npm - @shgysk8zer0/eslint-config - Versions diffs - 1.0.7 → 1.0.9 - Mend

@shgysk8zer0/eslint-config 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [v1.0.9] - 2026-03-18
+### Added
+- Extend invisible character detection rules
+## [v1.0.8] - 2026-03-18
+### Added
+- Add rule to prevent invisible characters
 ## [v1.0.7] - 2026-03-02
 ### Fixed

package/browser.cjs CHANGED Viewed

@@ -52,6 +52,35 @@ const rules =  {
 	'no-async-promise-executor': 0,
 	'no-prototype-builtins': 0,
 	'no-unused-vars': 'error',
+	'no-irregular-whitespace': ['error', {
+		skipStrings: false,
+		skipComments: false,
+		skipRegExps: false,
+		skipTemplates: false
+	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 var browser = (config = {}) => ({ rules, languageOptions: browser$1, ...config });

package/config.cjs CHANGED Viewed

@@ -80,6 +80,35 @@ const rules =  {
 	'no-async-promise-executor': 0,
 	'no-prototype-builtins': 0,
 	'no-unused-vars': 'error',
+	'no-irregular-whitespace': ['error', {
+		skipStrings: false,
+		skipComments: false,
+		skipRegExps: false,
+		skipTemplates: false
+	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 var nodeConfig = (config = {}) => ({ rules, languageOptions: node$1, ...config });

package/node.cjs CHANGED Viewed

@@ -35,6 +35,35 @@ const rules =  {
 	'no-async-promise-executor': 0,
 	'no-prototype-builtins': 0,
 	'no-unused-vars': 'error',
+	'no-irregular-whitespace': ['error', {
+		skipStrings: false,
+		skipComments: false,
+		skipRegExps: false,
+		skipTemplates: false
+	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 var node = (config = {}) => ({ rules, languageOptions: node$1, ...config });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@shgysk8zer0/eslint-config",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": " A shared ESLint config",
   "keywords": [
     "eslint",

package/rules.cjs CHANGED Viewed

@@ -11,6 +11,35 @@ const rules =  {
 	'no-async-promise-executor': 0,
 	'no-prototype-builtins': 0,
 	'no-unused-vars': 'error',
+	'no-irregular-whitespace': ['error', {
+		skipStrings: false,
+		skipComments: false,
+		skipRegExps: false,
+		skipTemplates: false
+	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 exports.rules = rules;

package/rules.js CHANGED Viewed

@@ -9,4 +9,33 @@ export const rules =  {
 	'no-async-promise-executor': 0,
 	'no-prototype-builtins': 0,
 	'no-unused-vars': 'error',
+	'no-irregular-whitespace': ['error', {
+		skipStrings: false,
+		skipComments: false,
+		skipRegExps: false,
+		skipTemplates: false
+	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };