A blocklist of 1,000+ reserved slugs for web applications
Open-source npm package to prevent URL collisions when users pick their own slugs.
Any app that lets users pick a slug — for a username, team, or org URL — needs to block the ones that collide with its own routes. /admin, /api, /login, /settings, the obvious ones. But also /graphql, /sso, /healthcheck, /workspace, /dmca — the stuff modern web apps actually ship that the old reserved-username lists never covered.
I kept running into this across projects and got tired of copy-pasting the same half-complete list. The existing open-source lists on GitHub hadn't been updated in years. So I built reserved-slugs — 1,000+ slugs organized into 15 categories, published as a typed npm package. You can import the full set, individual categories, or use the case-insensitive check functions. The whole list is also available as static JSON, CSV, YAML, XML, TOML, and plain text files for non-JS projects.