> ## Documentation Index
> Fetch the complete documentation index at: https://docs.overlayed.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Important information for keeping your application secure and preventing abuse.

## Overview

The `@overlayed/app/security` module provides utilities to keep your application secure and prevent abuse.

## assertNoProhibitedArgs

The `assertNoProhibitedArgs` function checks for prohibited command line arguments and exits the application if any are
found. This prevents users from launching your app with flags that could:

* Enable remote debugging
* Disable security features
* Open developer tools
* Load unauthorized extensions
* Bypass sandboxing

### Basic Usage

<Danger>
  We strongly recommend calling this function. Ideally, it should be called before any other code is executed.
</Danger>

```typescript theme={null}
import { assertNoProhibitedArgs } from "@overlayed/app/security";
import { overlayed } from "@overlayed/app";

// Check for prohibited arguments first
assertNoProhibitedArgs();

// Then initialize your electron app, overlayed, etc
const overlay = overlayed({
	// ...
});
```

### Production-Only Usage

You may want to only enforce this check in production builds:

```typescript theme={null}
import { assertNoProhibitedArgs } from "@overlayed/app/security";

if (import.meta.env.PROD) {
	assertNoProhibitedArgs();
}
```

### Selectively Allowing Arguments

In some cases, you may need to allow specific arguments (e.g., for debugging in development):

```typescript theme={null}
import { assertNoProhibitedArgs } from "@overlayed/app/security";

assertNoProhibitedArgs({
	args: {
		"--inspect": false, // Allow --inspect flag
	},
});
```

### Prohibited Arguments

The following command line arguments are blocked by default:

* `--inspect`
* `--inspect-brk`
* `--inspect-port`
* `--remote-debugging-port`
* `--remote-debugging-address`
* `--remote-debugging-pipe`
* `--remote-allow-origins`
* `--auto-open-devtools-for-tabs`
* `--devtools`
* `--disable-web-security`
* `--allow-file-access-from-files`
* `--allow-running-insecure-content`
* `--unsafely-treat-insecure-origin-as-secure`
* `--load-extension`
* `--proxy-server`
* `--proxy-bypass-list`
* `--no-sandbox`
* `--disable-gpu-sandbox`
