firebase · kyungseopk1m · Apr 15, 2026 · Apr 15, 2026
diff --git a/src/app-check/app-check.ts b/src/app-check/app-check.ts
@@ -51,7 +51,7 @@ export class AppCheck {
     try {
       this.tokenGenerator = new AppCheckTokenGenerator(cryptoSignerFromApp(app));
     } catch (err) {
-      throw appCheckErrorFromCryptoSignerError(err);
+      throw appCheckErrorFromCryptoSignerError(err as Error);
     }
     this.appCheckTokenVerifier = new AppCheckTokenVerifier(app);
   }

diff --git a/src/app/credential-internal.ts b/src/app/credential-internal.ts
@@ -37,7 +37,7 @@ const SCOPES = [
 export class ApplicationDefaultCredential implements Credential {
 
   private readonly googleAuth: GoogleAuth;
-  private authClient: AnyAuthClient;
+  private authClient?: AnyAuthClient;
   private projectId?: string;
   private quotaProjectId?: string;
   private accountId?: string;
@@ -121,7 +121,7 @@ export class ServiceAccountCredential implements Credential {
   public readonly privateKey: string;
   public readonly clientEmail: string;
 
-  private googleAuth: GoogleAuth;
+  private googleAuth!: GoogleAuth;
   private authClient: AnyAuthClient | undefined;
 
   /**
@@ -173,9 +173,9 @@ export class ServiceAccountCredential implements Credential {
  */
 class ServiceAccount {
 
-  public readonly projectId: string;
-  public readonly privateKey: string;
-  public readonly clientEmail: string;
+  public readonly projectId!: string;
+  public readonly privateKey!: string;
+  public readonly clientEmail!: string;
 
   public static fromPath(filePath: string): ServiceAccount {
     try {
@@ -231,7 +231,7 @@ class ServiceAccount {
  */
 export class RefreshTokenCredential implements Credential {
 
-  private googleAuth: GoogleAuth;
+  private googleAuth!: GoogleAuth;
   private authClient: AnyAuthClient | undefined;
 
   /**
@@ -278,10 +278,10 @@ export class RefreshTokenCredential implements Credential {
 
 class RefreshToken {
 
-  public readonly clientId: string;
-  public readonly clientSecret: string;
-  public readonly refreshToken: string;
-  public readonly type: string;
+  public readonly clientId!: string;
+  public readonly clientSecret!: string;
+  public readonly refreshToken!: string;
+  public readonly type!: string;
 
   /*
    * Tries to load a RefreshToken from a path. Throws if the path doesn't exist or the
@@ -330,7 +330,7 @@ class RefreshToken {
  */
 export class ImpersonatedServiceAccountCredential implements Credential {
 
-  private googleAuth: GoogleAuth;
+  private googleAuth!: GoogleAuth;
   private authClient: AnyAuthClient | undefined;
 
   /**

diff --git a/src/app/firebase-app.ts b/src/app/firebase-app.ts
@@ -38,8 +38,8 @@ export interface FirebaseAccessToken {
  * Internals of a FirebaseApp instance.
  */
 export class FirebaseAppInternals {
-  private cachedToken_: FirebaseAccessToken;
-  private promiseToCachedToken_: Promise<FirebaseAccessToken>;
+  private cachedToken_!: FirebaseAccessToken;
+  private promiseToCachedToken_!: Promise<FirebaseAccessToken>;
   private tokenListeners_: Array<(token: string) => void>;
   private isRefreshing: boolean;
 

diff --git a/src/auth/auth-api-request.ts b/src/auth/auth-api-request.ts
@@ -121,7 +121,7 @@ enum WriteOperationType {
 class AuthResourceUrlBuilder {
 
   protected urlFormat: string;
-  private projectId: string;
+  private projectId!: string;
 
   /**
    * The resource URL builder constructor.
@@ -494,7 +494,7 @@ function validateCreateEditRequest(request: any, writeOperationType: WriteOperat
       // JSON parsing error. This should never happen as we stringify the claims internally.
       // However, we still need to check since setAccountInfo via edit requests could pass
       // this field.
-      throw new FirebaseAuthError(AuthClientErrorCode.INVALID_CLAIMS, error.message);
+      throw new FirebaseAuthError(AuthClientErrorCode.INVALID_CLAIMS, (error as Error).message);
     }
     const invalidClaims: string[] = [];
     // Check for any invalid claims.
@@ -1013,8 +1013,8 @@ const LIST_INBOUND_SAML_CONFIGS = new ApiSettings('/inboundSamlConfigs', 'GET')
 export abstract class AbstractAuthRequestHandler {
 
   protected readonly httpClient: AuthorizedHttpClient;
-  private authUrlBuilder: AuthResourceUrlBuilder;
-  private projectConfigUrlBuilder: AuthResourceUrlBuilder;
+  private authUrlBuilder!: AuthResourceUrlBuilder;
+  private projectConfigUrlBuilder!: AuthResourceUrlBuilder;
 
   /**
    * @param response - The response to check for errors.

diff --git a/src/auth/auth-config.ts b/src/auth/auth-config.ts
@@ -1337,7 +1337,7 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
   public readonly issuer: string;
   public readonly clientId: string;
   public readonly clientSecret?: string;
-  public readonly responseType: OAuthResponseType;
+  public readonly responseType?: OAuthResponseType;
 
   /**
    * Converts a client side request to a OIDCConfigServerRequest which is the format

diff --git a/src/auth/base-auth.ts b/src/auth/base-auth.ts
@@ -121,7 +121,7 @@ export function createFirebaseTokenGenerator(app: App,
     const signer = useEmulator() ? new EmulatedSigner() : cryptoSignerFromApp(app);
     return new FirebaseTokenGenerator(signer, tenantId);
   } catch (err) {
-    throw handleCryptoSignerError(err);
+    throw handleCryptoSignerError(err as Error);
   }
 }
 

diff --git a/src/auth/tenant-manager.ts b/src/auth/tenant-manager.ts
@@ -69,7 +69,7 @@ export class TenantAwareAuth extends BaseAuth {
    * All calls to the user management APIs, OIDC/SAML provider management APIs, email link
    * generation APIs, etc will only be applied within the scope of this tenant.
    */
-  public readonly tenantId: string;
+  public readonly tenantId!: string;
 
   /**
    * The TenantAwareAuth class constructor.

diff --git a/src/auth/user-import-builder.ts b/src/auth/user-import-builder.ts
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-import { FirebaseArrayIndexError } from '../app/index';
+import { FirebaseArrayIndexError, FirebaseError } from '../app/index';
 import { deepCopy, deepExtend } from '../utils/deep-copy';
 import * as utils from '../utils';
 import * as validator from '../utils/validator';
@@ -752,7 +752,7 @@ export class UserImportBuilder {
         // Save the client side error with respect to the developer provided array.
         this.userImportResultErrors.push({
           index,
-          error,
+          error: error as FirebaseError,
         });
       }
     });

diff --git a/src/auth/user-record.ts b/src/auth/user-record.ts
@@ -100,7 +100,7 @@ export abstract class MultiFactorInfo {
   /**
    * The ID of the enrolled second factor. This ID is unique to the user.
    */
-  public readonly uid: string;
+  public readonly uid!: string;
 
   /**
    * The optional display name of the enrolled second factor.
@@ -112,7 +112,7 @@ export abstract class MultiFactorInfo {
    * For SMS second factors, this is `phone`.
    * For TOTP second factors, this is `totp`.
    */
-  public readonly factorId: string;
+  public readonly factorId!: string;
 
   /**
    * The optional date the second factor was enrolled, formatted as a UTC string.
@@ -215,7 +215,7 @@ export class PhoneMultiFactorInfo extends MultiFactorInfo {
   /**
    * The phone number associated with a phone second factor.
    */
-  public readonly phoneNumber: string;
+  public readonly phoneNumber!: string;
 
   /**
    * Initializes the PhoneMultiFactorInfo object using the server side response.
@@ -269,7 +269,7 @@ export class TotpMultiFactorInfo extends MultiFactorInfo {
   /**
    * `TotpInfo` struct associated with a second factor
    */
-  public readonly totpInfo: TotpInfo;
+  public readonly totpInfo!: TotpInfo;
 
   /**
    * Initializes the `TotpMultiFactorInfo` object using the server side response.
@@ -317,7 +317,7 @@ export class MultiFactorSettings {
    * List of second factors enrolled with the current user.
    * Currently only phone and TOTP second factors are supported.
    */
-  public enrolledFactors: MultiFactorInfo[];
+  public enrolledFactors!: MultiFactorInfo[];
 
   /**
    * Initializes the `MultiFactor` object using the server side or JWT format response.
@@ -365,12 +365,12 @@ export class UserMetadata {
   /**
    * The date the user was created, formatted as a UTC string.
    */
-  public readonly creationTime: string;
+  public readonly creationTime!: string;
 
   /**
    * The date the user last signed in, formatted as a UTC string.
    */
-  public readonly lastSignInTime: string;
+  public readonly lastSignInTime!: string;
 
   /**
    * The time at which the user was last active (ID token refreshed),
@@ -419,32 +419,32 @@ export class UserInfo {
   /**
    * The user identifier for the linked provider.
    */
-  public readonly uid: string;
+  public readonly uid!: string;
 
   /**
    * The display name for the linked provider.
    */
-  public readonly displayName: string;
+  public readonly displayName!: string;
 
   /**
    * The email for the linked provider.
    */
-  public readonly email: string;
+  public readonly email!: string;
 
   /**
    * The photo URL for the linked provider.
    */
-  public readonly photoURL: string;
+  public readonly photoURL!: string;
 
   /**
    * The linked provider ID (for example, "google.com" for the Google provider).
    */
-  public readonly providerId: string;
+  public readonly providerId!: string;
 
   /**
    * The phone number for the linked provider.
    */
-  public readonly phoneNumber: string;
+  public readonly phoneNumber!: string;
 
 
   /**
@@ -494,7 +494,7 @@ export class UserRecord {
   /**
    * The user's `uid`.
    */
-  public readonly uid: string;
+  public readonly uid!: string;
 
   /**
    * The user's primary email, if set.
@@ -504,7 +504,7 @@ export class UserRecord {
   /**
    * Whether or not the user's primary email is verified.
    */
-  public readonly emailVerified: boolean;
+  public readonly emailVerified!: boolean;
 
   /**
    * The user's display name.
@@ -525,17 +525,17 @@ export class UserRecord {
    * Whether or not the user is disabled: `true` for disabled; `false` for
    * enabled.
    */
-  public readonly disabled: boolean;
+  public readonly disabled!: boolean;
 
   /**
    * Additional metadata about the user.
    */
-  public readonly metadata: UserMetadata;
+  public readonly metadata!: UserMetadata;
 
   /**
    * An array of providers (for example, Google, Facebook) linked to the user.
    */
-  public readonly providerData: UserInfo[];
+  public readonly providerData!: UserInfo[];
 
   /**
    * The user's hashed password (base64-encoded), only if Firebase Auth hashing

diff --git a/src/database/database.ts b/src/database/database.ts
@@ -64,8 +64,8 @@ const TOKEN_REFRESH_THRESHOLD_MILLIS = 5 * 60 * 1000;
 export class DatabaseService {
 
   private readonly appInternal: App;
-  private tokenListener: (token: string) => void;
-  private tokenRefreshTimeout: NodeJS.Timeout;
+  private tokenListener!: (token: string) => void;
+  private tokenRefreshTimeout!: NodeJS.Timeout;
 
   private databases: {
     [dbUrl: string]: Database;

diff --git a/src/installations/installations-request-handler.ts b/src/installations/installations-request-handler.ts
@@ -52,7 +52,7 @@ export class FirebaseInstallationsRequestHandler {
   private readonly host: string = FIREBASE_IID_HOST;
   private readonly timeout: number = FIREBASE_IID_TIMEOUT;
   private readonly httpClient: AuthorizedHttpClient;
-  private path: string;
+  private path!: string;
 
   /**
    * @param app - The app used to fetch access tokens to sign API requests.

diff --git a/src/messaging/messaging.ts b/src/messaging/messaging.ts
@@ -87,7 +87,7 @@ function mapRawResponseToTopicManagementResponse(response: object): MessagingTop
  */
 export class Messaging {
 
-  private urlPath: string;
+  private urlPath!: string;
   private readonly appInternal: App;
   private readonly messagingRequestHandler: FirebaseMessagingRequestHandler;
   private useLegacyTransport = false;

diff --git a/src/project-management/project-management.ts b/src/project-management/project-management.ts
@@ -29,7 +29,7 @@ import { AppMetadata, AppPlatform } from './app-metadata';
 export class ProjectManagement {
 
   private readonly requestHandler: ProjectManagementRequestHandler;
-  private projectId: string;
+  private projectId!: string;
 
   /**
    * @param app - The app for this ProjectManagement service.

diff --git a/src/remote-config/remote-config.ts b/src/remote-config/remote-config.ts
@@ -299,7 +299,7 @@ class RemoteConfigTemplateImpl implements RemoteConfigTemplate {
  * Remote Config dataplane template data implementation.
  */
 class ServerTemplateImpl implements ServerTemplate {
-  private cache: ServerTemplateData;
+  private cache?: ServerTemplateData;
   private stringifiedDefaultConfig: { [key: string]: string } = {};
 
   constructor(
@@ -350,18 +350,10 @@ class ServerTemplateImpl implements ServerTemplate {
    * Evaluates the current template in cache to produce a {@link ServerConfig}.
    */
   public evaluate(context: EvaluationContext = {}): ServerConfig {
-    if (!this.cache) {
-
-      // This is the only place we should throw during evaluation, since it's under the
-      // control of application logic. To preserve forward-compatibility, we should only
-      // return false in cases where the SDK is unsure how to evaluate the fetched template.
-      throw new FirebaseRemoteConfigError(
-        'failed-precondition',
-        'No Remote Config Server template in cache. Call load() before calling evaluate().');
-    }
+    const cachedTemplate = this.getCachedTemplate(`${this.evaluate.name}()`);
 
     const evaluatedConditions = this.conditionEvaluator.evaluateConditions(
-      this.cache.conditions, context);
+      cachedTemplate.conditions, context);
 
     const configValues: { [key: string]: Value } = {};
 
@@ -371,7 +363,7 @@ class ServerTemplateImpl implements ServerTemplate {
     }
 
     // Overlays config Value objects derived by evaluating the template.
-    for (const [key, parameter] of Object.entries(this.cache.parameters)) {
+    for (const [key, parameter] of Object.entries(cachedTemplate.parameters)) {
       const { conditionalValues, defaultValue } = parameter;
 
       // Supports parameters with no conditional values.
@@ -423,6 +415,15 @@ class ServerTemplateImpl implements ServerTemplate {
    * @returns JSON representation of the server template
    */
   public toJSON(): ServerTemplateData {
+    return this.getCachedTemplate(`${this.toJSON.name}()`);
+  }
+
+  private getCachedTemplate(methodName: string): ServerTemplateData {
+    if (!this.cache) {
+      throw new FirebaseRemoteConfigError(
+        'failed-precondition',
+        `No Remote Config Server template in cache. Call load() or set() before calling ${methodName}.`);
+    }
     return this.cache;
   }
 }
@@ -453,7 +454,7 @@ class ServerConfigImpl implements ServerConfig {
  */
 class ServerTemplateDataImpl implements ServerTemplateData {
   public parameters: { [key: string]: RemoteConfigParameter };
-  public parameterGroups: { [key: string]: RemoteConfigParameterGroup };
+  public parameterGroups!: { [key: string]: RemoteConfigParameterGroup };
   public conditions: NamedCondition[];
   public readonly etag: string;
   public version?: Version;