LowFile-scopeJavaScript / TypeScript Plug & play

Input validation for Brazilian identifiers (CPF/CNPJ) with checksum

Validate CPF/CNPJ format and checksum server-side; reject storage of invalid identifiers and never auto-correct them. Store normalized (digits-only) representation.

Add to Mesrai Open workspace

Why this matters

Accurate identifiers reduce unlawful processing and mistaken identity under LGPD.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

const cpf = req.body.cpf; db.save({ cpf });

Prefer

const cpf = onlyDigits(req.body.cpf);\nif(!isValidCPF(cpf)) return res.status(422).json({ error: 'invalid_cpf' });\nstore({ cpf });

More snippets

Good

if(isValidCPF(onlyDigits(cpf))) store({cpf})

Bad

store({ cpf }) // no validation

Related rules

From the same buckets as this rule.

Critical
Children's data: verify age and parental consent
If data subject is a child/adolescent, require age verification and parental/legal guardian consent prior to processing; deny processing otherwise and do not store the payload.
compliance-lgpdapi-conventions+1
Critical
Deletion requests: anonymize or hard-delete PII irreversibly
On LGPD deletion, remove or irreversibly anonymize PII and purge dependent caches. Keep minimal audit metadata (timestamp, request ID) not linkable back to the subject.
compliance-lgpdmigrations-backward-compat+1
Critical
Encrypt PII at rest with AES-GCM and managed keys
For fields like CPF, birth_date, and address, use AES-256-GCM with envelope encryption. Keys must come from a managed KMS; rotate data keys at least annually and store key IDs with the ciphertext.
compliance-lgpdsecurity-hardening

Why this matters

Bad vs. good

More snippets

Related rules

Children's data: verify age and parental consent

Deletion requests: anonymize or hard-delete PII irreversibly

Encrypt PII at rest with AES-GCM and managed keys

Why this matters

Bad vs. good

More snippets

Related rules

Children's data: verify age and parental consent

Deletion requests: anonymize or hard-delete PII irreversibly

Encrypt PII at rest with AES-GCM and managed keys