NEXTJS_SAFE_URL_IMPORTS

Prevent unsafe URL Imports from being added to Next.js applications.
Table of Contents

Conformance is available on Enterprise plans

URL imports are an experimental feature that allows you to import modules directly from external servers (instead of from the local disk). When you opt-in, and supply URL prefixes inside next.config.js, like so:

next.config.js
module.exports = {
  experimental: {
    urlImports: ['https://example.com/assets/', 'https://cdn.skypack.dev'],
  },
};

If any of the URLs have not been added to the safe import comformance configuration, then this will cause this rule to fail.

Engineers should reach out to the appropriate engineer(s) or team(s) for a security review of the URL import configuration.

When requesting a review, please provide as much information as possible around the proposed URL being added, and if there any security implications for using the URL.

If this URL is deemed safe for general use, it can be added to the list of approved URL imports. This can be done by following the Customizing Conformance docs to add the URL to your conformance.config.jsonc file:

conformance.config.jsonc
"NEXTJS_SAFE_URL_IMPORTS": {
  urlImports: [theUrlToAdd],
}
Last updated on July 23, 2024