Skip to main content

No mock libraries imported in production code

ab-000257 · ai-slop-half-finished.mock-responses.mock-lib-imported-in-prod
Severity: highactive

Why it matters

Packages like msw, nock, and fetch-mock intercept network traffic at the module level. If one is imported from a production route or shared client, every outbound call from that path hits the mock instead of the real backend — so payments, auth, and analytics silently no-op while returning fake success responses. The defect typically ships because AI scaffolding imports these libraries into source files while prototyping, and the import is never removed before deploy.

Severity rationale

High because a single stray mock import can redirect entire subsystems to fabricated responses in production.

Remediation

Move every mock-library import into files under tests/ or __tests__/ and delete the import from production source. Verify your bundler output with next build or webpack --profile to confirm none of the listed packages appear. Example correction:

// tests/handlers.ts — mocks live here, never in src/
import { rest } from 'msw'

Detection

  • ID: ai-slop-half-finished.mock-responses.mock-lib-imported-in-prod

  • Severity: high

  • What to look for: Walk all non-test source files and count all imports from these exact mock-library packages: msw, @mswjs/data, @mswjs/cookies, nock, sinon, testdouble, mock-fs, mock-aws-s3, aws-sdk-mock, fetch-mock, jest-fetch-mock, @pact-foundation/pact, mocker-data-generator, @faker-js/faker (unless imported only in seed files), chance, casual. Report each file path and the mock library it imports.

  • Pass criteria: 0 imports of mock libraries in non-test source files (excluding seed files for @faker-js/faker, chance, casual). Report: "Scanned X non-test source files, 0 import mock libraries."

  • Fail criteria: At least 1 non-test source file imports a mock library from the list (excluding legitimate seed-file usage of data generators).

  • Skip (N/A) when: 0 mock libraries from the list appear in package.json dependencies or devDependencies.

  • Detail on fail: "2 production files import mock libraries: src/app/api/users/route.ts imports 'msw', src/lib/api-client.ts imports 'fetch-mock'"

  • Remediation: Mock libraries are for tests, not production. If an MSW handler ends up in a production route, all traffic goes to the mock instead of the real backend. Move mock usage to test files only:

    // Bad: src/app/api/users/route.ts
    import { rest } from 'msw'  // mock library in production path!
    
    // Good: keep MSW strictly in tests/
    // tests/handlers.ts
    import { rest } from 'msw'
    

    Check your bundler output to confirm mock libraries are not included in the production bundle.

Taxons

History