HighFile-scopeJavaScript / TypeScript Plug & play

Read headers/cookies only on the server

Use headers() and cookies() in Server Components, Route Handlers, or server actions; never in Client Components.

Why this matters

Ensures security and compatibility with RSC.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

'use client'
import { cookies } from 'next/headers'
const c = cookies()

Prefer

import { headers, cookies } from 'next/headers'
export default function Layout(){ const locale = headers().get('x-locale') ?? 'en'; return <html lang={locale}><body>{/* ... */}</body></html> }

More snippets

Bad

cookies() inside a Client Component

Good

headers() inside a server layout

Related rules

From the same buckets as this rule.

High
Keep 'use client' at the leaf: default to Server Components
Prefer Server Components for pages/layouts and move interactivity to small leaf Client Components. Only add 'use client' where browser APIs or event handlers are strictly necessary.
stack-nextjsstack-react+2
High
Make fetch caching explicit in Server Components
For dynamic data use { cache: 'no-store' } or file-level dynamic = 'force-dynamic'. For ISR use { next: { revalidate: N, tags: [...] } }.
stack-nextjsstack-react+2
High
Middleware only for light auth/rewrites
Keep middleware fast and side-effect free (no DB writes). Narrow the matcher and skip static assets. Use Route Handlers for heavy logic.
stack-nextjsstack-react+2

Why this matters

Bad vs. good

More snippets

Related rules

Keep 'use client' at the leaf: default to Server Components

Make fetch caching explicit in Server Components

Middleware only for light auth/rewrites

Why this matters

Bad vs. good

More snippets

Related rules

Keep 'use client' at the leaf: default to Server Components

Make fetch caching explicit in Server Components

Middleware only for light auth/rewrites