@ornikar/eslint-config 18.5.0 → 18.7.0

package/CHANGELOG.md

@@ -3,6 +3,28 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [18.7.0](https://github.com/ornikar/eslint-configs/compare/v18.6.0...v18.7.0) (2022-04-29)
+
+
+### Features
+
+* add and configure eslint-plugin-security ARCH-1520 ([#298](https://github.com/ornikar/eslint-configs/issues/298)) ([9168a5e](https://github.com/ornikar/eslint-configs/commit/9168a5e66ec174570e063cebcb5eb47ea178deba))
+
+
+
+
+
+# [18.6.0](https://github.com/ornikar/eslint-configs/compare/v18.5.0...v18.6.0) (2022-04-26)
+
+
+### Features
+
+* **eslint-config-typescript:** disable node/no-unsupported-features for typescript ([481cf34](https://github.com/ornikar/eslint-configs/commit/481cf34f221138b5c6691dc9031571c34f703651))
+
+
+
+
+
 # [18.5.0](https://github.com/ornikar/eslint-configs/compare/v18.4.0...v18.5.0) (2022-04-26)
 
 

package/_shared.js

@@ -1,7 +1,11 @@
 'use strict';
 
 module.exports = {
-  extends: ['./rules/best-practices', './rules/style', './rules/sort-imports-exports', './rules/unicorn'].map(
-    require.resolve,
-  ),
+  extends: [
+    './rules/best-practices',
+    './rules/style',
+    './rules/sort-imports-exports',
+    './rules/security',
+    './rules/unicorn',
+  ].map(require.resolve),
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ornikar/eslint-config",
-  "version": "18.5.0",
+  "version": "18.7.0",
   "description": "eslint config files",
   "repository": "ornikar/eslint-configs",
   "main": "index.js",
@@ -17,6 +17,7 @@
     "eslint-plugin-import": "^2.25.4",
     "eslint-plugin-jsx-a11y": "^6.4.1",
     "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-security": "^1.5.0",
     "eslint-plugin-simple-import-sort": "^7.0.0",
     "eslint-plugin-unicorn": "^42.0.0"
   },
@@ -25,8 +26,8 @@
     "prettier": "^2.2.1"
   },
   "devDependencies": {
-    "eslint": "8.13.0",
+    "eslint": "8.14.0",
     "prettier": "2.6.2"
   },
-  "gitHead": "cef1de718bc2987f8989b4b12923456338ae7073"
+  "gitHead": "7513918d688075a9910279605b719bf9632880e4"
 }

package/rules/node.js

@@ -3,6 +3,7 @@
 module.exports = {
   plugins: ['node'],
   extends: ['plugin:node/recommended', require.resolve('./node-override')],
+
   parserOptions: {
     // top level await is introduced in ecmaVersion: 2022 but supported since node 14
     ecmaVersion: 2022,

package/rules/security.js

@@ -0,0 +1,22 @@
+'use strict';
+
+module.exports = {
+  // https://github.com/nodesecurity/eslint-plugin-security
+  plugins: ['security'],
+  extends: ['plugin:security/recommended'],
+  rules: {
+    'security/detect-buffer-noassert': 'error',
+    'security/detect-child-process': 'error',
+    'security/detect-disable-mustache-escape': 'error',
+    'security/detect-eval-with-expression': 'error',
+    'security/detect-new-buffer': 'error',
+    'security/detect-no-csrf-before-method-override': 'error',
+    'security/detect-non-literal-fs-filename': 'error',
+    'security/detect-non-literal-regexp': 'error',
+    'security/detect-non-literal-require': 'error',
+    'security/detect-object-injection': 'off', // we use it when necessary and don't call it so not a security issue for us
+    'security/detect-possible-timing-attacks': 'error',
+    'security/detect-pseudoRandomBytes': 'error',
+    'security/detect-unsafe-regex': 'error',
+  },
+};