@shgysk8zer0/eslint-config 1.0.8 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/CHANGELOG.md +15 -0
  2. package/README.md +1 -1
  3. package/browser.cjs +23 -0
  4. package/config.cjs +23 -0
  5. package/node.cjs +23 -0
  6. package/package.json +4 -1
  7. package/rules.cjs +23 -0
  8. package/rules.js +23 -0
package/CHANGELOG.md CHANGED
@@ -7,6 +7,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [v1.1.0] - 2026-06-14
11
+
12
+ ## Added
13
+ - Add Security policy
14
+ - Add npm config to harden installs
15
+
16
+ ### Changed
17
+ - Update Workflows with permissions
18
+ - Update contributiing guidelines
19
+
20
+ ## [v1.0.9] - 2026-03-18
21
+
22
+ ### Added
23
+ - Extend invisible character detection rules
24
+
10
25
  ## [v1.0.8] - 2026-03-18
11
26
 
12
27
  ### Added
package/README.md CHANGED
@@ -26,7 +26,7 @@ A shared ESLint config
26
26
 
27
27
  - [Code of Conduct](./.github/CODE_OF_CONDUCT.md)
28
28
  - [Contributing](./.github/CONTRIBUTING.md)
29
- <!-- - [Security Policy](./.github/SECURITY.md) -->
29
+ - [Security Policy](./.github/SECURITY.md)
30
30
 
31
31
  ## Purpose
32
32
 
package/browser.cjs CHANGED
@@ -58,6 +58,29 @@ const rules = {
58
58
  skipRegExps: false,
59
59
  skipTemplates: false
60
60
  }],
61
+ 'no-control-regex': 'error',
62
+ /* eslint-disable no-restricted-syntax, no-control-regex */
63
+ 'no-restricted-syntax': [
64
+ 'error',
65
+ {
66
+ // Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
67
+ selector: `
68
+ [value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
69
+ Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
70
+ `.replace(/\s+/g, ''),
71
+ message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
72
+ },
73
+ {
74
+ // Blocks C0 and C1 control characters (except tab/newline)
75
+ selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
76
+ message: 'Security Risk: Non-printing control characters detected.'
77
+ },
78
+ {
79
+ // Prevents spoofing variable names with tabs
80
+ selector: 'Identifier[name=/\t/]',
81
+ message: 'Variable names cannot contain tabs.'
82
+ }
83
+ ],
61
84
  };
62
85
 
63
86
  var browser = (config = {}) => ({ rules, languageOptions: browser$1, ...config });
package/config.cjs CHANGED
@@ -86,6 +86,29 @@ const rules = {
86
86
  skipRegExps: false,
87
87
  skipTemplates: false
88
88
  }],
89
+ 'no-control-regex': 'error',
90
+ /* eslint-disable no-restricted-syntax, no-control-regex */
91
+ 'no-restricted-syntax': [
92
+ 'error',
93
+ {
94
+ // Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
95
+ selector: `
96
+ [value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
97
+ Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
98
+ `.replace(/\s+/g, ''),
99
+ message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
100
+ },
101
+ {
102
+ // Blocks C0 and C1 control characters (except tab/newline)
103
+ selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
104
+ message: 'Security Risk: Non-printing control characters detected.'
105
+ },
106
+ {
107
+ // Prevents spoofing variable names with tabs
108
+ selector: 'Identifier[name=/\t/]',
109
+ message: 'Variable names cannot contain tabs.'
110
+ }
111
+ ],
89
112
  };
90
113
 
91
114
  var nodeConfig = (config = {}) => ({ rules, languageOptions: node$1, ...config });
package/node.cjs CHANGED
@@ -41,6 +41,29 @@ const rules = {
41
41
  skipRegExps: false,
42
42
  skipTemplates: false
43
43
  }],
44
+ 'no-control-regex': 'error',
45
+ /* eslint-disable no-restricted-syntax, no-control-regex */
46
+ 'no-restricted-syntax': [
47
+ 'error',
48
+ {
49
+ // Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
50
+ selector: `
51
+ [value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
52
+ Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
53
+ `.replace(/\s+/g, ''),
54
+ message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
55
+ },
56
+ {
57
+ // Blocks C0 and C1 control characters (except tab/newline)
58
+ selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
59
+ message: 'Security Risk: Non-printing control characters detected.'
60
+ },
61
+ {
62
+ // Prevents spoofing variable names with tabs
63
+ selector: 'Identifier[name=/\t/]',
64
+ message: 'Variable names cannot contain tabs.'
65
+ }
66
+ ],
44
67
  };
45
68
 
46
69
  var node = (config = {}) => ({ rules, languageOptions: node$1, ...config });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@shgysk8zer0/eslint-config",
3
- "version": "1.0.8",
3
+ "version": "1.1.0",
4
4
  "description": " A shared ESLint config",
5
5
  "keywords": [
6
6
  "eslint",
@@ -78,5 +78,8 @@
78
78
  "eslint": "^10.0.0",
79
79
  "globals": "^17.3.0",
80
80
  "rollup": "^4.57.1"
81
+ },
82
+ "allowScripts": {
83
+ "fsevents@2.3.3": true
81
84
  }
82
85
  }
package/rules.cjs CHANGED
@@ -17,6 +17,29 @@ const rules = {
17
17
  skipRegExps: false,
18
18
  skipTemplates: false
19
19
  }],
20
+ 'no-control-regex': 'error',
21
+ /* eslint-disable no-restricted-syntax, no-control-regex */
22
+ 'no-restricted-syntax': [
23
+ 'error',
24
+ {
25
+ // Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
26
+ selector: `
27
+ [value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
28
+ Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
29
+ `.replace(/\s+/g, ''),
30
+ message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
31
+ },
32
+ {
33
+ // Blocks C0 and C1 control characters (except tab/newline)
34
+ selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
35
+ message: 'Security Risk: Non-printing control characters detected.'
36
+ },
37
+ {
38
+ // Prevents spoofing variable names with tabs
39
+ selector: 'Identifier[name=/\t/]',
40
+ message: 'Variable names cannot contain tabs.'
41
+ }
42
+ ],
20
43
  };
21
44
 
22
45
  exports.rules = rules;
package/rules.js CHANGED
@@ -15,4 +15,27 @@ export const rules = {
15
15
  skipRegExps: false,
16
16
  skipTemplates: false
17
17
  }],
18
+ 'no-control-regex': 'error',
19
+ /* eslint-disable no-restricted-syntax, no-control-regex */
20
+ 'no-restricted-syntax': [
21
+ 'error',
22
+ {
23
+ // Blocks Bidi, Zero-Width, Invisible Ops, and Hangul Fillers
24
+ selector: `
25
+ [value=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/],
26
+ Identifier[name=/[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF\u3164\uFFA0\u115F\u1160]/]
27
+ `.replace(/\s+/g, ''),
28
+ message: 'Security Risk: Invisible or Bidi Unicode characters detected.'
29
+ },
30
+ {
31
+ // Blocks C0 and C1 control characters (except tab/newline)
32
+ selector: '[value=/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x9F]/]',
33
+ message: 'Security Risk: Non-printing control characters detected.'
34
+ },
35
+ {
36
+ // Prevents spoofing variable names with tabs
37
+ selector: 'Identifier[name=/\t/]',
38
+ message: 'Variable names cannot contain tabs.'
39
+ }
40
+ ],
18
41
  };