eslint-plugin-etc-misc 1.1.7 → 1.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_internal/import-patterns.js +3 -3
- package/dist/_internal/import-patterns.js.map +1 -1
- package/dist/_internal/rule-catalog.js +4 -4
- package/dist/_internal/rule-catalog.js.map +1 -1
- package/dist/_internal/symbol-usage.d.ts +1 -1
- package/dist/_internal/symbol-usage.d.ts.map +1 -1
- package/dist/_internal/symbol-usage.js +1 -1
- package/dist/_internal/symbol-usage.js.map +1 -1
- package/dist/plugin.cjs +61 -84
- package/dist/plugin.cjs.map +3 -3
- package/dist/rules/match-filename.js +2 -2
- package/dist/rules/match-filename.js.map +1 -1
- package/dist/rules/no-assign-mutated-array.js +3 -3
- package/dist/rules/no-assign-mutated-array.js.map +1 -1
- package/dist/rules/no-const-enum.d.ts.map +1 -1
- package/dist/rules/no-const-enum.js +8 -6
- package/dist/rules/no-const-enum.js.map +1 -1
- package/dist/rules/no-deprecated.js +3 -3
- package/dist/rules/no-deprecated.js.map +1 -1
- package/dist/rules/no-foreach.js +2 -2
- package/dist/rules/no-foreach.js.map +1 -1
- package/dist/rules/no-implicit-any-catch.d.ts.map +1 -1
- package/dist/rules/no-implicit-any-catch.js.map +1 -1
- package/dist/rules/no-internal.js +3 -3
- package/dist/rules/no-internal.js.map +1 -1
- package/dist/rules/no-misused-generics.js +11 -11
- package/dist/rules/no-misused-generics.js.map +1 -1
- package/dist/rules/no-use-extend-native.d.ts.map +1 -1
- package/dist/rules/no-use-extend-native.js +2 -1
- package/dist/rules/no-use-extend-native.js.map +1 -1
- package/dist/rules/object-format.js +2 -2
- package/dist/rules/object-format.js.map +1 -1
- package/dist/rules/sort-array.js +2 -2
- package/dist/rules/sort-array.js.map +1 -1
- package/dist/rules/sort-class-members.d.ts.map +1 -1
- package/dist/rules/sort-class-members.js.map +1 -1
- package/dist/rules/sort-export-specifiers.js +2 -2
- package/dist/rules/sort-export-specifiers.js.map +1 -1
- package/dist/rules/switch-case-spacing.d.ts.map +1 -1
- package/dist/rules/switch-case-spacing.js +5 -4
- package/dist/rules/switch-case-spacing.js.map +1 -1
- package/dist/rules/throw-error.js +4 -4
- package/dist/rules/throw-error.js.map +1 -1
- package/dist/rules/typescript-array-callback-return-type.d.ts.map +1 -1
- package/dist/rules/typescript-array-callback-return-type.js.map +1 -1
- package/dist/rules/typescript-class-methods-use-this.d.ts.map +1 -1
- package/dist/rules/typescript-class-methods-use-this.js +3 -3
- package/dist/rules/typescript-class-methods-use-this.js.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-const.d.ts.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-const.js +1 -4
- package/dist/rules/typescript-no-redundant-undefined-const.js.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-default-parameter.d.ts.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-default-parameter.js +1 -4
- package/dist/rules/typescript-no-redundant-undefined-default-parameter.js.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-let.d.ts.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-let.js +1 -4
- package/dist/rules/typescript-no-redundant-undefined-let.js.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-promise-return-type.d.ts.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-promise-return-type.js +1 -4
- package/dist/rules/typescript-no-redundant-undefined-promise-return-type.js.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-readonly-property.d.ts.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-readonly-property.js +1 -4
- package/dist/rules/typescript-no-redundant-undefined-readonly-property.js.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-return-type.d.ts.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-return-type.js +1 -4
- package/dist/rules/typescript-no-redundant-undefined-return-type.js.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-var.d.ts.map +1 -1
- package/dist/rules/typescript-no-redundant-undefined-var.js +1 -4
- package/dist/rules/typescript-no-redundant-undefined-var.js.map +1 -1
- package/dist/rules/typescript-prefer-enum.d.ts.map +1 -1
- package/dist/rules/typescript-prefer-enum.js.map +1 -1
- package/dist/rules/typescript-prefer-named-tuple-members.d.ts.map +1 -1
- package/dist/rules/typescript-prefer-named-tuple-members.js +2 -5
- package/dist/rules/typescript-prefer-named-tuple-members.js.map +1 -1
- package/docs/AGENTS.md +1 -0
- package/docs/docusaurus/package.json +1 -1
- package/docs/docusaurus/src/components/GitHubStats.module.css +18 -3
- package/docs/rules/no-function-declare-after-return.md +31 -34
- package/docs/rules/no-use-extend-native.md +23 -25
- package/docs/rules/no-vulnerable.md +23 -25
- package/package.json +5 -5
|
@@ -2,20 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
Disallow usage of non-native members on built-in JavaScript objects.
|
|
4
4
|
|
|
5
|
-
## Why this rule is included here
|
|
6
|
-
|
|
7
|
-
This rule was integrated into `eslint-plugin-etc-misc` to avoid requiring a separate single-rule plugin dependency.
|
|
8
|
-
|
|
9
|
-
Original plugin source: [`eslint-plugin-no-use-extend-native`](https://github.com/dustinspecker/eslint-plugin-no-use-extend-native).
|
|
10
|
-
|
|
11
|
-
## Rule details
|
|
12
|
-
|
|
13
|
-
This rule helps prevent implicit reliance on monkey-patched native prototypes (for example from legacy libraries that add methods like `String.prototype.green`).
|
|
14
|
-
|
|
15
|
-
Relying on extended native objects can make code unpredictable across runtimes, bundling targets, and dependency versions.
|
|
16
|
-
|
|
17
|
-
This rule reports member usage on obvious built-in values when the accessed member is not part of the native API.
|
|
18
|
-
|
|
19
5
|
## Targeted pattern scope
|
|
20
6
|
|
|
21
7
|
This rule is intentionally conservative and focuses on obvious built-in object shapes such as:
|
|
@@ -27,6 +13,16 @@ This rule is intentionally conservative and focuses on obvious built-in object s
|
|
|
27
13
|
|
|
28
14
|
It does **not** attempt full-flow inference for arbitrary identifiers.
|
|
29
15
|
|
|
16
|
+
## What this rule reports
|
|
17
|
+
|
|
18
|
+
This rule helps prevent implicit reliance on monkey-patched native prototypes (for example from legacy libraries that add methods like `String.prototype.green`).
|
|
19
|
+
|
|
20
|
+
This rule reports member usage on obvious built-in values when the accessed member is not part of the native API.
|
|
21
|
+
|
|
22
|
+
## Why this rule exists
|
|
23
|
+
|
|
24
|
+
Relying on extended native objects can make code unpredictable across runtimes, bundling targets, and dependency versions.
|
|
25
|
+
|
|
30
26
|
## ❌ Incorrect
|
|
31
27
|
|
|
32
28
|
```ts
|
|
@@ -55,11 +51,11 @@ const value = [].map((entry) => entry);
|
|
|
55
51
|
const value = String.prototype.toLowerCase.call("ABC");
|
|
56
52
|
```
|
|
57
53
|
|
|
58
|
-
##
|
|
54
|
+
## Behavior and migration notes
|
|
59
55
|
|
|
60
56
|
This rule has no options.
|
|
61
57
|
|
|
62
|
-
|
|
58
|
+
### Relationship to ESLint `no-extend-native`
|
|
63
59
|
|
|
64
60
|
- ESLint core [`no-extend-native`](https://eslint.org/docs/latest/rules/no-extend-native) prevents adding properties to native prototypes.
|
|
65
61
|
- This rule prevents consuming non-native members when they appear in code.
|
|
@@ -69,15 +65,7 @@ Using both rules together gives better protection:
|
|
|
69
65
|
1. Prevent introducing prototype extension.
|
|
70
66
|
2. Prevent relying on prototype extension from third-party code.
|
|
71
67
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
- If your project intentionally and explicitly relies on controlled prototype extension.
|
|
75
|
-
- If your runtime environment guarantees specific prototype patches and that dependency is accepted in your architecture.
|
|
76
|
-
|
|
77
|
-
## Further reading
|
|
78
|
-
|
|
79
|
-
- [ESLint `no-extend-native`](https://eslint.org/docs/latest/rules/no-extend-native)
|
|
80
|
-
- [MDN: Inheritance and the prototype chain](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Inheritance_and_the_prototype_chain)
|
|
68
|
+
Original plugin source: [`eslint-plugin-no-use-extend-native`](https://github.com/dustinspecker/eslint-plugin-no-use-extend-native).
|
|
81
69
|
|
|
82
70
|
## ESLint flat config example
|
|
83
71
|
|
|
@@ -93,3 +81,13 @@ export default [
|
|
|
93
81
|
},
|
|
94
82
|
];
|
|
95
83
|
```
|
|
84
|
+
|
|
85
|
+
## When not to use it
|
|
86
|
+
|
|
87
|
+
- If your project intentionally and explicitly relies on controlled prototype extension.
|
|
88
|
+
- If your runtime environment guarantees specific prototype patches and that dependency is accepted in your architecture.
|
|
89
|
+
|
|
90
|
+
## Further reading
|
|
91
|
+
|
|
92
|
+
- [ESLint `no-extend-native`](https://eslint.org/docs/latest/rules/no-extend-native)
|
|
93
|
+
- [MDN: Inheritance and the prototype chain](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Inheritance_and_the_prototype_chain)
|
|
@@ -2,28 +2,24 @@
|
|
|
2
2
|
|
|
3
3
|
Disallow regular expressions that are potentially vulnerable to ReDoS (Regular Expression Denial of Service).
|
|
4
4
|
|
|
5
|
-
##
|
|
5
|
+
## Targeted pattern scope
|
|
6
6
|
|
|
7
|
-
This rule
|
|
7
|
+
This rule checks:
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
- `/(...)/flags` literals.
|
|
10
|
+
- `RegExp("...")` and `new RegExp("...", "flags")` when both arguments are statically-known strings.
|
|
11
|
+
|
|
12
|
+
This rule intentionally skips dynamic patterns/flags it cannot resolve safely at lint time.
|
|
10
13
|
|
|
11
|
-
##
|
|
14
|
+
## What this rule reports
|
|
12
15
|
|
|
13
16
|
This rule analyzes regular expression literals and statically-resolvable `RegExp(...)` constructor calls using [`recheck`](https://www.npmjs.com/package/recheck).
|
|
14
17
|
|
|
15
|
-
Catastrophic backtracking can make an application spend excessive CPU time on crafted inputs. In server contexts, that can become an availability issue.
|
|
16
|
-
|
|
17
18
|
This rule reports patterns that `recheck` identifies as vulnerable with polynomial or exponential complexity.
|
|
18
19
|
|
|
19
|
-
##
|
|
20
|
-
|
|
21
|
-
This rule checks:
|
|
22
|
-
|
|
23
|
-
- `/(...)/flags` literals.
|
|
24
|
-
- `RegExp("...")` and `new RegExp("...", "flags")` when both arguments are statically-known strings.
|
|
20
|
+
## Why this rule exists
|
|
25
21
|
|
|
26
|
-
|
|
22
|
+
Catastrophic backtracking can make an application spend excessive CPU time on crafted inputs. In server contexts, that can become an availability issue.
|
|
27
23
|
|
|
28
24
|
## ❌ Incorrect
|
|
29
25
|
|
|
@@ -50,7 +46,7 @@ const source = getPatternFromConfig();
|
|
|
50
46
|
const maybeUnsafe = RegExp(source); // Dynamic value: intentionally not analyzed.
|
|
51
47
|
```
|
|
52
48
|
|
|
53
|
-
##
|
|
49
|
+
## Behavior and migration notes
|
|
54
50
|
|
|
55
51
|
```ts
|
|
56
52
|
type Options = [
|
|
@@ -94,17 +90,7 @@ For example, to allow polynomial but still report exponential:
|
|
|
94
90
|
}
|
|
95
91
|
```
|
|
96
92
|
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
- If your codebase never handles untrusted input with regexes.
|
|
100
|
-
- If lint-time regex analysis cost is unacceptable for your workflow.
|
|
101
|
-
- If you prefer running ReDoS scanning as a separate CI security step rather than as an ESLint rule.
|
|
102
|
-
|
|
103
|
-
## Further reading
|
|
104
|
-
|
|
105
|
-
- [OWASP: Regular expression Denial of Service (ReDoS)](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
|
|
106
|
-
- [`recheck` package](https://www.npmjs.com/package/recheck)
|
|
107
|
-
- [MDN: Regular expressions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions)
|
|
93
|
+
Original plugin source: [`eslint-plugin-redos-detector`](https://github.com/tjenkinson/eslint-plugin-redos-detector).
|
|
108
94
|
|
|
109
95
|
## ESLint flat config example
|
|
110
96
|
|
|
@@ -120,3 +106,15 @@ export default [
|
|
|
120
106
|
},
|
|
121
107
|
];
|
|
122
108
|
```
|
|
109
|
+
|
|
110
|
+
## When not to use it
|
|
111
|
+
|
|
112
|
+
- If your codebase never handles untrusted input with regexes.
|
|
113
|
+
- If lint-time regex analysis cost is unacceptable for your workflow.
|
|
114
|
+
- If you prefer running ReDoS scanning as a separate CI security step rather than as an ESLint rule.
|
|
115
|
+
|
|
116
|
+
## Further reading
|
|
117
|
+
|
|
118
|
+
- [OWASP: Regular expression Denial of Service (ReDoS)](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
|
|
119
|
+
- [`recheck` package](https://www.npmjs.com/package/recheck)
|
|
120
|
+
- [MDN: Regular expressions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions)
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://www.schemastore.org/package.json",
|
|
3
3
|
"name": "eslint-plugin-etc-misc",
|
|
4
|
-
"version": "1.1.
|
|
4
|
+
"version": "1.1.8",
|
|
5
5
|
"private": false,
|
|
6
6
|
"description": "ESLint Plugin combining eslint-plugin-etc and eslint-plugin-misc!",
|
|
7
7
|
"keywords": [
|
|
@@ -239,8 +239,8 @@
|
|
|
239
239
|
"cross-env": "^10.1.0",
|
|
240
240
|
"detect-secrets": "^1.0.6",
|
|
241
241
|
"esbuild": "^0.28.0",
|
|
242
|
-
"eslint": "^10.
|
|
243
|
-
"eslint-config-nick2bad4u": "^
|
|
242
|
+
"eslint": "^10.5.0",
|
|
243
|
+
"eslint-config-nick2bad4u": "^2.0.4",
|
|
244
244
|
"eslint-formatter-unix": "^9.0.1",
|
|
245
245
|
"fast-check": "^4.8.0",
|
|
246
246
|
"git-cliff": "^2.13.1",
|
|
@@ -283,10 +283,10 @@
|
|
|
283
283
|
"yamllint-js": "^0.2.4"
|
|
284
284
|
},
|
|
285
285
|
"peerDependencies": {
|
|
286
|
-
"eslint": "^9.0.0 || ^10.
|
|
286
|
+
"eslint": "^9.0.0 || ^10.5.0",
|
|
287
287
|
"typescript": ">=5.0.0"
|
|
288
288
|
},
|
|
289
|
-
"packageManager": "npm@11.
|
|
289
|
+
"packageManager": "npm@11.18.0",
|
|
290
290
|
"engines": {
|
|
291
291
|
"node": ">=20.19.0"
|
|
292
292
|
},
|