eslint-plugin-crypto 2.1.1 → 2.2.1

package/LICENSE

@@ -19,3 +19,5 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+
+

package/README.md

@@ -16,7 +16,8 @@
 
 ## Description
 
-This plugin enforces cryptographic best practices and modern security standards specifically for Node.js environments. It assists developers in avoiding weak algorithms and insecure implementations by flagging potential risks directly in the code. By integrating these checks, you can ensure that your application's data protection measures are robust and compliant with industry standards.
+This plugin provides Cryptographic security rules enforcing best practices and modern standards (Node.js crypto).
+By using this plugin, you can proactively identify and mitigate security risks across your entire codebase.
 
 ## Philosophy
 
@@ -36,7 +37,6 @@ npm install eslint-plugin-crypto --save-dev
 ```
 
 ## 💡 What You Get
-
 - **24 security rules** covering cryptographic best practices
 - **CVE detection** for CVE-2023-46809, CVE-2020-36732, CVE-2023-46233
 - **OWASP Top 10 coverage** for cryptographic vulnerabilities
@@ -44,7 +44,6 @@ npm install eslint-plugin-crypto --save-dev
 - **Package support** for crypto-hash, crypto-random-string, crypto-js
 
 ## Features
-
 - 🔐 **24 Rules** covering crypto best practices
 - 🎯 **CVE Detection** (CVE-2023-46809, CVE-2020-36732, CVE-2023-46233)
 - 🤖 **AI-Optimized** messages with CWE references
@@ -52,7 +51,6 @@ npm install eslint-plugin-crypto --save-dev
 - 📦 **Package Support** for crypto-hash, crypto-random-string, crypto-js
 
 ## ⚙️ Configuration Presets
-
 | Preset               | Description                                  |
 | :------------------- | :------------------------------------------- |
 | `recommended`        | Balanced security defaults for most projects |
@@ -62,14 +60,12 @@ npm install eslint-plugin-crypto --save-dev
 | `cve-focused`        | Rules targeting specific CVEs                |
 
 ## 📚 Supported Libraries
-
 | Library            | npm                                                                                                                | Downloads                                                                                                              | Detection                         |
 | ------------------ | ------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
 | `crypto` (Node.js) | [![node](https://img.shields.io/badge/node-built--in-green?style=flat-square)](https://nodejs.org/api/crypto.html) | -                                                                                                                      | Weak Algo, Key Length, Randomness |
 | `crypto-js`        | [![npm](https://img.shields.io/npm/v/crypto-js.svg?style=flat-square)](https://www.npmjs.com/package/crypto-js)    | [![downloads](https://img.shields.io/npm/dt/crypto-js.svg?style=flat-square)](https://www.npmjs.com/package/crypto-js) | Legacy patterns, Weak PRNG        |
 
 ## Examples
-
 ### ❌ Bad
 
 ```javascript
@@ -103,7 +99,6 @@ if (crypto.timingSafeEqual(Buffer.from(userToken), Buffer.from(storedToken))) {
 ```
 
 ## Peer Dependencies (Optional)
-
 ```json
 {
   "crypto-hash": ">=3.0.0",
@@ -112,87 +107,54 @@ if (crypto.timingSafeEqual(Buffer.from(userToken), Buffer.from(storedToken))) {
 }
 ```
 
-## AI-Optimized Messages
-
-This plugin is optimized for ESLint's [Model Context Protocol (MCP)](https://eslint.org/docs/latest/use/mcp), enabling AI assistants like **Cursor**, **GitHub Copilot**, and **Claude** to:
-
-- Understand the exact vulnerability type via CWE references
-- Apply the correct fix using structured guidance
-- Provide educational context to developers
-
-```json
-// .cursor/mcp.json
-{
-  "mcpServers": {
-    "eslint": {
-      "command": "npx",
-      "args": ["@eslint/mcp@latest"]
-    }
-  }
-}
-```
-
-By providing this structured context (CWE, OWASP, Fix), we enable AI tools to **reason** about the security flaw rather than hallucinating. This allows Copilot/Cursor to suggest the _exact_ correct fix immediately.
-
 ## Rules
 
 **Legend**
 
-| Icon | Description                                                        |
-| :--: | :----------------------------------------------------------------- |
-|  💼  | **Recommended**: Included in the recommended preset.               |
-|  ⚠️  | **Warns**: Set towarn in recommended preset.                       |
-|  🔧  | **Auto-fixable**: Automatically fixable by the `--fix` CLI option. |
-|  💡  | **Suggestions**: Providing code suggestions in IDE.                |
-|  🚫  | **Deprecated**: This rule is deprecated.                           |
-
-| Rule                                                                                                                  |   CWE   |  OWASP   | CVSS | Description                                                                        | 💼  | ⚠️  | 🔧  | 💡  | 🚫  |
-| :-------------------------------------------------------------------------------------------------------------------- | :-----: | :------: | :--: | :--------------------------------------------------------------------------------- | :-: | :-: | :-: | :-: | :-: |
-| [no-weak-hash-algorithm](https://eslint.interlace.tools/docs/crypto/rules/no-weak-hash-algorithm)                     | CWE-327 | A02:2025 | 7.5  | [no-weak-hash-algorithm](docs/rules/no-weak-hash-algorithm.md)                     | 💼  |     |     | 💡  |     |
-| [no-weak-cipher-algorithm](https://eslint.interlace.tools/docs/crypto/rules/no-weak-cipher-algorithm)                 | CWE-327 | A02:2025 | 7.5  | [no-weak-cipher-algorithm](docs/rules/no-weak-cipher-algorithm.md)                 | 💼  |     |     | 💡  |     |
-| [no-deprecated-cipher-method](https://eslint.interlace.tools/docs/crypto/rules/no-deprecated-cipher-method)           | CWE-327 | A02:2025 | 5.0  | [no-deprecated-cipher-method](docs/rules/no-deprecated-cipher-method.md)           | 💼  |     |     | 💡  |     |
-| [no-static-iv](https://eslint.interlace.tools/docs/crypto/rules/no-static-iv)                                         | CWE-329 | A02:2025 | 7.5  | [no-static-iv](docs/rules/no-static-iv.md)                                         | 💼  |     |     | 💡  |     |
-| [no-ecb-mode](https://eslint.interlace.tools/docs/crypto/rules/no-ecb-mode)                                           | CWE-327 | A02:2025 | 7.5  | [no-ecb-mode](docs/rules/no-ecb-mode.md)                                           | 💼  |     |     | 💡  |     |
-| [no-insecure-key-derivation](https://eslint.interlace.tools/docs/crypto/rules/no-insecure-key-derivation)             | CWE-916 | A02:2025 | 7.5  | [no-insecure-key-derivation](docs/rules/no-insecure-key-derivation.md)             | 💼  |     |     | 💡  |     |
-| [no-hardcoded-crypto-key](https://eslint.interlace.tools/docs/crypto/rules/no-hardcoded-crypto-key)                   | CWE-321 | A02:2025 | 9.8  | [no-hardcoded-crypto-key](docs/rules/no-hardcoded-crypto-key.md)                   | 💼  |     |     | 💡  |     |
-| [require-random-iv](https://eslint.interlace.tools/docs/crypto/rules/require-random-iv)                               | CWE-329 | A02:2025 | 7.5  | [require-random-iv](docs/rules/require-random-iv.md)                               | 💼  | ⚠️  |     | 💡  |     |
-| [no-insecure-rsa-padding](https://eslint.interlace.tools/docs/crypto/rules/no-insecure-rsa-padding)                   | CWE-327 | A02:2025 | 7.4  | [no-insecure-rsa-padding](docs/rules/no-insecure-rsa-padding.md)                   | 💼  |     |     | 💡  |     |
-| [no-cryptojs-weak-random](https://eslint.interlace.tools/docs/crypto/rules/no-cryptojs-weak-random)                   | CWE-338 | A02:2025 | 5.3  | [no-cryptojs-weak-random](docs/rules/no-cryptojs-weak-random.md)                   | 💼  |     |     | 💡  |     |
-| [require-secure-pbkdf2-digest](https://eslint.interlace.tools/docs/crypto/rules/require-secure-pbkdf2-digest)         | CWE-916 | A02:2025 | 9.1  | [require-secure-pbkdf2-digest](docs/rules/require-secure-pbkdf2-digest.md)         | 💼  |     |     | 💡  |     |
-| [no-math-random-crypto](https://eslint.interlace.tools/docs/crypto/rules/no-math-random-crypto)                       | CWE-338 | A07:2025 | 5.3  | [no-math-random-crypto](docs/rules/no-math-random-crypto.md)                       | 💼  |     |     | 💡  |     |
-| [no-predictable-salt](https://eslint.interlace.tools/docs/crypto/rules/no-predictable-salt)                           | CWE-331 | A07:2025 | 7.5  | [no-predictable-salt](docs/rules/no-predictable-salt.md)                           | 💼  |     |     | 💡  |     |
-| [require-authenticated-encryption](https://eslint.interlace.tools/docs/crypto/rules/require-authenticated-encryption) | CWE-327 | A04:2025 | 6.5  | [require-authenticated-encryption](docs/rules/require-authenticated-encryption.md) | 💼  | ⚠️  |     | 💡  |     |
-| [no-key-reuse](https://eslint.interlace.tools/docs/crypto/rules/no-key-reuse)                                         | CWE-323 | A02:2025 | 7.5  | [no-key-reuse](docs/rules/no-key-reuse.md)                                         | 💼  | ⚠️  |     | 💡  |     |
-| [no-self-signed-certs](https://eslint.interlace.tools/docs/crypto/rules/no-self-signed-certs)                         | CWE-295 | A05:2025 | 7.5  | [no-self-signed-certs](docs/rules/no-self-signed-certs.md)                         | 💼  |     |     | 💡  |     |
-| [no-timing-unsafe-compare](https://eslint.interlace.tools/docs/crypto/rules/no-timing-unsafe-compare)                 | CWE-208 | A02:2025 | 5.9  | [no-timing-unsafe-compare](docs/rules/no-timing-unsafe-compare.md)                 | 💼  | ⚠️  |     | 💡  |     |
-| [require-key-length](https://eslint.interlace.tools/docs/crypto/rules/require-key-length)                             | CWE-326 | A02:2025 | 7.5  | [require-key-length](docs/rules/require-key-length.md)                             | 💼  | ⚠️  |     | 💡  |     |
-| [no-web-crypto-export](https://eslint.interlace.tools/docs/crypto/rules/no-web-crypto-export)                         | CWE-321 | A02:2025 | 5.0  | [no-web-crypto-export](docs/rules/no-web-crypto-export.md)                         | 💼  | ⚠️  |     | 💡  |     |
-| [no-sha1-hash](https://eslint.interlace.tools/docs/crypto/rules/no-sha1-hash)                                         | CWE-327 | A02:2025 | 7.5  | [no-sha1-hash](docs/rules/no-sha1-hash.md)                                         | 💼  |     |     | 💡  |     |
-| [require-sufficient-length](https://eslint.interlace.tools/docs/crypto/rules/require-sufficient-length)               | CWE-326 | A02:2025 | 7.5  | [require-sufficient-length](docs/rules/require-sufficient-length.md)               | 💼  | ⚠️  |     | 💡  |     |
-| [no-numeric-only-tokens](https://eslint.interlace.tools/docs/crypto/rules/no-numeric-only-tokens)                     | CWE-330 | A07:2025 | 5.3  | [no-numeric-only-tokens](docs/rules/no-numeric-only-tokens.md)                     | 💼  | ⚠️  |     | 💡  |     |
-| [no-cryptojs](https://eslint.interlace.tools/docs/crypto/rules/no-cryptojs)                                           | CWE-327 | A02:2025 | 5.0  | [no-cryptojs](docs/rules/no-cryptojs.md)                                           | 💼  | ⚠️  |     | 💡  |     |
-| [prefer-native-crypto](https://eslint.interlace.tools/docs/crypto/rules/prefer-native-crypto)                         | CWE-327 | A05:2025 | 5.0  | [prefer-native-crypto](docs/rules/prefer-native-crypto.md)                         | 💼  | ⚠️  |     | 💡  |     |
+| Icon | Description |
+| :---: | :--- |
+| 💼 | **Recommended**: Included in the recommended preset. |
+| ⚠️ | **Warns**: Set towarn in recommended preset. |
+| 🔧 | **Auto-fixable**: Automatically fixable by the `--fix` CLI option. |
+| 💡 | **Suggestions**: Providing code suggestions in IDE. |
+| 🚫 | **Deprecated**: This rule is deprecated. |
+
+| Rule | CWE | OWASP | CVSS | Description | 💼 | ⚠️ | 🔧 | 💡 | 🚫 |
+| :--- | :---: | :---: | :---: | :--- | :---: | :---: | :---: | :---: | :---: |
+| [no-hardcoded-crypto-key](https://eslint.interlace.tools/docs/crypto/rules/no-hardcoded-crypto-key) | CWE-321 | A02:2025 | 9.8 | Enforce no hardcoded crypto key | 💼 |  |  | 💡 |  |
+| [no-key-reuse](https://eslint.interlace.tools/docs/crypto/rules/no-key-reuse) | CWE-323 | A02:2025 | 7.5 | Enforce no key reuse | 💼 | ⚠️ |  | 💡 |  |
+| [no-math-random-crypto](https://eslint.interlace.tools/docs/crypto/rules/no-math-random-crypto) | CWE-338 | A07:2025 | 5.3 | Enforce no math random crypto | 💼 |  |  | 💡 |  |
+| [no-numeric-only-tokens](https://eslint.interlace.tools/docs/crypto/rules/no-numeric-only-tokens) | CWE-330 | A07:2025 | 5.3 | Enforce no numeric only tokens | 💼 | ⚠️ |  | 💡 |  |
+| [no-predictable-salt](https://eslint.interlace.tools/docs/crypto/rules/no-predictable-salt) | CWE-331 | A07:2025 | 7.5 | Enforce no predictable salt | 💼 |  |  | 💡 |  |
+| [no-web-crypto-export](https://eslint.interlace.tools/docs/crypto/rules/no-web-crypto-export) | CWE-321 | A02:2025 | 5.0 | Enforce no web crypto export | 💼 | ⚠️ |  | 💡 |  |
+| [require-authenticated-encryption](https://eslint.interlace.tools/docs/crypto/rules/require-authenticated-encryption) | CWE-327 | A04:2025 | 6.5 | Enforce require authenticated encryption | 💼 | ⚠️ |  | 💡 |  |
+| [require-key-length](https://eslint.interlace.tools/docs/crypto/rules/require-key-length) | CWE-326 | A02:2025 | 7.5 | Enforce require key length | 💼 | ⚠️ |  | 💡 |  |
+| [require-random-iv](https://eslint.interlace.tools/docs/crypto/rules/require-random-iv) | CWE-329 | A02:2025 | 7.5 | Enforce require random iv | 💼 | ⚠️ |  | 💡 |  |
+| [require-secure-pbkdf2-digest](https://eslint.interlace.tools/docs/crypto/rules/require-secure-pbkdf2-digest) | CWE-916 | A02:2025 | 9.1 | Enforce require secure pbkdf2 digest | 💼 |  |  | 💡 |  |
+| [require-sufficient-length](https://eslint.interlace.tools/docs/crypto/rules/require-sufficient-length) | CWE-326 | A02:2025 | 7.5 | Enforce require sufficient length | 💼 | ⚠️ |  | 💡 |  |
 
 ## 🔗 Related ESLint Plugins
 
 Part of the **Interlace ESLint Ecosystem** — AI-native security plugins with LLM-optimized error messages:
 
-| Plugin                                                                                               |                                                                              Downloads                                                                               | Description                                 |
-| :--------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------------------------------------------ |
-| [`eslint-plugin-secure-coding`](https://www.npmjs.com/package/eslint-plugin-secure-coding)           |      [![downloads](https://img.shields.io/npm/dt/eslint-plugin-secure-coding.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-secure-coding)      | General security rules & OWASP guidelines.  |
-| [`eslint-plugin-pg`](https://www.npmjs.com/package/eslint-plugin-pg)                                 |                 [![downloads](https://img.shields.io/npm/dt/eslint-plugin-pg.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-pg)                 | PostgreSQL security & best practices.       |
-| [`eslint-plugin-jwt`](https://www.npmjs.com/package/eslint-plugin-jwt)                               |                [![downloads](https://img.shields.io/npm/dt/eslint-plugin-jwt.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-jwt)                | JWT security & best practices.              |
-| [`eslint-plugin-browser-security`](https://www.npmjs.com/package/eslint-plugin-browser-security)     |   [![downloads](https://img.shields.io/npm/dt/eslint-plugin-browser-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-browser-security)   | Browser-specific security & XSS prevention. |
-| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-vercel-ai-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security rules.               |
-| [`eslint-plugin-express-security`](https://www.npmjs.com/package/eslint-plugin-express-security)     |   [![downloads](https://img.shields.io/npm/dt/eslint-plugin-express-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-express-security)   | Express.js security hardening rules.        |
-| [`eslint-plugin-lambda-security`](https://www.npmjs.com/package/eslint-plugin-lambda-security)       |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-lambda-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-lambda-security)    | AWS Lambda security best practices.         |
-| [`eslint-plugin-nestjs-security`](https://www.npmjs.com/package/eslint-plugin-nestjs-security)       |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-nestjs-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-nestjs-security)    | NestJS security rules & patterns.           |
-| [`eslint-plugin-import-next`](https://www.npmjs.com/package/eslint-plugin-import-next)               |        [![downloads](https://img.shields.io/npm/dt/eslint-plugin-import-next.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-import-next)        | Next-gen import sorting & architecture.     |
+| Plugin | Downloads | Description |
+| :--- | :---: | :--- |
+| [`eslint-plugin-secure-coding`](https://www.npmjs.com/package/eslint-plugin-secure-coding) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-secure-coding.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-secure-coding) | General security rules & OWASP guidelines. |
+| [`eslint-plugin-pg`](https://www.npmjs.com/package/eslint-plugin-pg) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-pg.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-pg) | PostgreSQL security & best practices. |
+| [`eslint-plugin-crypto`](https://www.npmjs.com/package/eslint-plugin-crypto) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-crypto.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-crypto) | NodeJS Cryptography security rules. |
+| [`eslint-plugin-jwt`](https://www.npmjs.com/package/eslint-plugin-jwt) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-jwt.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-jwt) | JWT security & best practices. |
+| [`eslint-plugin-browser-security`](https://www.npmjs.com/package/eslint-plugin-browser-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-browser-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-browser-security) | Browser-specific security & XSS prevention. |
+| [`eslint-plugin-express-security`](https://www.npmjs.com/package/eslint-plugin-express-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-express-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-express-security) | Express.js security hardening rules. |
+| [`eslint-plugin-lambda-security`](https://www.npmjs.com/package/eslint-plugin-lambda-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-lambda-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-lambda-security) | AWS Lambda security best practices. |
+| [`eslint-plugin-nestjs-security`](https://www.npmjs.com/package/eslint-plugin-nestjs-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-nestjs-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-nestjs-security) | NestJS security rules & patterns. |
+| [`eslint-plugin-mongodb-security`](https://www.npmjs.com/package/eslint-plugin-mongodb-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-mongodb-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-mongodb-security) | MongoDB security best practices. |
+| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-vercel-ai-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security hardening. |
+| [`eslint-plugin-import-next`](https://www.npmjs.com/package/eslint-plugin-import-next) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-import-next.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-import-next) | Next-gen import sorting & architecture. |
 
 ## 📄 License
 
 MIT © [Ofri Peretz](https://github.com/ofri-peretz)
 
 <p align="center">
-  <a href="https://eslint.interlace.tools/docs/crypto"><img src="https://eslint.interlace.tools/images/og-crypto.png" alt="ESLint Interlace Plugin" width="300" /></a>
-</p>
+  <a href="https://eslint.interlace.tools/docs/crypto"><img src="https://eslint.interlace.tools/images/og-crypto.png" alt="ESLint Interlace Plugin" width="100%" /></a>
+</p>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eslint-plugin-crypto",
-  "version": "2.1.1",
+  "version": "2.2.1",
   "description": "Security-focused ESLint plugin with 24 AI-parseable rules for cryptographic best practices. Detects weak algorithms, insecure key handling, CVE-specific vulnerabilities, and deprecated crypto patterns.",
   "type": "commonjs",
   "main": "./src/index.js",
@@ -17,10 +17,10 @@
   },
   "author": "Ofri Peretz <ofriperetzdev@gmail.com>",
   "license": "MIT",
-  "homepage": "https://github.com/ofri-peretz/eslint/blob/main/packages/eslint-plugin-crypto/README.md",
+  "homepage": "https://github.com/ofri-peretz/eslint/tree/main/packages/eslint-plugin-crypto#readme",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/ofri-peretz/eslint.git",
+    "url": "https://github.com/ofri-peretz/eslint",
     "directory": "packages/eslint-plugin-crypto"
   },
   "bugs": {
@@ -63,8 +63,8 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@interlace/eslint-devkit": "^1.2.1",
-    "tslib": "^2.3.0"
+    "tslib": "^2.3.0",
+    "@interlace/eslint-devkit": "^1.2.1"
   },
   "devDependencies": {
     "@typescript-eslint/parser": "^8.46.2",

package/src/index.d.ts

@@ -5,7 +5,7 @@
  */
 import type { TSESLint } from '@interlace/eslint-devkit';
 /**
- * Collection of all crypto security rules (24 total)
+ * Collection of crypto security rules (11 remaining in this deprecated plugin)
  */
 export declare const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>>;
 /**

package/src/index.js

@@ -10,79 +10,43 @@ const tslib_1 = require("tslib");
 /**
  * eslint-plugin-crypto
  *
- * Security-focused ESLint plugin with 24 rules for cryptographic best practices.
- * Covers Node.js crypto, crypto-hash, crypto-random-string, cryptojs, and Web Crypto.
+ * ⛔ DEPRECATED: This plugin is being phased out.
+ * Rules have been redistributed to:
+ * - node-security (18 rules for node:crypto hardening)
+ * - browser-security (1 rule for Web Crypto API)
+ * - secure-coding (5 rules for general crypto patterns)
  *
- * Features:
- * - LLM-optimized error messages with CWE references
- * - Auto-fix suggestions where safe
- * - OWASP-aligned recommendations
- * - CVE-specific detection (CVE-2023-46809, CVE-2020-36732, CVE-2023-46233)
+ * This plugin now contains only the remaining local rules.
  *
  * @see https://github.com/ofri-peretz/eslint/tree/main/packages/eslint-plugin-crypto
  */
-// Core Node.js crypto rules
-const no_weak_hash_algorithm_1 = require("./rules/no-weak-hash-algorithm");
-const no_weak_cipher_algorithm_1 = require("./rules/no-weak-cipher-algorithm");
-const no_deprecated_cipher_method_1 = require("./rules/no-deprecated-cipher-method");
-const no_static_iv_1 = require("./rules/no-static-iv");
-const no_ecb_mode_1 = require("./rules/no-ecb-mode");
-const no_insecure_key_derivation_1 = require("./rules/no-insecure-key-derivation");
+// Local rules that still exist in this plugin
 const no_hardcoded_crypto_key_1 = require("./rules/no-hardcoded-crypto-key");
-const require_random_iv_1 = require("./rules/require-random-iv");
-// crypto-hash package rules
-const no_sha1_hash_1 = require("./rules/no-sha1-hash");
-// crypto-random-string package rules
-const require_sufficient_length_1 = require("./rules/require-sufficient-length");
-const no_numeric_only_tokens_1 = require("./rules/no-numeric-only-tokens");
-// cryptojs package rules
-const no_cryptojs_1 = require("./rules/no-cryptojs");
-const no_cryptojs_weak_random_1 = require("./rules/no-cryptojs-weak-random");
-const prefer_native_crypto_1 = require("./rules/prefer-native-crypto");
-// NEW: CVE and advanced security rules
+const no_key_reuse_1 = require("./rules/no-key-reuse");
 const no_math_random_crypto_1 = require("./rules/no-math-random-crypto");
-const no_insecure_rsa_padding_1 = require("./rules/no-insecure-rsa-padding");
-const require_secure_pbkdf2_digest_1 = require("./rules/require-secure-pbkdf2-digest");
+const no_numeric_only_tokens_1 = require("./rules/no-numeric-only-tokens");
 const no_predictable_salt_1 = require("./rules/no-predictable-salt");
+const no_web_crypto_export_1 = require("./rules/no-web-crypto-export");
 const require_authenticated_encryption_1 = require("./rules/require-authenticated-encryption");
-const no_key_reuse_1 = require("./rules/no-key-reuse");
-const no_self_signed_certs_1 = require("./rules/no-self-signed-certs");
-const no_timing_unsafe_compare_1 = require("./rules/no-timing-unsafe-compare");
 const require_key_length_1 = require("./rules/require-key-length");
-const no_web_crypto_export_1 = require("./rules/no-web-crypto-export");
+const require_random_iv_1 = require("./rules/require-random-iv");
+const require_secure_pbkdf2_digest_1 = require("./rules/require-secure-pbkdf2-digest");
+const require_sufficient_length_1 = require("./rules/require-sufficient-length");
 /**
- * Collection of all crypto security rules (24 total)
+ * Collection of crypto security rules (11 remaining in this deprecated plugin)
  */
 exports.rules = {
-    // Core Node.js crypto rules (8)
-    'no-weak-hash-algorithm': no_weak_hash_algorithm_1.noWeakHashAlgorithm,
-    'no-weak-cipher-algorithm': no_weak_cipher_algorithm_1.noWeakCipherAlgorithm,
-    'no-deprecated-cipher-method': no_deprecated_cipher_method_1.noDeprecatedCipherMethod,
-    'no-static-iv': no_static_iv_1.noStaticIv,
-    'no-ecb-mode': no_ecb_mode_1.noEcbMode,
-    'no-insecure-key-derivation': no_insecure_key_derivation_1.noInsecureKeyDerivation,
     'no-hardcoded-crypto-key': no_hardcoded_crypto_key_1.noHardcodedCryptoKey,
-    'require-random-iv': require_random_iv_1.requireRandomIv,
-    // crypto-hash package rules (1)
-    'no-sha1-hash': no_sha1_hash_1.noSha1Hash,
-    // crypto-random-string package rules (2)
-    'require-sufficient-length': require_sufficient_length_1.requireSufficientLength,
-    'no-numeric-only-tokens': no_numeric_only_tokens_1.noNumericOnlyTokens,
-    // cryptojs package rules (3)
-    'no-cryptojs': no_cryptojs_1.noCryptojs,
-    'no-cryptojs-weak-random': no_cryptojs_weak_random_1.noCryptojsWeakRandom,
-    'prefer-native-crypto': prefer_native_crypto_1.preferNativeCrypto,
-    // Advanced security rules (10)
+    'no-key-reuse': no_key_reuse_1.noKeyReuse,
     'no-math-random-crypto': no_math_random_crypto_1.noMathRandomCrypto,
-    'no-insecure-rsa-padding': no_insecure_rsa_padding_1.noInsecureRsaPadding,
-    'require-secure-pbkdf2-digest': require_secure_pbkdf2_digest_1.requireSecurePbkdf2Digest,
+    'no-numeric-only-tokens': no_numeric_only_tokens_1.noNumericOnlyTokens,
     'no-predictable-salt': no_predictable_salt_1.noPredictableSalt,
+    'no-web-crypto-export': no_web_crypto_export_1.noWebCryptoExport,
     'require-authenticated-encryption': require_authenticated_encryption_1.requireAuthenticatedEncryption,
-    'no-key-reuse': no_key_reuse_1.noKeyReuse,
-    'no-self-signed-certs': no_self_signed_certs_1.noSelfSignedCerts,
-    'no-timing-unsafe-compare': no_timing_unsafe_compare_1.noTimingUnsafeCompare,
     'require-key-length': require_key_length_1.requireKeyLength,
-    'no-web-crypto-export': no_web_crypto_export_1.noWebCryptoExport,
+    'require-random-iv': require_random_iv_1.requireRandomIv,
+    'require-secure-pbkdf2-digest': require_secure_pbkdf2_digest_1.requireSecurePbkdf2Digest,
+    'require-sufficient-length': require_sufficient_length_1.requireSufficientLength,
 };
 /**
  * ESLint Plugin object
@@ -98,33 +62,17 @@ exports.plugin = {
  * Recommended rules - balanced between security and practicality
  */
 const recommendedRules = {
-    // Critical - Always error
-    'crypto/no-weak-hash-algorithm': 'error',
-    'crypto/no-weak-cipher-algorithm': 'error',
-    'crypto/no-deprecated-cipher-method': 'error',
     'crypto/no-hardcoded-crypto-key': 'error',
-    'crypto/no-ecb-mode': 'error',
-    'crypto/no-cryptojs-weak-random': 'error',
     'crypto/no-math-random-crypto': 'error',
-    'crypto/no-insecure-rsa-padding': 'error',
-    'crypto/no-self-signed-certs': 'error',
-    // High - Error for most projects
-    'crypto/no-static-iv': 'error',
-    'crypto/no-insecure-key-derivation': 'error',
-    'crypto/require-random-iv': 'warn',
-    'crypto/no-sha1-hash': 'error',
     'crypto/require-secure-pbkdf2-digest': 'error',
     'crypto/no-predictable-salt': 'error',
-    'crypto/no-timing-unsafe-compare': 'warn',
-    // Medium - Warnings
     'crypto/require-sufficient-length': 'warn',
     'crypto/no-numeric-only-tokens': 'warn',
-    'crypto/no-cryptojs': 'warn',
-    'crypto/prefer-native-crypto': 'warn',
     'crypto/require-authenticated-encryption': 'warn',
     'crypto/no-key-reuse': 'warn',
     'crypto/require-key-length': 'warn',
     'crypto/no-web-crypto-export': 'warn',
+    'crypto/require-random-iv': 'warn',
 };
 /**
  * Preset configurations
@@ -148,64 +96,6 @@ exports.configs = {
         },
         rules: Object.fromEntries(Object.keys(exports.rules).map(ruleName => [`crypto/${ruleName}`, 'error'])),
     },
-    /**
-     * CryptoJS migration configuration
-     * For teams migrating from crypto-js to native crypto
-     */
-    'cryptojs-migration': {
-        plugins: {
-            crypto: exports.plugin,
-        },
-        rules: {
-            'crypto/no-cryptojs': 'error',
-            'crypto/no-cryptojs-weak-random': 'error',
-            'crypto/prefer-native-crypto': 'error',
-        },
-    },
-    /**
-     * Node.js-only configuration
-     * Only Node.js crypto rules, no package-specific rules
-     */
-    'nodejs-only': {
-        plugins: {
-            crypto: exports.plugin,
-        },
-        rules: {
-            'crypto/no-weak-hash-algorithm': 'error',
-            'crypto/no-weak-cipher-algorithm': 'error',
-            'crypto/no-deprecated-cipher-method': 'error',
-            'crypto/no-static-iv': 'error',
-            'crypto/no-ecb-mode': 'error',
-            'crypto/no-insecure-key-derivation': 'error',
-            'crypto/no-hardcoded-crypto-key': 'error',
-            'crypto/require-random-iv': 'warn',
-            'crypto/no-math-random-crypto': 'error',
-            'crypto/no-insecure-rsa-padding': 'error',
-            'crypto/require-secure-pbkdf2-digest': 'error',
-            'crypto/no-predictable-salt': 'error',
-            'crypto/require-authenticated-encryption': 'warn',
-            'crypto/no-key-reuse': 'warn',
-            'crypto/no-self-signed-certs': 'error',
-            'crypto/no-timing-unsafe-compare': 'warn',
-            'crypto/require-key-length': 'warn',
-        },
-    },
-    /**
-     * CVE-focused configuration
-     * Rules specifically targeting known CVEs
-     */
-    'cve-focused': {
-        plugins: {
-            crypto: exports.plugin,
-        },
-        rules: {
-            'crypto/no-insecure-rsa-padding': 'error', // CVE-2023-46809 (Marvin Attack)
-            'crypto/no-cryptojs-weak-random': 'error', // CVE-2020-36732
-            'crypto/require-secure-pbkdf2-digest': 'error', // CVE-2023-46233
-            'crypto/no-weak-hash-algorithm': 'error', // Various CVEs
-            'crypto/no-weak-cipher-algorithm': 'error', // Various CVEs
-        },
-    },
 };
 /**
  * Default export for ESLint plugin

package/src/rules/no-hardcoded-crypto-key/index.d.ts

@@ -17,5 +17,7 @@ export interface Options {
     allowInTests?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const noHardcodedCryptoKey: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noHardcodedCryptoKey: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as NoHardcodedCryptoKeyOptions };

package/src/rules/no-key-reuse/index.d.ts

@@ -17,5 +17,7 @@ export interface Options {
     allowInTests?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const noKeyReuse: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noKeyReuse: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as NoKeyReuseOptions };

package/src/rules/no-math-random-crypto/index.d.ts

@@ -20,5 +20,7 @@ export interface Options {
     allowInTests?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const noMathRandomCrypto: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noMathRandomCrypto: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as NoMathRandomCryptoOptions };

package/src/rules/no-numeric-only-tokens/index.d.ts

@@ -18,5 +18,7 @@ export interface Options {
     allowedContexts?: string[];
 }
 type RuleOptions = [Options?];
-export declare const noNumericOnlyTokens: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noNumericOnlyTokens: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as NoNumericOnlyTokensOptions };

package/src/rules/no-predictable-salt/index.d.ts

@@ -17,5 +17,7 @@ export interface Options {
     minSaltLength?: number;
 }
 type RuleOptions = [Options?];
-export declare const noPredictableSalt: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noPredictableSalt: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as NoPredictableSaltOptions };

package/src/rules/no-web-crypto-export/index.d.ts

@@ -20,5 +20,7 @@ export interface Options {
     allowInTests?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const noWebCryptoExport: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noWebCryptoExport: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as NoWebCryptoExportOptions };

package/src/rules/require-authenticated-encryption/index.d.ts

@@ -20,5 +20,7 @@ export interface Options {
     allowInTests?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const requireAuthenticatedEncryption: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const requireAuthenticatedEncryption: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as RequireAuthenticatedEncryptionOptions };

package/src/rules/require-key-length/index.d.ts

@@ -17,5 +17,7 @@ export interface Options {
     minKeyBits?: number;
 }
 type RuleOptions = [Options?];
-export declare const requireKeyLength: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const requireKeyLength: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as RequireKeyLengthOptions };

package/src/rules/require-random-iv/index.d.ts

@@ -17,5 +17,7 @@ export interface Options {
     allowedSources?: string[];
 }
 type RuleOptions = [Options?];
-export declare const requireRandomIv: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const requireRandomIv: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as RequireRandomIvOptions };

package/src/rules/require-secure-pbkdf2-digest/index.d.ts

@@ -18,5 +18,7 @@ export interface Options {
     allowedDigests?: string[];
 }
 type RuleOptions = [Options?];
-export declare const requireSecurePbkdf2Digest: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const requireSecurePbkdf2Digest: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as RequireSecurePbkdf2DigestOptions };

package/src/rules/require-sufficient-length/index.d.ts

@@ -18,5 +18,7 @@ export interface Options {
     minLength?: number;
 }
 type RuleOptions = [Options?];
-export declare const requireSufficientLength: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const requireSufficientLength: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export type { Options as RequireSufficientLengthOptions };