2 min read

Conformance Allowlists

Learn how to use allowlists to bypass your Conformance rules to merge changes into your codebase.
Table of Contents

Conformance is available on Enterprise plans

Conformance allowlists enable developers to integrate code into the codebase, bypassing specific Conformance rules when necessary. This helps with collaboration, ensures gradual rule implementation, and serves as a systematic checklist for addressing issues.

An allowlist entry looks like the following:

  "entries": [
      "reason": "TODO: This existed before the Conformance test was added but should be fixed.",
      "location": {
        "workspace": "dashboard",
        "filePath": "next.config.js"
      "details": {
        "missingField": "headers"

The allowlist entry contains the following fields:

  • testName: The name of the triggered test
  • reason: Why this code instance is allowed despite Conformance catching it
  • location: The file path containing the error
  • details (optionally): Details about the Conformance error

An allowlist entry will match an existing one when the testName, location, and details fields all match. The reason is only used for documentation purposes.

In a monorepo, Conformance allowlists are located in an .allowlists/ directory in the root directory of each workspace. For repository-wide rules, place allowlist entries in the top-level .allowlists/ directory.

The Conformance CLI can add an allowlist entry for all the active errors. This can be useful when adding a new entry to the allowlist for review, or when a new check is being added to the codebase. To add an allowlist entry for all active errors in a package:

From the package directory:


pnpm conformance --allowlist-errors

From the root of a monorepo:


pnpm --filter=<package-name> conformance --allowlist-errors

You can use Code Owners with allowlists for specific team reviews on updates. For instance, have the security team review security-related entries.

To configure Code Owners for all tests at the top level for the entire repository:

**/*.allowlist.json @org/team:required
**/NO_CORS_HEADERS.* @org/security-team:required

For a specific workspace, add a .vercel.approvers file in the .allowlists sub-directory:

NO_EXTERNAL_CSS_AT_IMPORTS.* @org/performance-team:required

The :required check ensures any modifications need the specified owners' review.

Last updated on February 21, 2024