eslint-plugin-node-security 4.0.0

package/src/rules/no-cryptojs/index.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: no-cryptojs
+ * Warns on usage of deprecated crypto-js library
+ * CWE-1104: Use of Unmaintained Third Party Components
+ *
+ * crypto-js is not maintained since 2022 and recommends using native crypto
+ * @see https://www.npmjs.com/package/crypto-js
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'deprecatedCryptojs' | 'useNativeCrypto' | 'useWebCrypto';
+export interface Options {
+    /** Severity level. Default: 'warn' */
+    severity?: 'error' | 'warn';
+}
+type RuleOptions = [Options?];
+export declare const noCryptojs: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
+export type { Options as NoCryptojsOptions };

package/src/rules/no-cryptojs/index.js

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noCryptojs = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noCryptojs = (0, eslint_devkit_1.createRule)({
+    name: 'no-cryptojs',
+    meta: {
+        type: 'suggestion',
+        docs: {
+            description: 'Disallow deprecated crypto-js library (use native crypto instead)',
+        },
+        hasSuggestions: true,
+        messages: {
+            deprecatedCryptojs: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.WARNING,
+                issueName: 'Deprecated crypto-js library',
+                cwe: 'CWE-1104',
+                description: 'crypto-js is no longer maintained (last update: 2022). Future vulnerabilities will not be patched.',
+                severity: 'MEDIUM',
+                fix: 'Migrate to native Node.js crypto module or Web Crypto API',
+                documentationLink: 'https://nodejs.org/api/crypto.html',
+            }),
+            useNativeCrypto: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use Node.js crypto',
+                description: 'Node.js crypto module is maintained by the Node.js core team',
+                severity: 'LOW',
+                fix: 'import crypto from "node:crypto"',
+                documentationLink: 'https://nodejs.org/api/crypto.html',
+            }),
+            useWebCrypto: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use Web Crypto API',
+                description: 'Web Crypto API works in browsers and Node.js',
+                severity: 'LOW',
+                fix: 'globalThis.crypto.subtle',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    severity: {
+                        type: 'string',
+                        enum: ['error', 'warn'],
+                        default: 'warn',
+                        description: 'Severity level for the rule',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            severity: 'warn',
+        },
+    ],
+    create(context) {
+        function reportDeprecatedLibrary(node) {
+            context.report({
+                node,
+                messageId: 'deprecatedCryptojs',
+                suggest: [
+                    {
+                        messageId: 'useNativeCrypto',
+                        fix: () => null, // Complex migration
+                    },
+                    {
+                        messageId: 'useWebCrypto',
+                        fix: () => null, // Complex migration
+                    },
+                ],
+            });
+        }
+        return {
+            // import CryptoJS from 'crypto-js'
+            ImportDeclaration(node) {
+                if (typeof node.source.value === 'string' &&
+                    (node.source.value === 'crypto-js' || node.source.value.startsWith('crypto-js/'))) {
+                    reportDeprecatedLibrary(node);
+                }
+            },
+            // const CryptoJS = require('crypto-js')
+            CallExpression(node) {
+                if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                    node.callee.name === 'require' &&
+                    node.arguments.length === 1 &&
+                    node.arguments[0].type === eslint_devkit_1.AST_NODE_TYPES.Literal &&
+                    typeof node.arguments[0].value === 'string' &&
+                    (node.arguments[0].value === 'crypto-js' || node.arguments[0].value.startsWith('crypto-js/'))) {
+                    reportDeprecatedLibrary(node);
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-cryptojs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-node-security/src/rules/no-cryptojs/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAWH,4DAAsG;AAczF,QAAA,UAAU,GAAG,IAAA,0BAAU,EAA0B;IAC5D,IAAI,EAAE,aAAa;IACnB,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE;YACJ,WAAW,EAAE,mEAAmE;SACjF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,8BAA8B;gBACzC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,oGAAoG;gBACjH,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,2DAA2D;gBAChE,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,WAAW,EAAE,8DAA8D;gBAC3E,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,WAAW,EAAE,8CAA8C;gBAC3D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0BAA0B;gBAC/B,iBAAiB,EAAE,iEAAiE;aACrF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;wBACvB,OAAO,EAAE,MAAM;wBACf,WAAW,EAAE,6BAA6B;qBAC3C;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,QAAQ,EAAE,MAAM;SACjB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,SAAS,uBAAuB,CAAC,IAAmB;YAClD,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,oBAAoB;gBAC/B,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,iBAAiB;wBAC5B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,oBAAoB;qBACtC;oBACD;wBACE,SAAS,EAAE,cAAc;wBACzB,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,oBAAoB;qBACtC;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,mCAAmC;YACnC,iBAAiB,CAAC,IAAgC;gBAChD,IACE,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,KAAK,QAAQ;oBACrC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,KAAK,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,EACjF,CAAC;oBACD,uBAAuB,CAAC,IAAI,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,cAAc,CAAC,IAA6B;gBAC1C,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oBAC9C,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;oBAC9B,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;oBAC3B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,8BAAc,CAAC,OAAO;oBACjD,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ;oBAC3C,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,EAC7F,CAAC;oBACD,uBAAuB,CAAC,IAAI,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-cryptojs-weak-random/index.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: no-cryptojs-weak-random
+ * Detects crypto-js WordArray.random() which was insecure pre-3.2.1
+ * CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator
+ *
+ * CVE-2020-36732: crypto-js < 3.2.1 used Math.random() for crypto operations
+ * @see https://nvd.nist.gov/vuln/detail/CVE-2020-36732
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'weakRandom' | 'useNativeRandom';
+export interface Options {
+    /** Allow in test files. Default: false */
+    allowInTests?: boolean;
+}
+type RuleOptions = [Options?];
+export declare const noCryptojsWeakRandom: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
+export type { Options as NoCryptojsWeakRandomOptions };

package/src/rules/no-cryptojs-weak-random/index.js

@@ -0,0 +1,112 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noCryptojsWeakRandom = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noCryptojsWeakRandom = (0, eslint_devkit_1.createRule)({
+    name: 'no-cryptojs-weak-random',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Disallow crypto-js WordArray.random() (CVE-2020-36732)',
+        },
+        hasSuggestions: true,
+        messages: {
+            weakRandom: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Weak random in crypto-js',
+                cwe: 'CWE-338',
+                description: 'CryptoJS.lib.WordArray.random() was insecure in versions < 3.2.1 (CVE-2020-36732). Used Math.random() instead of CSPRNG.',
+                severity: 'CRITICAL',
+                fix: 'Use crypto.randomBytes() from Node.js or crypto.getRandomValues() in browsers',
+                documentationLink: 'https://nvd.nist.gov/vuln/detail/CVE-2020-36732',
+            }),
+            useNativeRandom: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use native randomBytes',
+                description: 'Use cryptographically secure random from native crypto',
+                severity: 'LOW',
+                fix: 'crypto.randomBytes(32)',
+                documentationLink: 'https://nodejs.org/api/crypto.html#cryptorandombytessize-callback',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInTests: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Allow in test files',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            allowInTests: false,
+        },
+    ],
+    create(context, [options = {}]) {
+        const { allowInTests = false } = options;
+        const filename = context.filename;
+        const isTestFile = allowInTests && /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(filename);
+        function checkCallExpression(node) {
+            if (isTestFile)
+                return;
+            // Check for CryptoJS.lib.WordArray.random()
+            // or WordArray.random()
+            if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression) {
+                const callee = node.callee;
+                // Check for .random() method
+                if (callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                    callee.property.name === 'random') {
+                    // Check if it's on WordArray
+                    if (callee.object.type === eslint_devkit_1.AST_NODE_TYPES.Identifier && callee.object.name === 'WordArray') {
+                        reportWeakRandom(node);
+                        return;
+                    }
+                    // Check for CryptoJS.lib.WordArray.random()
+                    if (callee.object.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression) {
+                        const innerObj = callee.object;
+                        if (innerObj.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                            innerObj.property.name === 'WordArray') {
+                            reportWeakRandom(node);
+                            return;
+                        }
+                    }
+                }
+            }
+            // Check for CryptoJS.random or similar patterns
+            if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
+                node.callee.object.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                node.callee.object.name === 'CryptoJS' &&
+                node.callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                node.callee.property.name === 'random') {
+                reportWeakRandom(node);
+            }
+        }
+        function reportWeakRandom(node) {
+            context.report({
+                node,
+                messageId: 'weakRandom',
+                suggest: [
+                    {
+                        messageId: 'useNativeRandom',
+                        fix: () => null, // Complex refactoring
+                    },
+                ],
+            });
+        }
+        return {
+            CallExpression: checkCallExpression,
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-cryptojs-weak-random/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-node-security/src/rules/no-cryptojs-weak-random/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAWH,4DAAsG;AAazF,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,wDAAwD;SACtE;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,UAAU,EAAE,IAAA,gCAAgB,EAAC;gBAC3B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,0HAA0H;gBACvI,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,+EAA+E;gBACpF,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,wDAAwD;gBACrE,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,wBAAwB;gBAC7B,iBAAiB,EAAE,mEAAmE;aACvF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,qBAAqB;qBACnC;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;SACpB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EAAE,YAAY,GAAG,KAAK,EAAE,GAAG,OAAkB,CAAC;QAEpD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEpF,SAAS,mBAAmB,CAAC,IAA6B;YACxD,IAAI,UAAU;gBAAE,OAAO;YAEvB,4CAA4C;YAC5C,wBAAwB;YACxB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB,EAAE,CAAC;gBACzD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,6BAA6B;gBAC7B,IACE,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oBAClD,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EACjC,CAAC;oBACD,6BAA6B;oBAC7B,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;wBAC3F,gBAAgB,CAAC,IAAI,CAAC,CAAC;wBACvB,OAAO;oBACT,CAAC;oBAED,4CAA4C;oBAC5C,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB,EAAE,CAAC;wBAC3D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;wBAC/B,IACE,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;4BACpD,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EACtC,CAAC;4BACD,gBAAgB,CAAC,IAAI,CAAC,CAAC;4BACvB,OAAO;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB;gBACpD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;gBACrD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU;gBACtC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;gBACvD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EACtC,CAAC;gBACD,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,SAAS,gBAAgB,CAAC,IAA6B;YACrD,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,YAAY;gBACvB,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,iBAAiB;wBAC5B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,sBAAsB;qBACxC;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,cAAc,EAAE,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-data-in-temp-storage/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+export interface Options {
+    tempPaths?: string[];
+    ignoreFiles?: string[];
+}
+type RuleOptions = [Options?];
+export declare const noDataInTempStorage: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/no-data-in-temp-storage/index.js

@@ -0,0 +1,99 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDataInTempStorage = void 0;
+/**
+ * @fileoverview Prevent sensitive data in temp directories
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const DEFAULT_TEMP_PATHS = ['/tmp', '/var/tmp', 'temp/', '/temp'];
+exports.noDataInTempStorage = (0, eslint_devkit_1.createRule)({
+    name: 'no-data-in-temp-storage',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent sensitive data in temp directories',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Temp Storage Data',
+                cwe: 'CWE-312',
+                description: 'Sensitive data written to temp directory - not secure',
+                severity: 'HIGH',
+                fix: 'Use secure storage location or encrypt data before writing',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/312.html',
+            })
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    tempPaths: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        description: 'Custom list of temporary paths to flag'
+                    },
+                    ignoreFiles: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        description: 'List of files or patterns to ignore'
+                    }
+                },
+                additionalProperties: false
+            }
+        ],
+    },
+    defaultOptions: [{}],
+    create(context) {
+        const options = context.options[0] || {};
+        const tempPaths = options.tempPaths || DEFAULT_TEMP_PATHS;
+        const ignoreFiles = options.ignoreFiles || [];
+        const filename = context.filename;
+        if (ignoreFiles.some(pattern => filename.includes(pattern))) {
+            return {};
+        }
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            CallExpression(node) {
+                // Detect fs.writeFileSync or fs.writeFile with temp path
+                if (node.callee.type === 'MemberExpression' &&
+                    node.callee.object.type === 'Identifier' &&
+                    node.callee.object.name === 'fs' &&
+                    node.callee.property.type === 'Identifier' &&
+                    ['writeFileSync', 'writeFile'].includes(node.callee.property.name)) {
+                    const pathArg = node.arguments[0];
+                    if (pathArg && pathArg.type === 'Literal' && typeof pathArg.value === 'string') {
+                        if (tempPaths.some(tp => pathArg.value.includes(tp))) {
+                            report(pathArg);
+                        }
+                    }
+                }
+            },
+            Literal(node) {
+                // Detect temp path literals
+                if (typeof node.value === 'string') {
+                    if (tempPaths.some(tp => node.value.includes(tp))) {
+                        // Only flag if parent is assignment or variable declaration
+                        const parent = node.parent;
+                        if (parent?.type === 'VariableDeclarator' || parent?.type === 'AssignmentExpression') {
+                            // Avoid double reporting if it's already handled by CallExpression
+                            if (parent.type === 'VariableDeclarator' || parent.type === 'AssignmentExpression') {
+                                // Check if it's the first argument of an fs call which is handled above
+                                // Actually the Literal listener here catches it regardless of being in fs call or not if it's in a VariableDeclarator
+                            }
+                            report(node);
+                        }
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-data-in-temp-storage/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-node-security/src/rules/no-data-in-temp-storage/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH;;GAEG;AAEH,4DAAsF;AAYtF,MAAM,kBAAkB,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAErD,QAAA,mBAAmB,GAAG,IAAA,0BAAU,EAA0B;IACrE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,4CAA4C;SAC1D;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,mBAAmB;gBAC9B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,uDAAuD;gBACpE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,4DAA4D;gBACjE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE;wBACT,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,WAAW,EAAE,wCAAwC;qBACtD;oBACD,WAAW,EAAE;wBACX,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,WAAW,EAAE,qCAAqC;qBACnD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE,CAAC,EAAE,CAAC;IACpB,MAAM,CAAC,OAAO;QACZ,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;QAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAElC,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAC5D,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,yDAAyD;gBACzD,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACxC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI;oBAChC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBAC1C,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAEvE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oBAClC,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBAC/E,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;4BACrD,MAAM,CAAC,OAAO,CAAC,CAAC;wBAClB,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,CAAC,IAAsB;gBAC5B,4BAA4B;gBAC5B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACnC,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;wBAClD,4DAA4D;wBAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;wBAC3B,IAAI,MAAM,EAAE,IAAI,KAAK,oBAAoB,IAAI,MAAM,EAAE,IAAI,KAAK,sBAAsB,EAAE,CAAC;4BACrF,mEAAmE;4BACnE,IAAI,MAAM,CAAC,IAAI,KAAK,oBAAoB,IAAI,MAAM,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;gCAClF,wEAAwE;gCACxE,sHAAsH;4BACzH,CAAC;4BACD,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-deprecated-cipher-method/index.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: no-deprecated-cipher-method
+ * Detects use of deprecated crypto.createCipher/createDecipher methods
+ * CWE-327: These methods don't use IV, making encryption deterministic
+ *
+ * @see https://nodejs.org/api/crypto.html#cryptocreatecipheralgorithm-password-options
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'deprecatedCipherMethod' | 'useCipheriv';
+export interface Options {
+    /** Allow deprecated methods in test files. Default: false */
+    allowInTests?: boolean;
+}
+type RuleOptions = [Options?];
+export declare const noDeprecatedCipherMethod: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
+export type { Options as NoDeprecatedCipherMethodOptions };

package/src/rules/no-deprecated-cipher-method/index.js

@@ -0,0 +1,118 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDeprecatedCipherMethod = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const DEPRECATED_METHODS = new Set(['createCipher', 'createDecipher']);
+exports.noDeprecatedCipherMethod = (0, eslint_devkit_1.createRule)({
+    name: 'no-deprecated-cipher-method',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Disallow deprecated crypto.createCipher/createDecipher methods (use createCipheriv/createDecipheriv instead)',
+        },
+        hasSuggestions: true,
+        messages: {
+            deprecatedCipherMethod: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Deprecated cipher method',
+                cwe: 'CWE-327',
+                description: 'crypto.{{method}}() is deprecated. It derives key from password without salt and uses no IV, making encryption deterministic and vulnerable.',
+                severity: 'HIGH',
+                fix: 'Use crypto.{{replacement}}() with explicit key and random IV',
+                documentationLink: 'https://nodejs.org/api/crypto.html#cryptocreatecipherivalgorithm-key-iv-options',
+            }),
+            useCipheriv: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use createCipheriv',
+                description: 'Use createCipheriv with explicit key derivation and random IV',
+                severity: 'LOW',
+                fix: 'const key = crypto.scryptSync(password, salt, 32);\nconst iv = crypto.randomBytes(16);\nconst cipher = crypto.createCipheriv(algorithm, key, iv);',
+                documentationLink: 'https://nodejs.org/api/crypto.html#cryptocreatecipherivalgorithm-key-iv-options',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInTests: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Allow deprecated methods in test files',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            allowInTests: false,
+        },
+    ],
+    create(context, [options = {}]) {
+        const { allowInTests = false } = options;
+        const filename = context.filename;
+        const isTestFile = allowInTests && /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(filename);
+        function checkCallExpression(node) {
+            if (isTestFile)
+                return;
+            // Check for crypto.createCipher() or crypto.createDecipher()
+            if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
+                node.callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                DEPRECATED_METHODS.has(node.callee.property.name)) {
+                // Capture narrowed type before callback (TypeScript loses narrowing in closures)
+                const callee = node.callee;
+                const propertyNode = callee.property;
+                const methodName = propertyNode.name;
+                const replacementName = methodName === 'createCipher' ? 'createCipheriv' : 'createDecipheriv';
+                context.report({
+                    node: propertyNode,
+                    messageId: 'deprecatedCipherMethod',
+                    data: {
+                        method: methodName,
+                        replacement: replacementName,
+                    },
+                    suggest: [
+                        {
+                            messageId: 'useCipheriv',
+                            fix: (fixer) => {
+                                return fixer.replaceText(propertyNode, replacementName);
+                            },
+                        },
+                    ],
+                });
+            }
+            // Check for standalone createCipher() / createDecipher()
+            if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                DEPRECATED_METHODS.has(node.callee.name)) {
+                const methodName = node.callee.name;
+                const replacementName = methodName === 'createCipher' ? 'createCipheriv' : 'createDecipheriv';
+                context.report({
+                    node: node.callee,
+                    messageId: 'deprecatedCipherMethod',
+                    data: {
+                        method: methodName,
+                        replacement: replacementName,
+                    },
+                    suggest: [
+                        {
+                            messageId: 'useCipheriv',
+                            fix: (fixer) => {
+                                return fixer.replaceText(node.callee, replacementName);
+                            },
+                        },
+                    ],
+                });
+            }
+        }
+        return {
+            CallExpression: checkCallExpression,
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-deprecated-cipher-method/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-node-security/src/rules/no-deprecated-cipher-method/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAUH,4DAAsG;AAatG,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAE1D,QAAA,wBAAwB,GAAG,IAAA,0BAAU,EAA0B;IAC1E,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,8GAA8G;SAC5H;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,8IAA8I;gBAC3J,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,8DAA8D;gBACnE,iBAAiB,EAAE,iFAAiF;aACrG,CAAC;YACF,WAAW,EAAE,IAAA,gCAAgB,EAAC;gBAC5B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,WAAW,EAAE,+DAA+D;gBAC5E,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mJAAmJ;gBACxJ,iBAAiB,EAAE,iFAAiF;aACrG,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,wCAAwC;qBACtD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;SACpB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EAAE,YAAY,GAAG,KAAK,EAAE,GAAG,OAAkB,CAAC;QAEpD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEpF,SAAS,mBAAmB,CAAC,IAA6B;YACxD,IAAI,UAAU;gBAAE,OAAO;YAEvB,6DAA6D;YAC7D,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB;gBACpD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;gBACvD,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EACjD,CAAC;gBACD,iFAAiF;gBACjF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAC3B,MAAM,YAAY,GAAG,MAAM,CAAC,QAA+B,CAAC;gBAC5D,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC;gBACrC,MAAM,eAAe,GAAG,UAAU,KAAK,cAAc,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,kBAAkB,CAAC;gBAE9F,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,YAAY;oBAClB,SAAS,EAAE,wBAAwB;oBACnC,IAAI,EAAE;wBACJ,MAAM,EAAE,UAAU;wBAClB,WAAW,EAAE,eAAe;qBAC7B;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,aAAa;4BACxB,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;4BAC1D,CAAC;yBACF;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;YAED,yDAAyD;YACzD,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;gBAC9C,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EACxC,CAAC;gBACD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACpC,MAAM,eAAe,GAAG,UAAU,KAAK,cAAc,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,kBAAkB,CAAC;gBAE9F,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,IAAI,CAAC,MAAM;oBACjB,SAAS,EAAE,wBAAwB;oBACnC,IAAI,EAAE;wBACJ,MAAM,EAAE,UAAU;wBAClB,WAAW,EAAE,eAAe;qBAC7B;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,aAAa;4BACxB,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;4BACzD,CAAC;yBACF;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,cAAc,EAAE,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-dynamic-dependency-loading/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+export interface Options {
+}
+type RuleOptions = [Options?];
+export declare const noDynamicDependencyLoading: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/no-dynamic-dependency-loading/index.js

@@ -0,0 +1,55 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDynamicDependencyLoading = void 0;
+/**
+ * @fileoverview Prevent dynamic dependency injection
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/494.html
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noDynamicDependencyLoading = (0, eslint_devkit_1.createRule)({
+    name: 'no-dynamic-dependency-loading',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent runtime dependency injection with dynamic paths',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-1104',
+                description: 'Dynamic import/require detected - use static imports for security',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/1104.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            CallExpression(node) {
+                // Dynamic require
+                if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                    node.callee.name === 'require' &&
+                    node.arguments[0]?.type !== eslint_devkit_1.AST_NODE_TYPES.Literal) {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+            ImportExpression(node) {
+                // Dynamic import()
+                if (node.source.type !== 'Literal') {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-dynamic-dependency-loading/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-node-security/src/rules/no-dynamic-dependency-loading/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH;;;;GAIG;AAEH,4DAAsG;AAUzF,QAAA,0BAA0B,GAAG,IAAA,0BAAU,EAA0B;IAC5E,IAAI,EAAE,+BAA+B;IACrC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yDAAyD;SACvE;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,mEAAmE;gBAChF,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,kBAAkB;gBAClB,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oBAC9C,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;oBAC9B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,8BAAc,CAAC,OAAO,EAClD,CAAC;oBACD,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;YAED,gBAAgB,CAAC,IAA+B;gBAC9C,mBAAmB;gBACnB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBACnC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACH,CAAC;IACH,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-dynamic-require/index.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: no-dynamic-require
+ * Forbid `require()` calls with expressions (eslint-plugin-import inspired)
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+export interface Options {
+    /** Allow dynamic requires in specific contexts */
+    allowContexts?: ('test' | 'config' | 'build' | 'runtime')[];
+    /** Allow specific patterns of dynamic requires */
+    allowPatterns?: string[];
+}
+type RuleOptions = [Options?];
+export declare const noDynamicRequire: TSESLint.RuleModule<"dynamicRequire", RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
+export {};