In a 700-function benchmark across 5 AI models, Claude's vulnerability rate was 65–75%. A well-structured NestJS service with correct decorators and typed DTOs is no exception.
TypeScript passed it clean. The code ran. Then I ran the linter.
I gave Claude a single prompt: "Build a NestJS users service. Authentication, registration, login, profile endpoint, admin panel." 90 seconds later I had 200 lines of NestJS. Decorators in the right places, DTOs typed correctly, dependency injection wired up. It looked like code written by a developer who knew NestJS.
I ran eslint-plugin-nestjs-security — a plugin I built to catch exactly these patterns.
6 errors. 0 warnings. 3 seconds.
