Config Validator

Validate QBCore configuration files for syntax mistakes, structural gaps, and helpful best-practice reminders.

Overview

The Config Validator checks your QBCore configuration files for mismatched delimiters, unclosed strings, missing Config declarations, enabled debug flags, exposed credentials, and recommended settings so you can keep configurations production-ready.

Configuration Validator

Validate your QBCore configuration files for syntax issues, structure checks, and security reminders before deployment.

Upload File

Drag and drop your config file here or click to browse

Supported files: .lua, .json, .cfg, .js, .ts

Paste Content

0 characters • 0 lines

What We Check

Syntax Balance

Detects mismatched braces and brackets

String Closure

Spots strings missing closing quotes

Config Structure

Ensures Config tables and keys are declared

Sensitive Values

Highlights potential passwords or tokens

Debug Flags

Warns when debug mode is still enabled

Recommended Keys

Reminds you about Locale and UseTarget

Validation Features

Syntax safeguards

Balanced delimiters: Detects missing or mismatched braces, brackets, and parentheses.
Unclosed strings: Flags strings that never close in Lua or JSON files.
JSON parsing: Reports precise syntax errors when JSON content fails to parse.

Configuration structure

Config table detection: Warns when Lua files assign to Config without declaring it first.
JSON Config key: Verifies that JSON configs expose a top-level Config object.
Recommended keys: Suggests adding Config.Locale and Config.UseTarget when absent.

Security and debug awareness

Hardcoded credentials: Highlights suspicious secrets or passwords stored inline.
Debug flags: Alerts when debug toggles remain enabled in production configs.

Common Configuration Issues

Balanced delimiters

-- ❌ Missing closing brace
Config.Gangs = {
    ['ballas'] = {
        label = 'Ballas'
    }
-- Missing closing brace triggers the validator
 
-- ✅ Balanced braces
Config.Gangs = {
    ['ballas'] = {
        label = 'Ballas'
    }
}

Unclosed strings

-- ❌ String never closes
Config.Locale = 'en
 
-- ✅ String closes properly
Config.Locale = 'en'

Missing Config table

-- ❌ Assigning to Config before declaration
Config.Debug = true
 
-- ✅ Declare Config first
Config = Config or {}
Config.Debug = true

Missing JSON Config key

// ❌ No top-level Config wrapper
{
  "Players": []
}
 
// ✅ Config object included
{
  "Config": {
    "Players": []
  }
}

Debug flag left enabled

-- ❌ Debugging enabled in production
Config.Debug = true
 
-- ✅ Debugging disabled
Config.Debug = false

Hardcoded credentials

-- ❌ Password stored in plain text
Config.DatabasePassword = 'changeme'
 
-- ✅ Retrieve secrets from convars
Config.DatabasePassword = GetConvar('mysql_password', '')

Best Practices

Configuration Structure

-- Recommended config structure
Config = Config or {}
 
-- Debug and development settings
Config.Debug = false
Config.Locale = 'en'
Config.UseTarget = true
 
-- Core settings grouped logically
Config.Server = {
    Name = "My QBCore Server",
    MaxPlayers = 64,
    RestartTime = { 6, 18 } -- 6 AM and 6 PM
}
 
Config.Economy = {
    StartingMoney = { cash = 500, bank = 5000 },
    PaycheckInterval = 30, -- minutes
    TaxRate = 0.15
}
 
-- Feature flags for easy toggling
Config.Features = {
    Banking = true,
    Housing = true,
    Vehicles = true,
    Jobs = true
}

Environment Variables

-- ❌ Hardcoded sensitive data
Config.Database = {
    Host = "localhost",
    Username = "root",
    Password = "mypassword123"
}
 
-- ✅ Use environment variables
Config.Database = {
    Host = GetConvar('mysql_host', 'localhost'),
    Username = GetConvar('mysql_user', 'qbcore'),
    Password = GetConvar('mysql_password', '')
}

Localization Support

-- Proper localization structure
Config.Locale = GetConvar('qb_locale', 'en')
Config.UseTarget = GetConvar('qb_use_target', 'true') == 'true'
 
Config.Locales = {
    ['en'] = {
        ['welcome'] = 'Welcome to the server!',
        ['goodbye'] = 'Thanks for playing!'
    },
    ['es'] = {
        ['welcome'] = '¡Bienvenido al servidor!',
        ['goodbye'] = '¡Gracias por jugar!'
    }
}

Validation Rules

Critical Rules (Errors)

Balanced delimiters: Invalid brace, bracket, or parenthesis pairs that stop configs from loading.
Unclosed strings: Strings left open that break Lua or JSON parsing.
JSON parsing: Structural JSON issues reported with line and column detail.

Warning Rules

Missing Config table: Assignments to Config before the table is defined.
Missing JSON Config key: JSON files without a top-level Config object.
Hardcoded credentials: Passwords, tokens, or secrets left inline.
Debug flags: Config.Debug or similar flags left enabled.

Information Rules

Recommended keys: Friendly reminders to add Config.Locale and Config.UseTarget.

Integration

Automated Validation

# Add to your deployment script
qb-config-validator --input configs/ --output report.json --format json
 
# CI/CD integration
- name: Validate Configurations
  run: |
    npm install -g qb-config-validator
    qb-config-validator --input . --fail-on-error

Pre-commit Hooks

{
  "scripts": {
    "pre-commit": "qb-config-validator --staged-only"
  }
}

Pro Tip: Run configuration validation before every server restart to catch issues early. Set up automated validation in your development workflow to maintain code quality.

Need help fixing configuration issues? Check our configuration guide or visit our support community.

Code Generator Event Debugger