-pipe-should-forbid-unknown
+### Rule: should-specify-forbid-unknown-values
 
 This checks when if you are setting ValidationPipe parameters you set forbidUnknownValues to true.
 
 The rule is ignored if you use a spread operator to pass options to the validation pipe constructor.
 
-There is a CVE for class-transformer when using random javascript objects. You need to be careful about configuring the ValidationPipe in NestJs. See
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18413
-https://github.com/typestack/class-validator/issues/438
+There is a CVE for class-transformer when using random javascript objects. You need to be careful about configuring the ValidationPipe in NestJs.
+See <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18413>, <https://github.com/typestack/class-validator/issues/438> & <https://github.com/nestjs/nest/issues/10683>.
 
 e.g. this PASSES because the property is set
 

@@ -13,7 +13,7 @@ const ruleTester = new RuleTester({
     },
 });
 
-ruleTester.run("validation-pipe-should-use-forbid-unknown", rule, {
+ruleTester.run("should-specify-forbid-unknown-values", rule, {
     valid: [
         {
             code: `

@@ -1,6 +1,5 @@
-import {TSESTree} from "@typescript-eslint/utils";
+import {ASTUtils, TSESTree} from "@typescript-eslint/utils";
 import {createRule} from "../../utils/createRule.js";
-import {ASTUtils} from "@typescript-eslint/utils";
 
 export const isValidationPipeNewExpression = (node: TSESTree.Node): boolean => {
     const newExpression = node as TSESTree.NewExpression;
@@ -82,7 +81,7 @@ export const shouldTriggerForVariableDeclaratorExpression = (
 };
 
 const rule = createRule<[], "shouldSpecifyForbidUnknownValues">({
-    name: "validation-pipe-should-use-forbid-unknown",
+    name: "should-specify-forbid-unknown-values",
     meta: {
         docs: {
             description:
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,7 +13,7 @@ const ruleTester = new RuleTester({ @@
         },
     });
-    ruleTester.run("validation-pipe-should-use-forbid-unknown", rule, {
+    ruleTester.run("should-specify-forbid-unknown-values", rule, {
         valid: [
             {
                 code: `
@@ Expand Down @@