Mock data in production

Mock data in production is when test-only fixtures, stubbed service responses, or simulated API behavior ships in a real deploy and is served to real users or downstream systems.

Why it happens

• mocks are valid code and often compile cleanly
• tests validate shapes and flows, not real integrations
• runtime configuration missing triggers fallbacks
• shared monorepo packages hide dev-only imports

Symptoms

• plausible but wrong data appears in UI or APIs
• "demo" content leaks into real sessions
• production incidents with no obvious stack traces

Prevention

The most reliable prevention is a deploy gate that blocks builds containing:

• mock libraries outside dev/test contexts
• __mocks__, fixtures, fake, seed artifacts in production builds
• missing required env vars that force fallback behavior

Some teams use guardrail to detect this automatically in CI.