Route handler files only export valid Next.js convention names
Why it matters
Next.js App Router route handlers that export non-conventional names — handler, default, loader — are silently ignored by the framework. The file appears to have an endpoint but HTTP requests return 405 Method Not Allowed or fall through to the next handler with no warning, no build error, and no runtime log. This reference-integrity gap makes the failure invisible: your API contract says the route exists, but no code runs. The taxon code-quality understates the operational impact — a hallucinated export name deletes the handler entirely from the request lifecycle.
Severity rationale
Medium because the route silently stops working rather than exposing a security vulnerability, but the debugging surface is near-zero without knowing the allowlist.
Remediation
Rename every export in app/**/route.ts files to match a valid HTTP method or accepted Next.js config name. The complete allowlist is: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, dynamic, dynamicParams, revalidate, fetchCache, runtime, preferredRegion, maxDuration, generateStaticParams.
// app/api/users/route.ts
// Bad — 'handler' is ignored by Next.js App Router
export async function handler(req: Request) {
return Response.json({ ok: true })
}
// Good — export the HTTP method name
export async function GET(req: Request) {
return Response.json({ ok: true })
}
export async function POST(req: Request) {
const body = await req.json()
// ...
return Response.json({ created: true }, { status: 201 })
}
Pages Router patterns (export default, getServerSideProps) are invalid in App Router route files.
Detection
-
ID:
route-handler-exports-valid -
Severity:
medium -
What to look for: When the framework is Next.js, walk all files matching
app/**/route.{ts,js}orapp/**/route.{tsx,jsx}. For each route handler file, extract every named export. Check each export against this exact allowlist of Next.js Route Handler conventional names:GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,dynamic,dynamicParams,revalidate,fetchCache,runtime,preferredRegion,maxDuration,generateStaticParams. Any export name not on this allowlist (e.g.,default,handler,loader,getServerSideProps,metadata) is a hallucination — Next.js will silently ignore it, leaving the developer confused. Count all route handler files inspected, total non-conventional exports found. -
Pass criteria: 0 route handler files have non-conventional named exports. Report: "X route handler files inspected, 0 non-conventional exports."
-
Fail criteria: At least 1 route handler file exports a name that is not in the allowlist.
-
Skip (N/A) when: Framework is not Next.js OR no
app/**/route.{ts,js,tsx,jsx}files exist. -
Detail on fail:
"2 route handlers with non-conventional exports: app/api/users/route.ts exports 'handler' (Next.js ignores this — use 'GET'/'POST' etc.), app/api/auth/route.ts exports 'default' (Pages Router pattern, won't work in App Router)." -
Remediation: Next.js App Router route handlers must export named functions matching HTTP methods. Other names are silently ignored, which creates confusing "the route exists but does nothing" bugs:
// Bad: 'handler' won't be called by Next.js export async function handler(req: Request) { return Response.json({}) } // Good: use the HTTP method as the export name export async function GET(req: Request) { return Response.json({}) }
External references
- iso-25010:2011 · maintainability.analysability — Maintainability — Analysability: misrouted exports are silent failures that resist diagnosis
Taxons
History
- 2026-04-18·v1.0.0·Initial import from ai-slop-hallucinations·automated