🔴 CRITICAL: Widespread use of 'any' type bypassing TypeScript safety #1265
Description
🔴 CRITICAL Type Safety Issue
Severity: CRITICAL
Type: TypeScript Type Safety / Code Quality
Impact: Runtime Errors / Broken Refactoring
📍 Scope
30+ occurrences of any type across the codebase, bypassing TypeScript's type safety.
Affected Files (sample):
packages/api/src/cloneArray.ts:1packages/api/src/EmbeddedChatApi.ts:16-20packages/auth/src/RocketChatAuth.ts:11packages/auth/src/Api.ts:7, 33-34packages/rc-app/lib/getCallbackContent.ts:1- And 25+ more files
🔥 Problem Description
Extensive use of any type eliminates TypeScript's core benefits:
- No compile-time type checking
- No IDE autocomplete
- No refactoring safety
- Runtime errors in production
Examples:
// Example 1: cloneArray - No type safety
const cloneArray = (array: any[]): any[] => [...array];
// Example 2: EmbeddedChatApi constructor - Callbacks not typed
constructor(
host: string,
rid: string,
{ getAuth, setAuth }: any, // No type checking
) {}
// Example 3: Message callbacks - Structure unknown
onMessage(callback: (message: any) => void) {
// Caller has no idea what message contains
}
// Example 4: RocketChatAuth - User shape unknown
currentUser: any = null;💥 Impact
- No IDE autocomplete - Developers don't know available properties
- Runtime errors - Type mismatches caught only in production
- Broken refactoring - Renaming fields doesn't update all usages
- Impossible to trace data flow - No way to understand message structure
Example Runtime Error:
onMessage((message: any) => {
console.log(message.user.name); // Runtime error if user is undefined
});✅ Recommended Fix
Define proper interfaces and use generic types:
// Define message interface
interface MessageData {
_id: string;
rid: string;
msg: string;
ts: Date;
u: {
_id: string;
username: string;
name?: string;
};
attachments?: Attachment[];
[key: string]: unknown; // Allow additional fields
}
// Fix cloneArray with generics
const cloneArray = <T extends Record<string, unknown>>(array: T[]): T[] => {
return [...array];
};
// Fix auth callbacks
interface AuthCallbacks {
getAuth: () => AuthToken | null;
setAuth: (token: AuthToken) => void;
}
constructor(
host: string,
rid: string,
callbacks: AuthCallbacks,
) {}
// Fix message callback
onMessage(callback: (message: MessageData) => void) {
// Now type-safe
}
// Fix currentUser
interface UserData {
_id: string;
username: string;
name?: string;
roles: string[];
// ... other fields
}
currentUser: UserData | null = null;🎯 Action Items
- Define core interfaces (MessageData, UserData, AuthToken, etc.)
- Replace
anyin critical paths (EmbeddedChatApi, RocketChatAuth) - Update function signatures with proper types
- Add generic constraints where appropriate
- Enable strict TypeScript checks
- Audit remaining
anyusage
📝 Implementation Strategy
Phase 1 (Week 1): Type critical paths
- EmbeddedChatApi methods
- RocketChatAuth core methods
- Message handling callbacks
Phase 2 (Week 2): Type remaining packages
- Auth package
- RC-app package
- API utilities
Phase 3 (Ongoing): Enable strict mode
noImplicitAny: truestrictNullChecks: true
⏱️ Timeline
Start: Immediately
Complete Critical Paths: 1 week
Full Resolution: 2-3 weeks
Priority: P0 - Critical Code Quality
Discovered by: Automated codebase security analysis
Date: April 5, 2026