@shgysk8zer0/eslint-config 1.0.8 → 1.0.9

package/CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.0.9] - 2026-03-18
+
+### Added
+- Extend invisible character detection rules
+
 ## [v1.0.8] - 2026-03-18
 
 ### Added

package/browser.cjs

@@ -58,6 +58,29 @@ const rules =  {
 		skipRegExps: false,
 		skipTemplates: false
 	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 
 var browser = (config = {}) => ({ rules, languageOptions: browser$1, ...config });

package/config.cjs

@@ -86,6 +86,29 @@ const rules =  {
 		skipRegExps: false,
 		skipTemplates: false
 	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 
 var nodeConfig = (config = {}) => ({ rules, languageOptions: node$1, ...config });

package/node.cjs

@@ -41,6 +41,29 @@ const rules =  {
 		skipRegExps: false,
 		skipTemplates: false
 	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 
 var node = (config = {}) => ({ rules, languageOptions: node$1, ...config });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shgysk8zer0/eslint-config",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "description": " A shared ESLint config",
   "keywords": [
     "eslint",

package/rules.cjs

@@ -17,6 +17,29 @@ const rules =  {
 		skipRegExps: false,
 		skipTemplates: false
 	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };
 
 exports.rules = rules;

package/rules.js

@@ -15,4 +15,27 @@ export const rules =  {
 		skipRegExps: false,
 		skipTemplates: false
 	}],
+	'no-control-regex': 'error',
+	/* eslint-disable no-restricted-syntax, no-control-regex */
+	'no-restricted-syntax': [
+		'error',
+		{
+			// Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
+			selector: `
+				[value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
+				Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
+			`.replace(/\s+/g, ''),
+			message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
+		},
+		{
+			// Blocks C0 and C1 control characters (except tab/newline)
+			selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
+			message: 'Security Risk: Non-printing control characters detected.'
+		},
+		{
+			// Prevents spoofing variable names with tabs
+			selector: 'Identifier[name=/\t/]',
+			message: 'Variable names cannot contain tabs.'
+		}
+	],
 };