api
- Type:
boolean | number | object - Default:
false - CLI:
--api,--api.port,--api.host,--api.strictPort
Listen to port and serve API for the UI or browser server. When set to true, the default port is 51204.
api.allowWrite 4.1.0+
- Type:
boolean - Default:
trueif not exposed to the network,falseotherwise
Vitest server can save test files or snapshot files via the API. This allows anyone who can connect to the API the ability to run any arbitary code on your machine.
SECURITY ADVICE
Vitest does not expose the API to the internet by default and only listens on localhost. However if host is manually exposed to the network, anyone who connects to it can run arbitrary code on your machine, unless api.allowWrite and api.allowExec are set to false.
If the host is set to anything other than localhost or 127.0.0.1, Vitest will set api.allowWrite and api.allowExec to false by default. This means that any write operations (like changing the code in the UI) will not work. However, if you understand the security implications, you can override them.
api.allowExec 4.1.0+
- Type:
boolean - Default:
trueif not exposed to the network,falseotherwise
Allows running any test file via the API. See the security advice in api.allowWrite.