Glob patterns now match project root instead of app/
@clerk/eslint-plugin@0.2.0
Minor Changes
-
The
require-auth-protectionrule now matchesprotectedandpublicglobs relative to the project root, instead of relative toapp/. You can specifyrootDirto control the project root. (#8942) by @EphemBreaking change: If your project uses the
src/app/folder structure, you need to rewrite your globs. For example, instead ofpublic: ['app/sign-in/**'], use:public: ['src/app/sign-in/**'].
Patch Changes
-
Handle non-promise return types when
require-auth-protectionrule fixer makes the functionasync. (#8941) by @EphemThe eslint rule fixer will now wrap a non-promise return type with
Promise<>to produce valid TypeScript. -
The
require-auth-protectionfixer now matches the string quote style of existing imports when inserting a newauthimport. (#8941) by @EphemPreviously, new imports always used single quotes regardless of how other imports in the file were quoted.
-
The
require-auth-protectionrule now accepts OR-conditions likeif (!isAuthenticated || otherCondition)when determining if a resource is protected. (#8941) by @EphemPreviously, only bare auth checks such as
if (!isAuthenticated)were recognized. Guards with only||are safe but were incorrectly reported as missing protection.
Fetched June 25, 2026


