npm - eslint-plugin-crypto - Versions diffs - 2.2.0 → 2.2.2 - Mend

eslint-plugin-crypto 2.2.0 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,23 @@
+MIT License
+Copyright (c) 2025 Ofri Peretz
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -16,7 +16,8 @@
 ## Description
-This plugin enforces cryptographic best practices and modern security standards specifically for Node.js environments. It assists developers in avoiding weak algorithms and insecure implementations by flagging potential risks directly in the code. By integrating these checks, you can ensure that your application's data protection measures are robust and compliant with industry standards.
+This plugin provides Cryptographic security rules enforcing best practices and modern standards (Node.js crypto).
+By using this plugin, you can proactively identify and mitigate security risks across your entire codebase.
 ## Philosophy
@@ -36,7 +37,6 @@ npm install eslint-plugin-crypto --save-dev
 ```
 ## 💡 What You Get
 - **24 security rules** covering cryptographic best practices
 - **CVE detection** for CVE-2023-46809, CVE-2020-36732, CVE-2023-46233
 - **OWASP Top 10 coverage** for cryptographic vulnerabilities
@@ -44,7 +44,6 @@ npm install eslint-plugin-crypto --save-dev
 - **Package support** for crypto-hash, crypto-random-string, crypto-js
 ## Features
 - 🔐 **24 Rules** covering crypto best practices
 - 🎯 **CVE Detection** (CVE-2023-46809, CVE-2020-36732, CVE-2023-46233)
 - 🤖 **AI-Optimized** messages with CWE references
@@ -52,7 +51,6 @@ npm install eslint-plugin-crypto --save-dev
 - 📦 **Package Support** for crypto-hash, crypto-random-string, crypto-js
 ## ⚙️ Configuration Presets
 | Preset               | Description                                  |
 | :------------------- | :------------------------------------------- |
 | `recommended`        | Balanced security defaults for most projects |
@@ -62,14 +60,12 @@ npm install eslint-plugin-crypto --save-dev
 | `cve-focused`        | Rules targeting specific CVEs                |
 ## 📚 Supported Libraries
 | Library            | npm                                                                                                                | Downloads                                                                                                              | Detection                         |
 | ------------------ | ------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
 | `crypto` (Node.js) | [![node](https://img.shields.io/badge/node-built--in-green?style=flat-square)](https://nodejs.org/api/crypto.html) | -                                                                                                                      | Weak Algo, Key Length, Randomness |
 | `crypto-js`        | [![npm](https://img.shields.io/npm/v/crypto-js.svg?style=flat-square)](https://www.npmjs.com/package/crypto-js)    | [![downloads](https://img.shields.io/npm/dt/crypto-js.svg?style=flat-square)](https://www.npmjs.com/package/crypto-js) | Legacy patterns, Weak PRNG        |
 ## Examples
 ### ❌ Bad
 ```javascript
@@ -103,7 +99,6 @@ if (crypto.timingSafeEqual(Buffer.from(userToken), Buffer.from(storedToken))) {
 ```
 ## Peer Dependencies (Optional)
 ```json
 {
   "crypto-hash": ">=3.0.0",
@@ -112,89 +107,54 @@ if (crypto.timingSafeEqual(Buffer.from(userToken), Buffer.from(storedToken))) {
 }
 ```
-## AI-Optimized Messages
-This plugin is optimized for ESLint's [Model Context Protocol (MCP)](https://eslint.org/docs/latest/use/mcp), enabling AI assistants like **Cursor**, **GitHub Copilot**, and **Claude** to:
-- Understand the exact vulnerability type via CWE references
-- Apply the correct fix using structured guidance
-- Provide educational context to developers
-```json
-// .cursor/mcp.json
-{
-  "mcpServers": {
-    "eslint": {
-      "command": "npx",
-      "args": ["@eslint/mcp@latest"]
-    }
-  }
-}
-```
-By providing this structured context (CWE, OWASP, Fix), we enable AI tools to **reason** about the security flaw rather than hallucinating. This allows Copilot/Cursor to suggest the _exact_ correct fix immediately.
 ## Rules
 **Legend**
-| Icon | Description                                                        |
-| :--: | :----------------------------------------------------------------- |
-|  💼  | **Recommended**: Included in the recommended preset.               |
-|  ⚠️  | **Warns**: Set towarn in recommended preset.                       |
-|  🔧  | **Auto-fixable**: Automatically fixable by the `--fix` CLI option. |
-|  💡  | **Suggestions**: Providing code suggestions in IDE.                |
-|  🚫  | **Deprecated**: This rule is deprecated.                           |
-| Rule                                                                                                                  |   CWE   |  OWASP   | CVSS | Description                                                                        | 💼  | ⚠️  | 🔧  | 💡  | 🚫  |
-| :-------------------------------------------------------------------------------------------------------------------- | :-----: | :------: | :--: | :--------------------------------------------------------------------------------- | :-: | :-: | :-: | :-: | :-: |
-| [no-weak-hash-algorithm](https://eslint.interlace.tools/docs/crypto/rules/no-weak-hash-algorithm)                     | CWE-327 | A02:2025 | 7.5  | [no-weak-hash-algorithm](docs/rules/no-weak-hash-algorithm.md)                     | 💼  |     |     | 💡  |     |
-| [no-weak-cipher-algorithm](https://eslint.interlace.tools/docs/crypto/rules/no-weak-cipher-algorithm)                 | CWE-327 | A02:2025 | 7.5  | [no-weak-cipher-algorithm](docs/rules/no-weak-cipher-algorithm.md)                 | 💼  |     |     | 💡  |     |
-| [no-deprecated-cipher-method](https://eslint.interlace.tools/docs/crypto/rules/no-deprecated-cipher-method)           | CWE-327 | A02:2025 | 5.0  | [no-deprecated-cipher-method](docs/rules/no-deprecated-cipher-method.md)           | 💼  |     |     | 💡  |     |
-| [no-static-iv](https://eslint.interlace.tools/docs/crypto/rules/no-static-iv)                                         | CWE-329 | A02:2025 | 7.5  | [no-static-iv](docs/rules/no-static-iv.md)                                         | 💼  |     |     | 💡  |     |
-| [no-ecb-mode](https://eslint.interlace.tools/docs/crypto/rules/no-ecb-mode)                                           | CWE-327 | A02:2025 | 7.5  | [no-ecb-mode](docs/rules/no-ecb-mode.md)                                           | 💼  |     |     | 💡  |     |
-| [no-insecure-key-derivation](https://eslint.interlace.tools/docs/crypto/rules/no-insecure-key-derivation)             | CWE-916 | A02:2025 | 7.5  | [no-insecure-key-derivation](docs/rules/no-insecure-key-derivation.md)             | 💼  |     |     | 💡  |     |
-| [no-hardcoded-crypto-key](https://eslint.interlace.tools/docs/crypto/rules/no-hardcoded-crypto-key)                   | CWE-321 | A02:2025 | 9.8  | [no-hardcoded-crypto-key](docs/rules/no-hardcoded-crypto-key.md)                   | 💼  |     |     | 💡  |     |
-| [require-random-iv](https://eslint.interlace.tools/docs/crypto/rules/require-random-iv)                               | CWE-329 | A02:2025 | 7.5  | [require-random-iv](docs/rules/require-random-iv.md)                               | 💼  | ⚠️  |     | 💡  |     |
-| [no-insecure-rsa-padding](https://eslint.interlace.tools/docs/crypto/rules/no-insecure-rsa-padding)                   | CWE-327 | A02:2025 | 7.4  | [no-insecure-rsa-padding](docs/rules/no-insecure-rsa-padding.md)                   | 💼  |     |     | 💡  |     |
-| [no-cryptojs-weak-random](https://eslint.interlace.tools/docs/crypto/rules/no-cryptojs-weak-random)                   | CWE-338 | A02:2025 | 5.3  | [no-cryptojs-weak-random](docs/rules/no-cryptojs-weak-random.md)                   | 💼  |     |     | 💡  |     |
-| [require-secure-pbkdf2-digest](https://eslint.interlace.tools/docs/crypto/rules/require-secure-pbkdf2-digest)         | CWE-916 | A02:2025 | 9.1  | [require-secure-pbkdf2-digest](docs/rules/require-secure-pbkdf2-digest.md)         | 💼  |     |     | 💡  |     |
-| [no-math-random-crypto](https://eslint.interlace.tools/docs/crypto/rules/no-math-random-crypto)                       | CWE-338 | A07:2025 | 5.3  | [no-math-random-crypto](docs/rules/no-math-random-crypto.md)                       | 💼  |     |     | 💡  |     |
-| [no-predictable-salt](https://eslint.interlace.tools/docs/crypto/rules/no-predictable-salt)                           | CWE-331 | A07:2025 | 7.5  | [no-predictable-salt](docs/rules/no-predictable-salt.md)                           | 💼  |     |     | 💡  |     |
-| [require-authenticated-encryption](https://eslint.interlace.tools/docs/crypto/rules/require-authenticated-encryption) | CWE-327 | A04:2025 | 6.5  | [require-authenticated-encryption](docs/rules/require-authenticated-encryption.md) | 💼  | ⚠️  |     | 💡  |     |
-| [no-key-reuse](https://eslint.interlace.tools/docs/crypto/rules/no-key-reuse)                                         | CWE-323 | A02:2025 | 7.5  | [no-key-reuse](docs/rules/no-key-reuse.md)                                         | 💼  | ⚠️  |     | 💡  |     |
-| [no-self-signed-certs](https://eslint.interlace.tools/docs/crypto/rules/no-self-signed-certs)                         | CWE-295 | A05:2025 | 7.5  | [no-self-signed-certs](docs/rules/no-self-signed-certs.md)                         | 💼  |     |     | 💡  |     |
-| [no-timing-unsafe-compare](https://eslint.interlace.tools/docs/crypto/rules/no-timing-unsafe-compare)                 | CWE-208 | A02:2025 | 5.9  | [no-timing-unsafe-compare](docs/rules/no-timing-unsafe-compare.md)                 | 💼  | ⚠️  |     | 💡  |     |
-| [require-key-length](https://eslint.interlace.tools/docs/crypto/rules/require-key-length)                             | CWE-326 | A02:2025 | 7.5  | [require-key-length](docs/rules/require-key-length.md)                             | 💼  | ⚠️  |     | 💡  |     |
-| [no-web-crypto-export](https://eslint.interlace.tools/docs/crypto/rules/no-web-crypto-export)                         | CWE-321 | A02:2025 | 5.0  | [no-web-crypto-export](docs/rules/no-web-crypto-export.md)                         | 💼  | ⚠️  |     | 💡  |     |
-| [no-sha1-hash](https://eslint.interlace.tools/docs/crypto/rules/no-sha1-hash)                                         | CWE-327 | A02:2025 | 7.5  | [no-sha1-hash](docs/rules/no-sha1-hash.md)                                         | 💼  |     |     | 💡  |     |
-| [require-sufficient-length](https://eslint.interlace.tools/docs/crypto/rules/require-sufficient-length)               | CWE-326 | A02:2025 | 7.5  | [require-sufficient-length](docs/rules/require-sufficient-length.md)               | 💼  | ⚠️  |     | 💡  |     |
-| [no-numeric-only-tokens](https://eslint.interlace.tools/docs/crypto/rules/no-numeric-only-tokens)                     | CWE-330 | A07:2025 | 5.3  | [no-numeric-only-tokens](docs/rules/no-numeric-only-tokens.md)                     | 💼  | ⚠️  |     | 💡  |     |
-| [no-cryptojs](https://eslint.interlace.tools/docs/crypto/rules/no-cryptojs)                                           | CWE-327 | A02:2025 | 5.0  | [no-cryptojs](docs/rules/no-cryptojs.md)                                           | 💼  | ⚠️  |     | 💡  |     |
-| [prefer-native-crypto](https://eslint.interlace.tools/docs/crypto/rules/prefer-native-crypto)                         | CWE-327 | A05:2025 | 5.0  | [prefer-native-crypto](docs/rules/prefer-native-crypto.md)                         | 💼  | ⚠️  |     | 💡  |     |
+| Icon | Description |
+| :---: | :--- |
+| 💼 | **Recommended**: Included in the recommended preset. |
+| ⚠️ | **Warns**: Set towarn in recommended preset. |
+| 🔧 | **Auto-fixable**: Automatically fixable by the `--fix` CLI option. |
+| 💡 | **Suggestions**: Providing code suggestions in IDE. |
+| 🚫 | **Deprecated**: This rule is deprecated. |
+| Rule | CWE | OWASP | CVSS | Description | 💼 | ⚠️ | 🔧 | 💡 | 🚫 |
+| :--- | :---: | :---: | :---: | :--- | :---: | :---: | :---: | :---: | :---: |
+| [no-hardcoded-crypto-key](https://eslint.interlace.tools/docs/crypto/rules/no-hardcoded-crypto-key) | CWE-321 | A02:2025 | 9.8 | Enforce no hardcoded crypto key | 💼 |  |  | 💡 |  |
+| [no-key-reuse](https://eslint.interlace.tools/docs/crypto/rules/no-key-reuse) | CWE-323 | A02:2025 | 7.5 | Enforce no key reuse | 💼 | ⚠️ |  | 💡 |  |
+| [no-math-random-crypto](https://eslint.interlace.tools/docs/crypto/rules/no-math-random-crypto) | CWE-338 | A07:2025 | 5.3 | Enforce no math random crypto | 💼 |  |  | 💡 |  |
+| [no-numeric-only-tokens](https://eslint.interlace.tools/docs/crypto/rules/no-numeric-only-tokens) | CWE-330 | A07:2025 | 5.3 | Enforce no numeric only tokens | 💼 | ⚠️ |  | 💡 |  |
+| [no-predictable-salt](https://eslint.interlace.tools/docs/crypto/rules/no-predictable-salt) | CWE-331 | A07:2025 | 7.5 | Enforce no predictable salt | 💼 |  |  | 💡 |  |
+| [no-web-crypto-export](https://eslint.interlace.tools/docs/crypto/rules/no-web-crypto-export) | CWE-321 | A02:2025 | 5.0 | Enforce no web crypto export | 💼 | ⚠️ |  | 💡 |  |
+| [require-authenticated-encryption](https://eslint.interlace.tools/docs/crypto/rules/require-authenticated-encryption) | CWE-327 | A04:2025 | 6.5 | Enforce require authenticated encryption | 💼 | ⚠️ |  | 💡 |  |
+| [require-key-length](https://eslint.interlace.tools/docs/crypto/rules/require-key-length) | CWE-326 | A02:2025 | 7.5 | Enforce require key length | 💼 | ⚠️ |  | 💡 |  |
+| [require-random-iv](https://eslint.interlace.tools/docs/crypto/rules/require-random-iv) | CWE-329 | A02:2025 | 7.5 | Enforce require random iv | 💼 | ⚠️ |  | 💡 |  |
+| [require-secure-pbkdf2-digest](https://eslint.interlace.tools/docs/crypto/rules/require-secure-pbkdf2-digest) | CWE-916 | A02:2025 | 9.1 | Enforce require secure pbkdf2 digest | 💼 |  |  | 💡 |  |
+| [require-sufficient-length](https://eslint.interlace.tools/docs/crypto/rules/require-sufficient-length) | CWE-326 | A02:2025 | 7.5 | Enforce require sufficient length | 💼 | ⚠️ |  | 💡 |  |
 ## 🔗 Related ESLint Plugins
 Part of the **Interlace ESLint Ecosystem** — AI-native security plugins with LLM-optimized error messages:
-| Plugin                                                                                               |                                                                              Downloads                                                                               | Description                                 |
-| :--------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------------------------------------------ |
-| [`eslint-plugin-secure-coding`](https://www.npmjs.com/package/eslint-plugin-secure-coding)           |      [![downloads](https://img.shields.io/npm/dt/eslint-plugin-secure-coding.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-secure-coding)      | General security rules & OWASP guidelines.  |
-| [`eslint-plugin-pg`](https://www.npmjs.com/package/eslint-plugin-pg)                                 |                 [![downloads](https://img.shields.io/npm/dt/eslint-plugin-pg.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-pg)                 | PostgreSQL security & best practices.       |
-| [`eslint-plugin-crypto`](https://www.npmjs.com/package/eslint-plugin-crypto)                         |             [![downloads](https://img.shields.io/npm/dt/eslint-plugin-crypto.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-crypto)             | NodeJS Cryptography security rules.         |
-| [`eslint-plugin-jwt`](https://www.npmjs.com/package/eslint-plugin-jwt)                               |                [![downloads](https://img.shields.io/npm/dt/eslint-plugin-jwt.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-jwt)                | JWT security & best practices.              |
-| [`eslint-plugin-browser-security`](https://www.npmjs.com/package/eslint-plugin-browser-security)     |   [![downloads](https://img.shields.io/npm/dt/eslint-plugin-browser-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-browser-security)   | Browser-specific security & XSS prevention. |
-| [`eslint-plugin-express-security`](https://www.npmjs.com/package/eslint-plugin-express-security)     |   [![downloads](https://img.shields.io/npm/dt/eslint-plugin-express-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-express-security)   | Express.js security hardening rules.        |
-| [`eslint-plugin-lambda-security`](https://www.npmjs.com/package/eslint-plugin-lambda-security)       |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-lambda-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-lambda-security)    | AWS Lambda security best practices.         |
-| [`eslint-plugin-nestjs-security`](https://www.npmjs.com/package/eslint-plugin-nestjs-security)       |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-nestjs-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-nestjs-security)    | NestJS security rules & patterns.           |
-| [`eslint-plugin-mongodb-security`](https://www.npmjs.com/package/eslint-plugin-mongodb-security)     |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-mongodb-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-mongodb-security)    | MongoDB security best practices.           |
-| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-vercel-ai-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security hardening.           |
-| [`eslint-plugin-import-next`](https://www.npmjs.com/package/eslint-plugin-import-next)               |        [![downloads](https://img.shields.io/npm/dt/eslint-plugin-import-next.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-import-next)        | Next-gen import sorting & architecture.     |
+| Plugin | Downloads | Description |
+| :--- | :---: | :--- |
+| [`eslint-plugin-secure-coding`](https://www.npmjs.com/package/eslint-plugin-secure-coding) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-secure-coding.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-secure-coding) | General security rules & OWASP guidelines. |
+| [`eslint-plugin-pg`](https://www.npmjs.com/package/eslint-plugin-pg) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-pg.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-pg) | PostgreSQL security & best practices. |
+| [`eslint-plugin-crypto`](https://www.npmjs.com/package/eslint-plugin-crypto) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-crypto.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-crypto) | NodeJS Cryptography security rules. |
+| [`eslint-plugin-jwt`](https://www.npmjs.com/package/eslint-plugin-jwt) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-jwt.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-jwt) | JWT security & best practices. |
+| [`eslint-plugin-browser-security`](https://www.npmjs.com/package/eslint-plugin-browser-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-browser-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-browser-security) | Browser-specific security & XSS prevention. |
+| [`eslint-plugin-express-security`](https://www.npmjs.com/package/eslint-plugin-express-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-express-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-express-security) | Express.js security hardening rules. |
+| [`eslint-plugin-lambda-security`](https://www.npmjs.com/package/eslint-plugin-lambda-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-lambda-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-lambda-security) | AWS Lambda security best practices. |
+| [`eslint-plugin-nestjs-security`](https://www.npmjs.com/package/eslint-plugin-nestjs-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-nestjs-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-nestjs-security) | NestJS security rules & patterns. |
+| [`eslint-plugin-mongodb-security`](https://www.npmjs.com/package/eslint-plugin-mongodb-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-mongodb-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-mongodb-security) | MongoDB security best practices. |
+| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-vercel-ai-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security hardening. |
+| [`eslint-plugin-import-next`](https://www.npmjs.com/package/eslint-plugin-import-next) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-import-next.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-import-next) | Next-gen import sorting & architecture. |
 ## 📄 License
 MIT © [Ofri Peretz](https://github.com/ofri-peretz)
 <p align="center">
-  <a href="https://eslint.interlace.tools/docs/crypto"><img src="https://eslint.interlace.tools/images/og-crypto.png" alt="ESLint Interlace Plugin" width="300" /></a>
-</p>
+  <a href="https://eslint.interlace.tools/docs/crypto"><img src="https://eslint.interlace.tools/images/og-crypto.png" alt="ESLint Interlace Plugin" width="100%" /></a>
+</p>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "eslint-plugin-crypto",
-  "version": "2.2.0",
+  "version": "2.2.2",
   "description": "Security-focused ESLint plugin with 24 AI-parseable rules for cryptographic best practices. Detects weak algorithms, insecure key handling, CVE-specific vulnerabilities, and deprecated crypto patterns.",
   "type": "commonjs",
   "main": "./src/index.js",
@@ -17,10 +17,10 @@
   },
   "author": "Ofri Peretz <ofriperetzdev@gmail.com>",
   "license": "MIT",
-  "homepage": "https://github.com/ofri-peretz/eslint/blob/main/packages/eslint-plugin-crypto/README.md",
+  "homepage": "https://github.com/ofri-peretz/eslint/tree/main/packages/eslint-plugin-crypto#readme",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/ofri-peretz/eslint.git",
+    "url": "https://github.com/ofri-peretz/eslint",
     "directory": "packages/eslint-plugin-crypto"
   },
   "bugs": {

package/AGENTS.md DELETED Viewed

@@ -1,119 +0,0 @@
-# AGENTS.md
-> Context for AI coding agents working on eslint-plugin-crypto
-## Setup Commands
-```bash
-# Install dependencies (from monorepo root)
-pnpm install
-# Build this package
-nx build eslint-plugin-crypto
-# Run tests
-nx test eslint-plugin-crypto
-# Run tests with coverage
-nx test eslint-plugin-crypto --coverage
-# Lint this package
-nx lint eslint-plugin-crypto
-```
-## Code Style
-- TypeScript strict mode with `@interlace/eslint-devkit` types
-- Use `AST_NODE_TYPES` constants, never string literals for node types
-- Use `formatLLMMessage()` for all rule error messages
-- Include CWE, CVSS, CVE references in every security message
-- Use `c8 ignore` comments with documented reasons for untestable code
-- Single-pass AST traversal patterns (O(n) complexity)
-## Testing Instructions
-- Tests use `@typescript-eslint/rule-tester` with Vitest
-- Each rule has `index.ts` (implementation) and `*.test.ts` (tests) in same directory
-- Run specific rule test: `nx test eslint-plugin-crypto --testPathPattern="no-weak-hash"`
-- Coverage target: ≥90% lines, ≥95% functions
-- All tests must pass before committing
-## Project Structure
-```
-src/
-├── index.ts          # Plugin entry, 5 configs
-├── types/index.ts    # 24 rule option types
-└── rules/            # 24 rule directories
-```
-## Plugin Purpose
-Security-focused ESLint plugin with **24 rules** for cryptographic best practices. Covers Node.js `crypto`, Web Crypto API, and npm packages (crypto-hash, crypto-random-string, crypto-js).
-## Rule Categories
-### Core Node.js Crypto Rules (8)
-| Rule                          | CWE | Detects        | Fix              |
-| ----------------------------- | --- | -------------- | ---------------- |
-| `no-weak-hash-algorithm`      | 327 | MD5, SHA1, MD4 | SHA-256/512      |
-| `no-weak-cipher-algorithm`    | 327 | DES, 3DES, RC4 | AES-256-GCM      |
-| `no-deprecated-cipher-method` | 327 | createCipher() | createCipheriv() |
-| `no-static-iv`                | 329 | Hardcoded IVs  | randomBytes(16)  |
-| `no-ecb-mode`                 | 327 | ECB mode       | GCM or CBC       |
-| `no-insecure-key-derivation`  | 916 | PBKDF2 <100k   | ≥100k iterations |
-| `no-hardcoded-crypto-key`     | 321 | Literal keys   | env vars/KMS     |
-| `require-random-iv`           | 329 | Non-random IVs | randomBytes()    |
-### CVE-Specific Rules (3)
-| Rule                           | CVE            | Vulnerability |
-| ------------------------------ | -------------- | ------------- |
-| `no-insecure-rsa-padding`      | CVE-2023-46809 | Marvin Attack |
-| `no-cryptojs-weak-random`      | CVE-2020-36732 | Weak PRNG     |
-| `require-secure-pbkdf2-digest` | CVE-2023-46233 | SHA1 PBKDF2   |
-## Common Fix Patterns
-```typescript
-// Weak Hash
-// BAD: crypto.createHash('md5')
-// GOOD: crypto.createHash('sha256')
-// RSA Padding (CVE-2023-46809)
-// BAD: padding: crypto.constants.RSA_PKCS1_PADDING
-// GOOD: padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
-// Math.random for crypto
-// BAD: const token = Math.random().toString(36)
-// GOOD: const token = crypto.randomBytes(32).toString('hex')
-// Timing-safe compare
-// BAD: if (userToken === storedToken)
-// GOOD: if (crypto.timingSafeEqual(Buffer.from(userToken), Buffer.from(storedToken)))
-// Authenticated encryption
-// BAD: crypto.createCipheriv('aes-256-cbc', key, iv)
-// GOOD: crypto.createCipheriv('aes-256-gcm', key, iv)
-```
-## Presets (5)
-| Preset               | Use Case                |
-| -------------------- | ----------------------- |
-| `recommended`        | Most projects           |
-| `strict`             | High-security apps      |
-| `cryptojs-migration` | Migrating off crypto-js |
-| `nodejs-only`        | Server-side only        |
-| `cve-focused`        | Known CVE protection    |
-## CWE Coverage
-208, 295, 321, 323, 326, 327, 328, 329, 330, 331, 338, 916, 1104
-## Security Considerations
-- Detects 3 specific CVEs: CVE-2023-46809, CVE-2020-36732, CVE-2023-46233
-- Marvin Attack detection for RSA padding
-- crypto-js weak PRNG detection

package/CHANGELOG.md DELETED Viewed

@@ -1,74 +0,0 @@
-# Changelog
-All notable changes to `eslint-plugin-crypto` will be documented in this file.
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [Unreleased]
-### Documentation
-- 📘 Launched new documentation site: [eslint.interlace.tools](https://eslint.interlace.tools/)
-## [1.0.0] - 2025-12-29
-### Added
-#### Core Node.js Crypto Rules (8)
-- `no-weak-hash-algorithm` - Detect MD5, SHA1, MD4, RIPEMD (CWE-327)
-- `no-weak-cipher-algorithm` - Detect DES, 3DES, RC4, Blowfish (CWE-327)
-- `no-deprecated-cipher-method` - Detect createCipher/createDecipher (CWE-327)
-- `no-static-iv` - Detect hardcoded initialization vectors (CWE-329)
-- `no-ecb-mode` - Detect ECB encryption mode (CWE-327)
-- `no-insecure-key-derivation` - Detect PBKDF2 < 100k iterations (CWE-916)
-- `no-hardcoded-crypto-key` - Detect literal encryption keys (CWE-321)
-- `require-random-iv` - Ensure IV from crypto.randomBytes() (CWE-329)
-#### CVE-Specific Rules (3)
-- `no-insecure-rsa-padding` - **CVE-2023-46809** Marvin Attack detection (CWE-327)
-- `no-cryptojs-weak-random` - **CVE-2020-36732** crypto-js weak PRNG (CWE-338)
-- `require-secure-pbkdf2-digest` - **CVE-2023-46233** PBKDF2 SHA1 default (CWE-328)
-#### Advanced Security Rules (7)
-- `no-math-random-crypto` - Detect Math.random() in crypto contexts (CWE-338)
-- `no-predictable-salt` - Detect empty/hardcoded salts (CWE-331)
-- `require-authenticated-encryption` - Flag CBC/CTR without MAC (CWE-327)
-- `no-key-reuse` - Warn on key reuse across operations (CWE-323)
-- `no-self-signed-certs` - Detect rejectUnauthorized: false (CWE-295)
-- `no-timing-unsafe-compare` - Detect timing-unsafe secret comparison (CWE-208)
-- `require-key-length` - Recommend AES-256 over AES-128/192 (CWE-326)
-- `no-web-crypto-export` - Warn on key export (CWE-321)
-#### Package-Specific Rules (6)
-- `no-sha1-hash` - Detect sha1() from crypto-hash (CWE-327)
-- `require-sufficient-length` - Require crypto-random-string ≥32 chars (CWE-330)
-- `no-numeric-only-tokens` - Warn on type: 'numeric' (CWE-330)
-- `no-cryptojs` - Warn on deprecated crypto-js usage (CWE-1104)
-- `no-cryptojs-weak-random` - CVE-2020-36732 (CWE-338)
-- `prefer-native-crypto` - Recommend native crypto (CWE-1104)
-#### Presets (5)
-- `recommended` - Balanced security defaults
-- `strict` - All 24 rules as errors
-- `cryptojs-migration` - For migrating off crypto-js
-- `nodejs-only` - Server-side only (no package rules)
-- `cve-focused` - Rules targeting specific CVEs
-#### Features
-- LLM-optimized error messages with CWE references
-- Auto-fix suggestions where safe
-- OWASP-aligned recommendations
-- TypeScript support
-- Comprehensive test coverage (302 edge case tests)
-### Security
-- Covers 13 CWEs: 208, 295, 321, 323, 326, 327, 328, 329, 330, 331, 338, 916, 1104
-- Detects 3 specific CVEs: CVE-2023-46809, CVE-2020-36732, CVE-2023-46233