npm - eslint-plugin-etc-misc - Versions diffs - 1.1.1 → 1.1.2 - Mend

eslint-plugin-etc-misc 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/README.md +3 -0
package/dist/configs/all-strict.d.ts +1 -0
package/dist/configs/all-strict.d.ts.map +1 -1
package/dist/configs/all-strict.js +1 -0
package/dist/configs/all-strict.js.map +1 -1
package/dist/configs/all.d.ts +1 -0
package/dist/configs/all.d.ts.map +1 -1
package/dist/configs/all.js +1 -0
package/dist/configs/all.js.map +1 -1
package/dist/configs/minimal.d.ts +3 -0
package/dist/configs/minimal.d.ts.map +1 -1
package/dist/configs/minimal.js +3 -0
package/dist/configs/minimal.js.map +1 -1
package/dist/configs/recommended.d.ts +3 -0
package/dist/configs/recommended.d.ts.map +1 -1
package/dist/configs/recommended.js +3 -0
package/dist/configs/recommended.js.map +1 -1
package/dist/configs/strict-type-checked.d.ts +1 -0
package/dist/configs/strict-type-checked.d.ts.map +1 -1
package/dist/configs/strict-type-checked.js +1 -0
package/dist/configs/strict-type-checked.js.map +1 -1
package/dist/configs/strict.d.ts +1 -0
package/dist/configs/strict.d.ts.map +1 -1
package/dist/configs/strict.js +1 -0
package/dist/configs/strict.js.map +1 -1
package/dist/configs.d.ts +8 -7
package/dist/configs.d.ts.map +1 -1
package/dist/configs.js +1 -0
package/dist/configs.js.map +1 -1
package/dist/plugin.cjs +967 -404
package/dist/plugin.cjs.map +4 -4
package/dist/rules/no-function-declare-after-return.d.ts +19 -0
package/dist/rules/no-function-declare-after-return.d.ts.map +1 -0
package/dist/rules/no-function-declare-after-return.js +119 -0
package/dist/rules/no-function-declare-after-return.js.map +1 -0
package/dist/rules/no-use-extend-native.d.ts +9 -0
package/dist/rules/no-use-extend-native.d.ts.map +1 -0
package/dist/rules/no-use-extend-native.js +296 -0
package/dist/rules/no-use-extend-native.js.map +1 -0
package/dist/rules/no-vulnerable.d.ts +15 -0
package/dist/rules/no-vulnerable.d.ts.map +1 -0
package/dist/rules/no-vulnerable.js +182 -0
package/dist/rules/no-vulnerable.js.map +1 -0
package/dist/rules.d.ts.map +1 -1
package/dist/rules.js +8 -0
package/dist/rules.js.map +1 -1
package/docs/docusaurus/package.json +5 -5
package/docs/docusaurus/src/pages/index.module.css +2 -1
package/docs/rules/no-function-declare-after-return.md +143 -0
package/docs/rules/no-use-extend-native.md +89 -0
package/docs/rules/no-vulnerable.md +110 -0
package/package.json +26 -45

package/docs/rules/no-vulnerable.md ADDED Viewed

@@ -0,0 +1,110 @@
+# no-vulnerable
+Disallow regular expressions that are potentially vulnerable to ReDoS (Regular Expression Denial of Service).
+## Rule details
+This rule analyzes regular expression literals and statically-resolvable `RegExp(...)` constructor calls using [`recheck`](https://www.npmjs.com/package/recheck).
+Catastrophic backtracking can make an application spend excessive CPU time on crafted inputs. In server contexts, that can become an availability issue.
+This rule reports patterns that `recheck` identifies as vulnerable with polynomial or exponential complexity.
+## What this rule checks
+This rule checks:
+- `/(...)/flags` literals.
+- `RegExp("...")` and `new RegExp("...", "flags")` when both arguments are statically-known strings.
+This rule intentionally skips dynamic patterns/flags it cannot resolve safely at lint time.
+## ❌ Incorrect
+```ts
+const unsafe = /(a+)+$/;
+```
+```ts
+const unsafe = RegExp("(a+)+$");
+```
+```ts
+const unsafe = new RegExp("(a+)+$", "u");
+```
+## ✅ Correct
+```ts
+const safe = /^a+$/;
+```
+```ts
+const source = getPatternFromConfig();
+const maybeUnsafe = RegExp(source); // Dynamic value: intentionally not analyzed.
+```
+## Options
+```ts
+type Options = [
+    {
+        ignoreErrors?: boolean;
+        permittableComplexities?: Array<"polynomial" | "exponential">;
+        timeout?: number | null;
+    }?,
+];
+```
+### Default options
+```ts
+{
+    ignoreErrors: true,
+    permittableComplexities: [],
+}
+```
+### `ignoreErrors`
+When `true` (default), analysis failures from `recheck` are ignored.
+When `false`, analysis failures are reported.
+### `permittableComplexities`
+Allows selected vulnerable complexity classes to pass.
+For example, to allow polynomial but still report exponential:
+```ts
+{
+    permittableComplexities: ["polynomial"],
+}
+```
+## When not to use it
+- If your codebase never handles untrusted input with regexes.
+- If lint-time regex analysis cost is unacceptable for your workflow.
+- If you prefer running ReDoS scanning as a separate CI security step rather than as an ESLint rule.
+## Further reading
+- [OWASP: Regular expression Denial of Service (ReDoS)](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
+- [`recheck` package](https://www.npmjs.com/package/recheck)
+- [MDN: Regular expressions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions)
+## ESLint flat config example
+```ts
+import etcMisc from "eslint-plugin-etc-misc";
+export default [
+    {
+        plugins: { "etc-misc": etcMisc },
+        rules: {
+            "etc-misc/no-vulnerable": "error",
+        },
+    },
+];
+```

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
     "$schema": "https://www.schemastore.org/package.json",
     "name": "eslint-plugin-etc-misc",
-    "version": "1.1.1",
+    "version": "1.1.2",
     "private": false,
     "description": "ESLint Plugin combining eslint-plugin-etc and eslint-plugin-misc!",
     "keywords": [
@@ -61,7 +61,7 @@
         "build": "tsc -b tsconfig.build.json --force && npm run build:types:cjs && npm run build:cjs",
         "build:cjs": "esbuild dist/plugin.js --bundle --format=cjs --platform=node --packages=external --sourcemap --outfile=dist/plugin.cjs --footer:js=\"module.exports = module.exports.default;\"",
         "build:clean": "node -e \"require('node:fs').rmSync('dist',{recursive:true,force:true})\"",
-        "build:eslint-inspector": "npx -y @eslint/config-inspector@1.4.2 build --outDir \"docs/docusaurus/static/eslint-inspector\" --base \"/eslint-plugin-etc-misc/eslint-inspector/\"",
+        "build:eslint-inspector": "npx -y @eslint/config-inspector@latest build --outDir \"docs/docusaurus/static/eslint-inspector\" --base \"/eslint-plugin-etc-misc/eslint-inspector/\"",
         "build:eslint-inspector:local": "npx @eslint/config-inspector",
         "build:types:cjs": "node -e \"require('node:fs').copyFileSync('dist/plugin.d.ts','dist/plugin.d.cts')\"",
         "changelog:generate": "git-cliff --config cliff.toml --output CHANGELOG.md",
@@ -190,17 +190,18 @@
     "dependencies": {
         "@eslint-community/eslint-plugin-eslint-comments": "^4.7.1",
         "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/eslint-plugin": "^8.59.1",
-        "@typescript-eslint/parser": "^8.59.1",
-        "@typescript-eslint/type-utils": "^8.59.1",
-        "@typescript-eslint/utils": "^8.59.1",
+        "@typescript-eslint/eslint-plugin": "^8.59.2",
+        "@typescript-eslint/parser": "^8.59.2",
+        "@typescript-eslint/type-utils": "^8.59.2",
+        "@typescript-eslint/utils": "^8.59.2",
         "debug": "^4.4.3",
         "eslint-plugin-no-secrets": "^2.3.3",
         "eslint-plugin-unicorn": "^64.0.0",
-        "eslint-plugin-write-good-comments-2": "^1.2.0",
+        "eslint-plugin-write-good-comments-2": "^1.2.1",
         "eslint-visitor-keys": "^5.0.1",
         "minimatch": "^10.2.5",
-        "semver": "^7.7.4",
+        "recheck": "^4.5.0",
+        "semver": "^7.8.0",
         "tinyglobby": "^0.2.16",
         "ts-extras": "^1.0.0",
         "tslib": "^2.8.1",
@@ -213,8 +214,8 @@
         "@codecov/vite-plugin": "^2.0.1",
         "@csstools/stylelint-formatter-github": "^2.0.0",
         "@double-great/remark-lint-alt-text": "^1.1.1",
-        "@eslint/compat": "^2.0.5",
-        "@eslint/config-inspector": "^2.0.0",
+        "@eslint/compat": "^2.1.0",
+        "@eslint/config-inspector": "^2.0.1",
         "@microsoft/tsdoc-config": "^0.18.1",
         "@stryker-ignorer/console-all": "^0.3.2",
         "@stryker-mutator/core": "^9.6.1",
@@ -222,22 +223,15 @@
         "@stryker-mutator/vitest-runner": "^9.6.1",
         "@types/htmlhint": "^1.1.5",
         "@types/madge": "^5.0.3",
-        "@types/node": "^25.6.0",
-        "@types/postcss-clamp": "^4.1.3",
-        "@types/postcss-flexbugs-fixes": "^5.0.3",
-        "@types/postcss-html": "^1.5.3",
-        "@types/postcss-import": "^14.0.3",
-        "@types/postcss-inline-svg": "^5.0.4",
-        "@types/postcss-normalize": "^9.0.4",
-        "@types/postcss-reporter": "^7.0.5",
+        "@types/node": "^25.6.2",
         "@types/sloc": "^0.2.3",
-        "@typescript-eslint/rule-tester": "^8.59.1",
+        "@typescript-eslint/rule-tester": "^8.59.2",
         "@vitest/coverage-v8": "^4.1.5",
         "@vitest/ui": "^4.1.5",
         "actionlint": "^2.0.6",
         "all-contributors-cli": "^6.26.1",
         "cognitive-complexity-ts": "^0.8.1",
-        "commitlint": "^20.5.3",
+        "commitlint": "^21.0.0",
         "cross-env": "^10.1.0",
         "depcheck": "^1.4.7",
         "detect-secrets": "^1.0.6",
@@ -249,48 +243,35 @@
         "git-cliff": "^2.13.1",
         "gitleaks-secret-scanner": "^2.1.1",
         "htmlhint": "^1.9.2",
-        "jscpd": "^4.0.9",
-        "knip": "^6.11.0",
+        "jscpd": "^4.1.0",
+        "knip": "^6.12.2",
         "leasot": "^14.4.0",
         "madge": "^8.0.0",
         "markdown-link-check": "^3.14.2",
-        "npm-check-updates": "^22.1.0",
+        "npm-check-updates": "^22.1.1",
         "npm-package-json-lint": "^10.4.0",
         "picocolors": "^1.1.1",
-        "postcss": "^8.5.13",
-        "postcss-assets": "^6.0.0",
-        "postcss-clamp": "^4.1.0",
-        "postcss-combine-duplicated-selectors": "^10.0.3",
-        "postcss-flexbugs-fixes": "^5.0.2",
-        "postcss-import": "^16.1.1",
-        "postcss-inline-svg": "^6.0.0",
-        "postcss-logical": "^9.0.0",
-        "postcss-normalize": "^13.0.1",
-        "postcss-reporter": "^7.1.0",
-        "postcss-round-subpixels": "^2.0.0",
-        "postcss-sort-media-queries": "^6.5.0",
-        "postcss-viewport-height-correction": "^1.1.1",
         "prettier": "^3.8.3",
-        "prettier-config-nick2bad4u": "^1.0.9",
-        "publint": "^0.3.18",
+        "prettier-config-nick2bad4u": "^1.0.10",
+        "publint": "^0.3.20",
         "rehype-katex": "^7.0.1",
         "remark": "^15.0.1",
         "remark-cli": "^12.0.1",
         "remark-config-nick2bad4u": "^1.0.1",
         "rimraf": "^6.1.3",
-        "secretlint": "^12.3.1",
-        "secretlint-config-nick2bad4u": "^1.0.3",
+        "secretlint": "^13.0.0",
+        "secretlint-config-nick2bad4u": "^1.0.4",
         "sloc": "^0.3.2",
         "sort-package-json": "^3.6.1",
-        "stylelint": "^17.10.0",
-        "stylelint-config-nick2bad4u": "^1.0.5",
+        "stylelint": "^17.11.0",
+        "stylelint-config-nick2bad4u": "^1.0.10",
         "ts-unused-exports": "^11.0.1",
         "typedoc": "^0.28.19",
         "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.1",
+        "typescript-eslint": "^8.59.2",
         "typesync": "^0.14.3",
         "vfile": "^6.0.3",
-        "vite": "^8.0.10",
+        "vite": "^8.0.11",
         "vite-tsconfig-paths": "^6.1.1",
         "vitest": "^4.1.5",
         "yamllint-js": "^0.2.4"
@@ -299,7 +280,7 @@
         "eslint": "^9.0.0 || ^10.3.0",
         "typescript": ">=5.0.0"
     },
-    "packageManager": "npm@11.13.0",
+    "packageManager": "npm@11.14.1",
     "engines": {
         "node": ">=20.19.0"
     },