eslint-plugin-mongodb-security 8.0.0

package/src/rules/no-unsafe-query/index.js

@@ -0,0 +1,189 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noUnsafeQuery = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+// MongoDB/Mongoose query methods
+const QUERY_METHODS = [
+    'find',
+    'findOne',
+    'findById',
+    'findOneAndUpdate',
+    'findOneAndDelete',
+    'findOneAndReplace',
+    'findByIdAndUpdate',
+    'findByIdAndDelete',
+    'updateOne',
+    'updateMany',
+    'deleteOne',
+    'deleteMany',
+    'replaceOne',
+    'countDocuments',
+    'aggregate',
+];
+// Patterns that indicate user input
+const USER_INPUT_PATTERNS = [
+    'req.body',
+    'req.query',
+    'req.params',
+    'request.body',
+    'request.query',
+    'request.params',
+    'ctx.request.body',
+    'ctx.query',
+    'ctx.params',
+];
+/**
+ * Check if an expression contains potential user input
+ */
+function containsUserInput(node) {
+    const code = getNodeSource(node);
+    return USER_INPUT_PATTERNS.some((pattern) => code.includes(pattern));
+}
+/**
+ * Get source code representation of a node (simplified)
+ */
+function getNodeSource(node) {
+    if (node.type === eslint_devkit_1.AST_NODE_TYPES.Identifier) {
+        return node.name;
+    }
+    if (node.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression) {
+        const obj = getNodeSource(node.object);
+        const prop = node.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier
+            ? node.property.name
+            : '[computed]';
+        return `${obj}.${prop}`;
+    }
+    if (node.type === eslint_devkit_1.AST_NODE_TYPES.Literal) {
+        return String(node.value);
+    }
+    return '[expression]';
+}
+/**
+ * Check if a property value is potentially unsafe
+ */
+function isUnsafePropertyValue(node) {
+    // Direct identifier (variable) - potentially unsafe if from user input
+    if (node.type === eslint_devkit_1.AST_NODE_TYPES.Identifier) {
+        return true;
+    }
+    // Member expression like req.body.username
+    if (node.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression) {
+        return containsUserInput(node);
+    }
+    // Template literal - always unsafe for queries
+    if (node.type === eslint_devkit_1.AST_NODE_TYPES.TemplateLiteral) {
+        return node.expressions.length > 0;
+    }
+    // Binary expression (string concatenation)
+    if (node.type === eslint_devkit_1.AST_NODE_TYPES.BinaryExpression && node.operator === '+') {
+        return true;
+    }
+    return false;
+}
+exports.noUnsafeQuery = (0, eslint_devkit_1.createRule)({
+    name: 'no-unsafe-query',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent NoSQL injection via direct use of user input in MongoDB queries',
+        },
+        hasSuggestions: true,
+        messages: {
+            unsafeQuery: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'NoSQL Injection via Unsafe Query',
+                cwe: 'CWE-943',
+                owasp: 'A03:2021',
+                cvss: 9.8,
+                description: 'User input "{{input}}" is used directly in MongoDB query. Attackers can inject operators like { $ne: null } to bypass authentication.',
+                severity: 'CRITICAL',
+                fix: 'Wrap user input with explicit $eq operator: { field: { $eq: sanitize(value) } }',
+                documentationLink: 'https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection',
+            }),
+            suggestionUseEq: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use $eq Operator',
+                description: 'Wrap the value with { $eq: value } to prevent operator injection',
+                severity: 'LOW',
+                fix: 'Replace direct value with { $eq: sanitizedValue }',
+                documentationLink: 'https://www.mongodb.com/docs/manual/reference/operator/query/eq/',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInTests: { type: 'boolean', default: true },
+                    additionalMethods: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [{ allowInTests: true, additionalMethods: [] }],
+    create(context, [options = {}]) {
+        const { allowInTests = true, additionalMethods = [] } = options;
+        const filename = context.filename || context.getFilename();
+        const isTestFile = /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(filename);
+        if (allowInTests && isTestFile) {
+            return {};
+        }
+        const allMethods = [...QUERY_METHODS, ...additionalMethods];
+        return {
+            CallExpression(node) {
+                // Check if this is a MongoDB query method call
+                if (node.callee.type !== eslint_devkit_1.AST_NODE_TYPES.MemberExpression) {
+                    return;
+                }
+                const methodName = node.callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier
+                    ? node.callee.property.name
+                    : null;
+                if (!methodName || !allMethods.includes(methodName)) {
+                    return;
+                }
+                // Check first argument (the query object)
+                const queryArg = node.arguments[0];
+                if (!queryArg || queryArg.type !== eslint_devkit_1.AST_NODE_TYPES.ObjectExpression) {
+                    return;
+                }
+                // Check each property in the query object
+                for (const prop of queryArg.properties) {
+                    if (prop.type !== eslint_devkit_1.AST_NODE_TYPES.Property) {
+                        continue;
+                    }
+                    const value = prop.value;
+                    // Check if the value is potentially unsafe
+                    if (isUnsafePropertyValue(value)) {
+                        const inputSource = getNodeSource(value);
+                        // Only report if it looks like user input or is a potentially tainted variable
+                        if (containsUserInput(value) || value.type === eslint_devkit_1.AST_NODE_TYPES.Identifier) {
+                            context.report({
+                                node: prop,
+                                messageId: 'unsafeQuery',
+                                data: {
+                                    input: inputSource,
+                                },
+                                suggest: [
+                                    {
+                                        messageId: 'suggestionUseEq',
+                                        fix(fixer) {
+                                            const sourceCode = context.sourceCode || context.getSourceCode();
+                                            const valueText = sourceCode.getText(value);
+                                            return fixer.replaceText(value, `{ $eq: ${valueText} }`);
+                                        },
+                                    },
+                                ],
+                            });
+                        }
+                    }
+                }
+            },
+        };
+    },
+});
+exports.default = exports.noUnsafeQuery;
+//# sourceMappingURL=index.js.map

package/src/rules/no-unsafe-query/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/no-unsafe-query/index.ts"],"names":[],"mappings":";;;AASA,4DAKkC;AAalC,iCAAiC;AACjC,MAAM,aAAa,GAAG;IACpB,MAAM;IACN,SAAS;IACT,UAAU;IACV,kBAAkB;IAClB,kBAAkB;IAClB,mBAAmB;IACnB,mBAAmB;IACnB,mBAAmB;IACnB,WAAW;IACX,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,YAAY;IACZ,gBAAgB;IAChB,WAAW;CACZ,CAAC;AAEF,oCAAoC;AACpC,MAAM,mBAAmB,GAAG;IAC1B,UAAU;IACV,WAAW;IACX,YAAY;IACZ,cAAc;IACd,eAAe;IACf,gBAAgB;IAChB,kBAAkB;IAClB,WAAW;IACX,YAAY;CACb,CAAC;AAEF;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAmB;IAC5C,MAAM,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACjC,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAmB;IACxC,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,GACR,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;YAC9C,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;YACpB,CAAC,CAAC,YAAY,CAAC;QACnB,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAC1B,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,OAAO,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,IAAmB;IAChD,uEAAuE;IACvE,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2CAA2C;IAC3C,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,+CAA+C;IAC/C,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,eAAe,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,2CAA2C;IAC3C,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEY,QAAA,aAAa,GAAG,IAAA,0BAAU,EAA0B;IAC/D,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EACT,yEAAyE;SAC5E;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,WAAW,EAAE,IAAA,gCAAgB,EAAC;gBAC5B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,kCAAkC;gBAC7C,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EACT,uIAAuI;gBACzI,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,iFAAiF;gBACtF,iBAAiB,EACf,iKAAiK;aACpK,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,kEAAkE;gBAC/E,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EACf,kEAAkE;aACrE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;oBAChD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;qBACZ;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAC;IAC/D,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EAAE,YAAY,GAAG,IAAI,EAAE,iBAAiB,GAAG,EAAE,EAAE,GAAG,OAAkB,CAAC;QAC3E,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC3D,MAAM,UAAU,GAAG,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEpE,IAAI,YAAY,IAAI,UAAU,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,GAAG,aAAa,EAAE,GAAG,iBAAiB,CAAC,CAAC;QAE5D,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,+CAA+C;gBAC/C,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB,EAAE,CAAC;oBACzD,OAAO;gBACT,CAAC;gBAED,MAAM,UAAU,GACd,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oBACrD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI;oBAC3B,CAAC,CAAC,IAAI,CAAC;gBAEX,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACpD,OAAO;gBACT,CAAC;gBAED,0CAA0C;gBAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBACnC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBAED,0CAA0C;gBAC1C,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;oBACvC,IAAI,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,QAAQ,EAAE,CAAC;wBAC1C,SAAS;oBACX,CAAC;oBAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBAEzB,2CAA2C;oBAC3C,IAAI,qBAAqB,CAAC,KAAK,CAAC,EAAE,CAAC;wBACjC,MAAM,WAAW,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;wBAEzC,+EAA+E;wBAC/E,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU,EAAE,CAAC;4BACzE,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,aAAa;gCACxB,IAAI,EAAE;oCACJ,KAAK,EAAE,WAAW;iCACnB;gCACD,OAAO,EAAE;oCACP;wCACE,SAAS,EAAE,iBAAiB;wCAC5B,GAAG,CAAC,KAAyB;4CAC3B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;4CACjE,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;4CAC5C,OAAO,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,UAAU,SAAS,IAAI,CAAC,CAAC;wCAC3D,CAAC;qCACF;iCACF;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,kBAAe,qBAAa,CAAC"}

package/src/rules/no-unsafe-regex-query/index.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    allowInTests?: boolean;
+}
+export declare const noUnsafeRegexQuery: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+export default noUnsafeRegexQuery;

package/src/rules/no-unsafe-regex-query/index.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noUnsafeRegexQuery = void 0;
+/**
+ * ESLint Rule: no-unsafe-regex-query
+ * Detects ReDoS and injection via $regex operator
+ * CWE-400: Resource Exhaustion
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noUnsafeRegexQuery = (0, eslint_devkit_1.createRule)({
+    name: 'no-unsafe-regex-query',
+    meta: {
+        type: 'problem',
+        docs: { description: 'Prevent ReDoS attacks via $regex with user input' },
+        hasSuggestions: true,
+        messages: {
+            unsafeRegex: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'ReDoS via $regex',
+                cwe: 'CWE-400',
+                owasp: 'A03:2021',
+                cvss: 7.5,
+                description: 'User input in $regex can cause ReDoS or information disclosure',
+                severity: 'HIGH',
+                fix: 'Escape special regex characters and anchor patterns',
+                documentationLink: 'https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS',
+            }),
+        },
+        schema: [{ type: 'object', properties: { allowInTests: { type: 'boolean', default: true } }, additionalProperties: false }],
+    },
+    defaultOptions: [{ allowInTests: true }],
+    create() { return {}; },
+});
+exports.default = exports.noUnsafeRegexQuery;
+//# sourceMappingURL=index.js.map

package/src/rules/no-unsafe-regex-query/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/no-unsafe-regex-query/index.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,4DAAsF;AAMzE,QAAA,kBAAkB,GAAG,IAAA,0BAAU,EAA0B;IACpE,IAAI,EAAE,uBAAuB;IAC7B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,EAAE,WAAW,EAAE,kDAAkD,EAAE;QACzE,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,WAAW,EAAE,IAAA,gCAAgB,EAAC;gBAC5B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,kBAAkB;gBAC7B,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,gEAAgE;gBAC7E,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;SACH;QACD,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;KAC5H;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,kBAAe,0BAAkB,CAAC"}

package/src/rules/no-unsafe-where/index.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    allowInTests?: boolean;
+}
+export declare const noUnsafeWhere: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+export default noUnsafeWhere;

package/src/rules/no-unsafe-where/index.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noUnsafeWhere = void 0;
+/**
+ * ESLint Rule: no-unsafe-where
+ * Detects dangerous $where operator usage (CVE-2025-23061, CVE-2024-53900)
+ * CWE-943: NoSQL Injection
+ *
+ * @see https://nvd.nist.gov/vuln/detail/CVE-2025-23061
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noUnsafeWhere = (0, eslint_devkit_1.createRule)({
+    name: 'no-unsafe-where',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent $where operator RCE attacks (CVE-2025-23061)',
+        },
+        hasSuggestions: true,
+        messages: {
+            unsafeWhere: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: '$where Operator RCE',
+                cwe: 'CWE-943',
+                owasp: 'A01:2021',
+                cvss: 9.0,
+                description: 'The $where operator executes JavaScript and enables Remote Code Execution',
+                severity: 'CRITICAL',
+                fix: 'Remove $where and use standard query operators like $eq, $in, $regex',
+                documentationLink: 'https://nvd.nist.gov/vuln/detail/CVE-2025-23061',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInTests: { type: 'boolean', default: true },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [{ allowInTests: true }],
+    create() {
+        // TODO: Implement rule logic
+        return {};
+    },
+});
+exports.default = exports.noUnsafeWhere;
+//# sourceMappingURL=index.js.map

package/src/rules/no-unsafe-where/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/no-unsafe-where/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;GAMG;AACH,4DAIkC;AAUrB,QAAA,aAAa,GAAG,IAAA,0BAAU,EAA0B;IAC/D,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,sDAAsD;SACpE;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,WAAW,EAAE,IAAA,gCAAgB,EAAC;gBAC5B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,2EAA2E;gBACxF,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,sEAAsE;gBAC3E,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;iBACjD;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACxC,MAAM;QACJ,6BAA6B;QAC7B,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC,CAAC;AAEH,kBAAe,qBAAa,CAAC"}

package/src/rules/require-auth-mechanism/index.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    allowInTests?: boolean;
+}
+export declare const requireAuthMechanism: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+export default requireAuthMechanism;

package/src/rules/require-auth-mechanism/index.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireAuthMechanism = void 0;
+/**
+ * ESLint Rule: require-auth-mechanism
+ * Requires explicit authentication mechanism
+ * CWE-287: Improper Authentication
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireAuthMechanism = (0, eslint_devkit_1.createRule)({
+    name: 'require-auth-mechanism',
+    meta: {
+        type: 'suggestion',
+        docs: { description: 'Require explicit authentication mechanism (SCRAM-SHA-256)' },
+        hasSuggestions: true,
+        messages: {
+            requireAuthMechanism: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Implicit Auth Mechanism',
+                cwe: 'CWE-287',
+                owasp: 'A07:2021',
+                cvss: 6.5,
+                description: 'MongoDB connection uses default authentication mechanism',
+                severity: 'MEDIUM',
+                fix: 'Add { authMechanism: "SCRAM-SHA-256" } to connection options',
+                documentationLink: 'https://www.mongodb.com/docs/manual/core/authentication/',
+            }),
+        },
+        schema: [{ type: 'object', properties: { allowInTests: { type: 'boolean', default: true } }, additionalProperties: false }],
+    },
+    defaultOptions: [{ allowInTests: true }],
+    create() { return {}; },
+});
+exports.default = exports.requireAuthMechanism;
+//# sourceMappingURL=index.js.map

package/src/rules/require-auth-mechanism/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/require-auth-mechanism/index.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,4DAAsF;AAMzE,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,EAAE,WAAW,EAAE,2DAA2D,EAAE;QAClF,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,0DAA0D;gBACvE,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,8DAA8D;gBACnE,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;SACH;QACD,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;KAC5H;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,kBAAe,4BAAoB,CAAC"}

package/src/rules/require-lean-queries/index.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    allowInTests?: boolean;
+}
+export declare const requireLeanQueries: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+export default requireLeanQueries;

package/src/rules/require-lean-queries/index.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireLeanQueries = void 0;
+/**
+ * ESLint Rule: require-lean-queries
+ * Suggests .lean() for read-only queries
+ * CWE-400: Resource Exhaustion
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireLeanQueries = (0, eslint_devkit_1.createRule)({
+    name: 'require-lean-queries',
+    meta: {
+        type: 'suggestion',
+        docs: { description: 'Suggest .lean() for read-only Mongoose queries' },
+        hasSuggestions: true,
+        messages: {
+            useLean: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Consider Using .lean()',
+                cwe: 'CWE-400',
+                owasp: 'A04:2021',
+                cvss: 4.3,
+                description: 'Full Mongoose documents use more memory than plain objects',
+                severity: 'LOW',
+                fix: 'Add .lean() for read-only queries to improve performance',
+                documentationLink: 'https://mongoosejs.com/docs/tutorials/lean.html',
+            }),
+        },
+        schema: [{ type: 'object', properties: { allowInTests: { type: 'boolean', default: true } }, additionalProperties: false }],
+    },
+    defaultOptions: [{ allowInTests: true }],
+    create() { return {}; },
+});
+exports.default = exports.requireLeanQueries;
+//# sourceMappingURL=index.js.map

package/src/rules/require-lean-queries/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/require-lean-queries/index.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,4DAAsF;AAMzE,QAAA,kBAAkB,GAAG,IAAA,0BAAU,EAA0B;IACpE,IAAI,EAAE,sBAAsB;IAC5B,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,EAAE,WAAW,EAAE,gDAAgD,EAAE;QACvE,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,OAAO,EAAE,IAAA,gCAAgB,EAAC;gBACxB,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,4DAA4D;gBACzE,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0DAA0D;gBAC/D,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;KAC5H;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,kBAAe,0BAAkB,CAAC"}

package/src/rules/require-projection/index.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    allowInTests?: boolean;
+}
+export declare const requireProjection: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+export default requireProjection;

package/src/rules/require-projection/index.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireProjection = void 0;
+/**
+ * ESLint Rule: require-projection
+ * Requires field projection on queries
+ * CWE-200: Information Exposure
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireProjection = (0, eslint_devkit_1.createRule)({
+    name: 'require-projection',
+    meta: {
+        type: 'suggestion',
+        docs: { description: 'Require field projection on MongoDB queries' },
+        hasSuggestions: true,
+        messages: {
+            requireProjection: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Missing Projection',
+                cwe: 'CWE-200',
+                owasp: 'A01:2021',
+                cvss: 3.7,
+                description: 'Query returns all fields without projection',
+                severity: 'LOW',
+                fix: 'Add projection to select only required fields',
+                documentationLink: 'https://www.mongodb.com/docs/manual/tutorial/project-fields-from-query-results/',
+            }),
+        },
+        schema: [{ type: 'object', properties: { allowInTests: { type: 'boolean', default: true } }, additionalProperties: false }],
+    },
+    defaultOptions: [{ allowInTests: true }],
+    create() { return {}; },
+});
+exports.default = exports.requireProjection;
+//# sourceMappingURL=index.js.map

package/src/rules/require-projection/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/require-projection/index.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,4DAAsF;AAMzE,QAAA,iBAAiB,GAAG,IAAA,0BAAU,EAA0B;IACnE,IAAI,EAAE,oBAAoB;IAC1B,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,EAAE,WAAW,EAAE,6CAA6C,EAAE;QACpE,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,iFAAiF;aACrG,CAAC;SACH;QACD,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;KAC5H;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,kBAAe,yBAAiB,CAAC"}

package/src/rules/require-schema-validation/index.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    allowInTests?: boolean;
+}
+export declare const requireSchemaValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+export default requireSchemaValidation;

package/src/rules/require-schema-validation/index.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSchemaValidation = void 0;
+/**
+ * ESLint Rule: require-schema-validation
+ * Requires Mongoose schema validation
+ * CWE-20: Improper Input Validation
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireSchemaValidation = (0, eslint_devkit_1.createRule)({
+    name: 'require-schema-validation',
+    meta: {
+        type: 'suggestion',
+        docs: { description: 'Require validation on Mongoose schema fields' },
+        hasSuggestions: true,
+        messages: {
+            requireSchemaValidation: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Missing Schema Validation',
+                cwe: 'CWE-20',
+                owasp: 'A04:2021',
+                cvss: 6.1,
+                description: 'Mongoose schema field lacks validation',
+                severity: 'MEDIUM',
+                fix: 'Add required, validate, or enum options to schema field',
+                documentationLink: 'https://mongoosejs.com/docs/validation.html',
+            }),
+        },
+        schema: [{ type: 'object', properties: { allowInTests: { type: 'boolean', default: true } }, additionalProperties: false }],
+    },
+    defaultOptions: [{ allowInTests: true }],
+    create() { return {}; },
+});
+exports.default = exports.requireSchemaValidation;
+//# sourceMappingURL=index.js.map

package/src/rules/require-schema-validation/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/require-schema-validation/index.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,4DAAsF;AAMzE,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,EAAE,WAAW,EAAE,8CAA8C,EAAE;QACrE,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,2BAA2B;gBACtC,GAAG,EAAE,QAAQ;gBACb,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,yDAAyD;gBAC9D,iBAAiB,EAAE,6CAA6C;aACjE,CAAC;SACH;QACD,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;KAC5H;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,kBAAe,+BAAuB,CAAC"}

package/src/rules/require-tls-connection/index.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    allowInTests?: boolean;
+}
+export declare const requireTlsConnection: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+export default requireTlsConnection;

package/src/rules/require-tls-connection/index.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireTlsConnection = void 0;
+/**
+ * ESLint Rule: require-tls-connection
+ * Requires TLS for MongoDB connections
+ * CWE-295: Improper Certificate Validation
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireTlsConnection = (0, eslint_devkit_1.createRule)({
+    name: 'require-tls-connection',
+    meta: {
+        type: 'problem',
+        docs: { description: 'Require TLS for MongoDB connections in production' },
+        hasSuggestions: true,
+        messages: {
+            requireTls: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Missing TLS Connection',
+                cwe: 'CWE-295',
+                owasp: 'A02:2021',
+                cvss: 7.4,
+                description: 'MongoDB connection is not using TLS encryption',
+                severity: 'HIGH',
+                fix: 'Add { tls: true } to connection options',
+                documentationLink: 'https://www.mongodb.com/docs/manual/tutorial/configure-ssl/',
+            }),
+        },
+        schema: [{ type: 'object', properties: { allowInTests: { type: 'boolean', default: true } }, additionalProperties: false }],
+    },
+    defaultOptions: [{ allowInTests: true }],
+    create() { return {}; },
+});
+exports.default = exports.requireTlsConnection;
+//# sourceMappingURL=index.js.map

package/src/rules/require-tls-connection/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-mongodb-security/src/rules/require-tls-connection/index.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,4DAAsF;AAMzE,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,EAAE,WAAW,EAAE,mDAAmD,EAAE;QAC1E,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,UAAU,EAAE,IAAA,gCAAgB,EAAC;gBAC3B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,yCAAyC;gBAC9C,iBAAiB,EAAE,6DAA6D;aACjF,CAAC;SACH;QACD,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;KAC5H;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,kBAAe,4BAAoB,CAAC"}

package/src/types/index.d.ts

@@ -0,0 +1,48 @@
+/**
+ * eslint-plugin-mongodb-security Type Exports
+ *
+ * Barrel file that exports all MongoDB security rule Options types.
+ *
+ * Usage:
+ * ```typescript
+ * import type { NoUnsafeQueryOptions } from 'eslint-plugin-mongodb-security/types';
+ * ```
+ */
+import type { Options as NoUnsafeQueryOptions } from '../rules/no-unsafe-query';
+import type { Options as NoOperatorInjectionOptions } from '../rules/no-operator-injection';
+import type { Options as NoUnsafeWhereOptions } from '../rules/no-unsafe-where';
+import type { Options as NoUnsafeRegexQueryOptions } from '../rules/no-unsafe-regex-query';
+import type { Options as NoHardcodedConnectionStringOptions } from '../rules/no-hardcoded-connection-string';
+import type { Options as NoHardcodedCredentialsOptions } from '../rules/no-hardcoded-credentials';
+import type { Options as RequireTlsConnectionOptions } from '../rules/require-tls-connection';
+import type { Options as RequireAuthMechanismOptions } from '../rules/require-auth-mechanism';
+import type { Options as RequireSchemaValidationOptions } from '../rules/require-schema-validation';
+import type { Options as NoSelectSensitiveFieldsOptions } from '../rules/no-select-sensitive-fields';
+import type { Options as NoBypassMiddlewareOptions } from '../rules/no-bypass-middleware';
+import type { Options as NoUnsafePopulateOptions } from '../rules/no-unsafe-populate';
+import type { Options as NoUnboundedFindOptions } from '../rules/no-unbounded-find';
+import type { Options as RequireProjectionOptions } from '../rules/require-projection';
+import type { Options as RequireLeanQueriesOptions } from '../rules/require-lean-queries';
+import type { Options as NoDebugModeProductionOptions } from '../rules/no-debug-mode-production';
+export type { NoUnsafeQueryOptions, NoOperatorInjectionOptions, NoUnsafeWhereOptions, NoUnsafeRegexQueryOptions, NoHardcodedConnectionStringOptions, NoHardcodedCredentialsOptions, RequireTlsConnectionOptions, RequireAuthMechanismOptions, RequireSchemaValidationOptions, NoSelectSensitiveFieldsOptions, NoBypassMiddlewareOptions, NoUnsafePopulateOptions, NoUnboundedFindOptions, RequireProjectionOptions, RequireLeanQueriesOptions, NoDebugModeProductionOptions, };
+/**
+ * Combined type for all MongoDB security rule options
+ */
+export type AllMongoDBSecurityRulesOptions = {
+    'no-unsafe-query'?: NoUnsafeQueryOptions;
+    'no-operator-injection'?: NoOperatorInjectionOptions;
+    'no-unsafe-where'?: NoUnsafeWhereOptions;
+    'no-unsafe-regex-query'?: NoUnsafeRegexQueryOptions;
+    'no-hardcoded-connection-string'?: NoHardcodedConnectionStringOptions;
+    'no-hardcoded-credentials'?: NoHardcodedCredentialsOptions;
+    'require-tls-connection'?: RequireTlsConnectionOptions;
+    'require-auth-mechanism'?: RequireAuthMechanismOptions;
+    'require-schema-validation'?: RequireSchemaValidationOptions;
+    'no-select-sensitive-fields'?: NoSelectSensitiveFieldsOptions;
+    'no-bypass-middleware'?: NoBypassMiddlewareOptions;
+    'no-unsafe-populate'?: NoUnsafePopulateOptions;
+    'no-unbounded-find'?: NoUnboundedFindOptions;
+    'require-projection'?: RequireProjectionOptions;
+    'require-lean-queries'?: RequireLeanQueriesOptions;
+    'no-debug-mode-production'?: NoDebugModeProductionOptions;
+};

package/src/types/index.js

@@ -0,0 +1,13 @@
+"use strict";
+/**
+ * eslint-plugin-mongodb-security Type Exports
+ *
+ * Barrel file that exports all MongoDB security rule Options types.
+ *
+ * Usage:
+ * ```typescript
+ * import type { NoUnsafeQueryOptions } from 'eslint-plugin-mongodb-security/types';
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=index.js.map

package/src/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/eslint-plugin-mongodb-security/src/types/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG"}