eslint-plugin-sdl-2 1.0.4

package/dist/rules/no-electron-insecure-permission-request-handler.js

@@ -0,0 +1,75 @@
+import { arrayAt } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const isFunctionExpression = (expression) => expression.type === "ArrowFunctionExpression" ||
+    expression.type === "FunctionExpression";
+const hasUnsafePermissionAllowPattern = (callbackNode, context, callbackParameterName) => {
+    const callbackSourceText = context.sourceCode.getText(callbackNode);
+    const escapedName = callbackParameterName.replaceAll("$", String.raw `\$`);
+    // eslint-disable-next-line security/detect-non-literal-regexp -- Callback identifier is escaped before interpolation for strict permission-allow detection.
+    const callbackPattern = new RegExp(String.raw `\b${escapedName}\s*\(\s*true\b`, "u");
+    return (callbackPattern.test(callbackSourceText) ||
+        /\breturn\s+true\b/u.test(callbackSourceText));
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.type !== "MemberExpression") {
+                    return;
+                }
+                if (getMemberPropertyName(node.callee) !==
+                    "setPermissionRequestHandler") {
+                    return;
+                }
+                const [firstArgument] = node.arguments;
+                if (firstArgument === undefined ||
+                    firstArgument.type === "SpreadElement" ||
+                    !isFunctionExpression(firstArgument)) {
+                    return;
+                }
+                const callbackParameter = arrayAt(firstArgument.params, -1);
+                if (callbackParameter?.type !== "Identifier") {
+                    return;
+                }
+                if (!hasUnsafePermissionAllowPattern(firstArgument, context, callbackParameter.name)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: firstArgument,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow Electron permission request handlers that blanket-allow permission requests.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-electron-insecure-permission-request-handler",
+        },
+        messages: {
+            default: "Do not blanket-allow permissions in setPermissionRequestHandler callbacks.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-electron-insecure-permission-request-handler",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-electron-insecure-permission-request-handler.js.map

package/dist/rules/no-electron-insecure-permission-request-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-insecure-permission-request-handler.js","sourceRoot":"","sources":["../../src/rules/no-electron-insecure-permission-request-handler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CACzB,UAA2C,EAGb,EAAE,CAChC,UAAU,CAAC,IAAI,KAAK,yBAAyB;IAC7C,UAAU,CAAC,IAAI,KAAK,oBAAoB,CAAC;AAE7C,MAAM,+BAA+B,GAAG,CACpC,YAEiC,EACjC,OAAoD,EACpD,qBAA6B,EACtB,EAAE;IACT,MAAM,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,qBAAqB,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAA,IAAI,CAAC,CAAC;IAC1E,4JAA4J;IAC5J,MAAM,eAAe,GAAG,IAAI,MAAM,CAC9B,MAAM,CAAC,GAAG,CAAA,KAAK,WAAW,gBAAgB,EAC1C,GAAG,CACN,CAAC;IAEF,OAAO,CACH,eAAe,CAAC,IAAI,CAAC,kBAAkB,CAAC;QACxC,oBAAoB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAChD,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,cAAc,CAAC,IAA6B;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,IACI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,6BAA6B,EAC/B,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvC,IACI,aAAa,KAAK,SAAS;oBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;oBACtC,CAAC,oBAAoB,CAAC,aAAa,CAAC,EACtC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,iBAAiB,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;gBAE5D,IAAI,iBAAiB,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC3C,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,+BAA+B,CAC5B,aAAa,EACb,OAAO,EACP,iBAAiB,CAAC,IAAI,CACzB,EACH,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,aAAa;iBACtB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,uFAAuF;YAC3F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,6GAA6G;SACrH;QACD,QAAQ,EAAE;YACN,OAAO,EACH,4EAA4E;SACnF;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,iDAAiD;CAC1D,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-electron-node-integration.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-electron-node-integration.d.ts.map

package/dist/rules/no-electron-node-integration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-node-integration.d.ts","sourceRoot":"","sources":["../../src/rules/no-electron-node-integration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA2DtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-electron-node-integration.js

@@ -0,0 +1,52 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            "NewExpression[callee.name=/^(?:BrowserWindow|BrowserView)$/] > ObjectExpression.arguments > Property.properties[key.name='webPreferences'] > ObjectExpression.value > Property.properties[key.name=/^(?:nodeIntegration|nodeIntegrationInWorker|nodeIntegrationInSubFrames)$/][value.value=true]"(node) {
+                context.report({
+                    fix(fixer) {
+                        const propertyText = context.sourceCode.getText(node);
+                        const separatorIndex = propertyText.indexOf(":");
+                        if (separatorIndex === -1) {
+                            return null;
+                        }
+                        const valuePortion = propertyText.slice(separatorIndex + 1);
+                        const trimmedValuePortion = valuePortion.trimStart();
+                        if (!trimmedValuePortion.startsWith("true")) {
+                            return null;
+                        }
+                        const leadingWhitespaceLength = valuePortion.length - trimmedValuePortion.length;
+                        const nextValuePortion = `${valuePortion.slice(0, leadingWhitespaceLength)}false${trimmedValuePortion.slice("true".length)}`;
+                        const nextPropertyText = `${propertyText.slice(0, separatorIndex + 1)}${nextValuePortion}`;
+                        if (nextPropertyText === propertyText) {
+                            return null;
+                        }
+                        return fixer.replaceText(node, nextPropertyText);
+                    },
+                    messageId: "default",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow enabling Electron Node.js integration in BrowserWindow/BrowserView webPreferences.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-electron-node-integration",
+        },
+        fixable: "code",
+        messages: {
+            default: "Do not enable Node.js integration for remote content.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-electron-node-integration",
+});
+export default rule;
+//# sourceMappingURL=no-electron-node-integration.js.map

package/dist/rules/no-electron-node-integration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-node-integration.js","sourceRoot":"","sources":["../../src/rules/no-electron-node-integration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAC;IACnD,MAAM,CAAC,OAAO;QACV,OAAO;YACH,kSAAkS,CAC9R,IAAI;gBAEJ,OAAO,CAAC,MAAM,CAAC;oBACX,GAAG,CAAC,KAAK;wBACL,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBACtD,MAAM,cAAc,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;wBAEjD,IAAI,cAAc,KAAK,CAAC,CAAC,EAAE,CAAC;4BACxB,OAAO,IAAI,CAAC;wBAChB,CAAC;wBAED,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CACnC,cAAc,GAAG,CAAC,CACrB,CAAC;wBACF,MAAM,mBAAmB,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC;wBAErD,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;4BAC1C,OAAO,IAAI,CAAC;wBAChB,CAAC;wBAED,MAAM,uBAAuB,GACzB,YAAY,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC;wBACrD,MAAM,gBAAgB,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,uBAAuB,CAAC,QAAQ,mBAAmB,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC7H,MAAM,gBAAgB,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,CAAC;wBAE3F,IAAI,gBAAgB,KAAK,YAAY,EAAE,CAAC;4BACpC,OAAO,IAAI,CAAC;wBAChB,CAAC;wBAED,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;oBACrD,CAAC;oBACD,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,6FAA6F;YACjG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,0FAA0F;SAClG;QACD,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE;YACN,OAAO,EAAE,uDAAuD;SACnE;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,8BAA8B;CACvC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-electron-permission-check-handler-allow-all.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-electron-permission-check-handler-allow-all.d.ts.map

package/dist/rules/no-electron-permission-check-handler-allow-all.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-permission-check-handler-allow-all.d.ts","sourceRoot":"","sources":["../../src/rules/no-electron-permission-check-handler-allow-all.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAoCzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAmDtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-electron-permission-check-handler-allow-all.js

@@ -0,0 +1,63 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+import { getMemberPropertyName } from "../_internal/estree-utils.js";
+const isFunctionExpression = (expression) => expression.type === "ArrowFunctionExpression" ||
+    expression.type === "FunctionExpression";
+const isBooleanTrueLiteral = (expression) => expression?.type === "Literal" && expression.value === true;
+const isAllowAllPermissionCheckHandler = (callbackNode) => {
+    if (callbackNode.body.type !== "BlockStatement") {
+        return isBooleanTrueLiteral(callbackNode.body);
+    }
+    if (callbackNode.body.body.length !== 1) {
+        return false;
+    }
+    const onlyStatement = arrayFirst(callbackNode.body.body);
+    return (onlyStatement?.type === "ReturnStatement" &&
+        isBooleanTrueLiteral(onlyStatement.argument));
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.type !== "MemberExpression") {
+                    return;
+                }
+                if (getMemberPropertyName(node.callee) !==
+                    "setPermissionCheckHandler") {
+                    return;
+                }
+                const [firstArgument] = node.arguments;
+                if (firstArgument === undefined ||
+                    firstArgument.type === "SpreadElement" ||
+                    !isFunctionExpression(firstArgument) ||
+                    !isAllowAllPermissionCheckHandler(firstArgument)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: firstArgument,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow Electron permission check handlers that unconditionally allow every permission request.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-electron-permission-check-handler-allow-all",
+        },
+        messages: {
+            default: "Do not unconditionally return true from setPermissionCheckHandler callbacks.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-electron-permission-check-handler-allow-all",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-electron-permission-check-handler-allow-all.js.map

package/dist/rules/no-electron-permission-check-handler-allow-all.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-permission-check-handler-allow-all.js","sourceRoot":"","sources":["../../src/rules/no-electron-permission-check-handler-allow-all.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAIrE,MAAM,oBAAoB,GAAG,CACzB,UAA2C,EAGb,EAAE,CAChC,UAAU,CAAC,IAAI,KAAK,yBAAyB;IAC7C,UAAU,CAAC,IAAI,KAAK,oBAAoB,CAAC;AAE7C,MAAM,oBAAoB,GAAG,CACzB,UAAkD,EAC3C,EAAE,CAAC,UAAU,EAAE,IAAI,KAAK,SAAS,IAAI,UAAU,CAAC,KAAK,KAAK,IAAI,CAAC;AAE1E,MAAM,gCAAgC,GAAG,CACrC,YAA4E,EACrE,EAAE;IACT,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9C,OAAO,oBAAoB,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,aAAa,GAAG,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzD,OAAO,CACH,aAAa,EAAE,IAAI,KAAK,iBAAiB;QACzC,oBAAoB,CAAC,aAAa,CAAC,QAAQ,CAAC,CAC/C,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,cAAc,CAAC,IAA6B;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,IACI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,2BAA2B,EAC7B,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvC,IACI,aAAa,KAAK,SAAS;oBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;oBACtC,CAAC,oBAAoB,CAAC,aAAa,CAAC;oBACpC,CAAC,gCAAgC,CAAC,aAAa,CAAC,EAClD,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,aAAa;iBACtB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,kGAAkG;YACtG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,4GAA4G;SACpH;QACD,QAAQ,EAAE;YACN,OAAO,EACH,8EAA8E;SACrF;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,gDAAgD;CACzD,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-electron-unchecked-ipc-sender.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-electron-unchecked-ipc-sender.d.ts.map

package/dist/rules/no-electron-unchecked-ipc-sender.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-unchecked-ipc-sender.d.ts","sourceRoot":"","sources":["../../src/rules/no-electron-unchecked-ipc-sender.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAqFzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA2DtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-electron-unchecked-ipc-sender.js

@@ -0,0 +1,90 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const isIpcMainObjectExpression = (expression) => {
+    if (expression.type === "Identifier") {
+        return expression.name === "ipcMain";
+    }
+    if (expression.type !== "MemberExpression") {
+        return false;
+    }
+    return getMemberPropertyName(expression) === "ipcMain";
+};
+const isIpcMainHandlerRegistration = (node) => {
+    if (node.callee.type !== "MemberExpression") {
+        return false;
+    }
+    const methodName = getMemberPropertyName(node.callee);
+    if (methodName !== "on" && methodName !== "handle") {
+        return false;
+    }
+    return isIpcMainObjectExpression(node.callee.object);
+};
+const isFunctionExpression = (expression) => expression.type === "ArrowFunctionExpression" ||
+    expression.type === "FunctionExpression";
+const hasSenderValidationPattern = (callbackNode, context, eventParameterName) => {
+    const callbackSourceText = context.sourceCode.getText(callbackNode);
+    const escapedEventName = eventParameterName.replaceAll("$", String.raw `\$`);
+    // eslint-disable-next-line security/detect-non-literal-regexp -- Event parameter identifier is escaped before interpolation for sender-access detection.
+    const eventSenderPattern = new RegExp(String.raw `\b${escapedEventName}\s*\.\s*(?:sender|senderFrame)\b`, "u");
+    return (eventSenderPattern.test(callbackSourceText) ||
+        /\b(?:allowlist|getURL|isTrusted|origin|validate|whitelist)\b/u.test(callbackSourceText));
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (!isIpcMainHandlerRegistration(node)) {
+                    return;
+                }
+                const [, handlerNode] = node.arguments;
+                if (handlerNode === undefined ||
+                    handlerNode.type === "SpreadElement" ||
+                    !isFunctionExpression(handlerNode)) {
+                    return;
+                }
+                const eventParameter = arrayFirst(handlerNode.params);
+                if (eventParameter?.type !== "Identifier") {
+                    return;
+                }
+                if (hasSenderValidationPattern(handlerNode, context, eventParameter.name)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: handlerNode,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow privileged ipcMain handlers that do not validate sender/frame trust.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-electron-unchecked-ipc-sender",
+        },
+        messages: {
+            default: "Validate the IPC sender or sender frame before handling privileged ipcMain requests.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-electron-unchecked-ipc-sender",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-electron-unchecked-ipc-sender.js.map

package/dist/rules/no-electron-unchecked-ipc-sender.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-unchecked-ipc-sender.js","sourceRoot":"","sources":["../../src/rules/no-electron-unchecked-ipc-sender.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,UAA+B,EACxB,EAAE;IACT,IAAI,UAAU,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACnC,OAAO,UAAU,CAAC,IAAI,KAAK,SAAS,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,qBAAqB,CAAC,UAAU,CAAC,KAAK,SAAS,CAAC;AAC3D,CAAC,CAAC;AAEF,MAAM,4BAA4B,GAAG,CACjC,IAA6B,EACtB,EAAE;IACT,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEtD,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AACzD,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CACzB,UAA2C,EAGb,EAAE,CAChC,UAAU,CAAC,IAAI,KAAK,yBAAyB;IAC7C,UAAU,CAAC,IAAI,KAAK,oBAAoB,CAAC;AAE7C,MAAM,0BAA0B,GAAG,CAC/B,YAEiC,EACjC,OAAoD,EACpD,kBAA0B,EACnB,EAAE;IACT,MAAM,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACpE,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAA,IAAI,CAAC,CAAC;IAC5E,yJAAyJ;IACzJ,MAAM,kBAAkB,GAAG,IAAI,MAAM,CACjC,MAAM,CAAC,GAAG,CAAA,KAAK,gBAAgB,kCAAkC,EACjE,GAAG,CACN,CAAC;IAEF,OAAO,CACH,kBAAkB,CAAC,IAAI,CAAC,kBAAkB,CAAC;QAC3C,+DAA+D,CAAC,IAAI,CAChE,kBAAkB,CACrB,CACJ,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,cAAc,CAAC,IAA6B;gBACxC,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtC,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvC,IACI,WAAW,KAAK,SAAS;oBACzB,WAAW,CAAC,IAAI,KAAK,eAAe;oBACpC,CAAC,oBAAoB,CAAC,WAAW,CAAC,EACpC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,cAAc,GAAG,UAAU,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;gBAEtD,IAAI,cAAc,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,IACI,0BAA0B,CACtB,WAAW,EACX,OAAO,EACP,cAAc,CAAC,IAAI,CACtB,EACH,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,WAAW;iBACpB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,+EAA+E;YACnF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,8FAA8F;SACtG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,sFAAsF;SAC7F;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,kCAAkC;CAC3C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-electron-unrestricted-navigation.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-electron-unrestricted-navigation.d.ts.map

package/dist/rules/no-electron-unrestricted-navigation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-unrestricted-navigation.d.ts","sourceRoot":"","sources":["../../src/rules/no-electron-unrestricted-navigation.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA6DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAiGtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-electron-unrestricted-navigation.js

@@ -0,0 +1,100 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const isFunctionExpression = (expression) => expression.type === "ArrowFunctionExpression" ||
+    expression.type === "FunctionExpression";
+const hasUnsafeAllowAction = (callbackNode, context) => {
+    const callbackSourceText = context.sourceCode.getText(callbackNode);
+    return /\baction\s*:\s*["'`]allow["'`]/u.test(callbackSourceText);
+};
+const hasPreventDefaultCall = (callbackNode, context, eventParameterName) => {
+    const callbackSourceText = context.sourceCode.getText(callbackNode);
+    const escapedName = eventParameterName.replaceAll("$", String.raw `\$`);
+    // eslint-disable-next-line security/detect-non-literal-regexp -- Event parameter identifier is escaped before interpolation for preventDefault-call detection.
+    const preventDefaultPattern = new RegExp(String.raw `\b${escapedName}\s*\.\s*preventDefault\s*\(`, "u");
+    return preventDefaultPattern.test(callbackSourceText);
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.type !== "MemberExpression") {
+                    return;
+                }
+                const methodName = getMemberPropertyName(node.callee);
+                if (methodName === "setWindowOpenHandler") {
+                    const [firstArgument] = node.arguments;
+                    if (firstArgument === undefined ||
+                        firstArgument.type === "SpreadElement" ||
+                        !isFunctionExpression(firstArgument)) {
+                        return;
+                    }
+                    if (!hasUnsafeAllowAction(firstArgument, context)) {
+                        return;
+                    }
+                    context.report({
+                        messageId: "default",
+                        node: firstArgument,
+                    });
+                    return;
+                }
+                if (methodName !== "on") {
+                    return;
+                }
+                const [firstArgument, secondArgument] = node.arguments;
+                if (firstArgument === undefined ||
+                    firstArgument.type === "SpreadElement" ||
+                    secondArgument === undefined ||
+                    secondArgument.type === "SpreadElement" ||
+                    !isFunctionExpression(secondArgument)) {
+                    return;
+                }
+                if (firstArgument.type !== "Literal" ||
+                    firstArgument.value !== "will-navigate") {
+                    return;
+                }
+                const eventParameter = arrayFirst(secondArgument.params);
+                if (eventParameter?.type !== "Identifier") {
+                    return;
+                }
+                if (hasPreventDefaultCall(secondArgument, context, eventParameter.name)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: secondArgument,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow Electron navigation handlers that allow unrestricted navigation or window opening.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-electron-unrestricted-navigation",
+        },
+        messages: {
+            default: "Restrict Electron navigation/window-opening handlers with explicit blocking or allowlist logic.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-electron-unrestricted-navigation",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-electron-unrestricted-navigation.js.map

package/dist/rules/no-electron-unrestricted-navigation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-unrestricted-navigation.js","sourceRoot":"","sources":["../../src/rules/no-electron-unrestricted-navigation.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CACzB,UAA2C,EAGb,EAAE,CAChC,UAAU,CAAC,IAAI,KAAK,yBAAyB;IAC7C,UAAU,CAAC,IAAI,KAAK,oBAAoB,CAAC;AAE7C,MAAM,oBAAoB,GAAG,CACzB,YAEiC,EACjC,OAAoD,EAC7C,EAAE;IACT,MAAM,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAEpE,OAAO,iCAAiC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AACtE,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAC1B,YAEiC,EACjC,OAAoD,EACpD,kBAA0B,EACnB,EAAE;IACT,MAAM,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,kBAAkB,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAA,IAAI,CAAC,CAAC;IACvE,+JAA+J;IAC/J,MAAM,qBAAqB,GAAG,IAAI,MAAM,CACpC,MAAM,CAAC,GAAG,CAAA,KAAK,WAAW,6BAA6B,EACvD,GAAG,CACN,CAAC;IAEF,OAAO,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AAC1D,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,cAAc,CAAC,IAA6B;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEtD,IAAI,UAAU,KAAK,sBAAsB,EAAE,CAAC;oBACxC,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;oBAEvC,IACI,aAAa,KAAK,SAAS;wBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;wBACtC,CAAC,oBAAoB,CAAC,aAAa,CAAC,EACtC,CAAC;wBACC,OAAO;oBACX,CAAC;oBAED,IAAI,CAAC,oBAAoB,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,CAAC;wBAChD,OAAO;oBACX,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,aAAa;qBACtB,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;oBACtB,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,EAAE,cAAc,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvD,IACI,aAAa,KAAK,SAAS;oBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;oBACtC,cAAc,KAAK,SAAS;oBAC5B,cAAc,CAAC,IAAI,KAAK,eAAe;oBACvC,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACvC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,aAAa,CAAC,IAAI,KAAK,SAAS;oBAChC,aAAa,CAAC,KAAK,KAAK,eAAe,EACzC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBAEzD,IAAI,cAAc,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,IACI,qBAAqB,CACjB,cAAc,EACd,OAAO,EACP,cAAc,CAAC,IAAI,CACtB,EACH,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,cAAc;iBACvB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,6FAA6F;YACjG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,iGAAiG;SACzG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,iGAAiG;SACxG;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,qCAAqC;CAC9C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-electron-untrusted-open-external.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-electron-untrusted-open-external.d.ts.map

package/dist/rules/no-electron-untrusted-open-external.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-untrusted-open-external.d.ts","sourceRoot":"","sources":["../../src/rules/no-electron-untrusted-open-external.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA2EzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAmDtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-electron-untrusted-open-external.js

@@ -0,0 +1,92 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const getStaticTemplateLiteralValue = (templateLiteral) => {
+    if (templateLiteral.expressions.length > 0) {
+        return undefined;
+    }
+    return arrayFirst(templateLiteral.quasis)?.value.cooked ?? undefined;
+};
+const getStringValue = (node) => {
+    if (node.type === "Literal" && typeof node.value === "string") {
+        return node.value;
+    }
+    if (node.type === "TemplateLiteral") {
+        return getStaticTemplateLiteralValue(node);
+    }
+    return undefined;
+};
+const isAllowedExternalProtocol = (value) => /^(?:https|mailto):/iu.test(value.trim());
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const isShellObjectExpression = (node) => {
+    if (node.type === "Identifier") {
+        return node.name === "shell";
+    }
+    if (node.type !== "MemberExpression") {
+        return false;
+    }
+    return getMemberPropertyName(node) === "shell";
+};
+const isShellOpenExternalCallee = (callee) => {
+    if (callee.type !== "MemberExpression") {
+        return false;
+    }
+    if (getMemberPropertyName(callee) !== "openExternal") {
+        return false;
+    }
+    return isShellObjectExpression(callee.object);
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (!isShellOpenExternalCallee(node.callee)) {
+                    return;
+                }
+                const [firstArgument] = node.arguments;
+                if (firstArgument === undefined ||
+                    firstArgument.type === "SpreadElement") {
+                    return;
+                }
+                const firstArgumentValue = getStringValue(firstArgument);
+                if (typeof firstArgumentValue === "string" &&
+                    isAllowedExternalProtocol(firstArgumentValue)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: firstArgument,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow untrusted or non-HTTPS/non-mailto URLs in Electron shell.openExternal calls.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-electron-untrusted-open-external",
+        },
+        messages: {
+            default: "Only open trusted https: or mailto: URLs with shell.openExternal.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-electron-untrusted-open-external",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-electron-untrusted-open-external.js.map

package/dist/rules/no-electron-untrusted-open-external.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-untrusted-open-external.js","sourceRoot":"","sources":["../../src/rules/no-electron-untrusted-open-external.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,6BAA6B,GAAG,CAClC,eAAyC,EACvB,EAAE;IACpB,IAAI,eAAe,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzC,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,OAAO,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,IAAI,SAAS,CAAC;AACzE,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,CAAC,IAAyB,EAAsB,EAAE;IACrE,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QAClC,OAAO,6BAA6B,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAAC,KAAa,EAAW,EAAE,CACzD,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;AAE9C,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAC,IAAyB,EAAW,EAAE;IACnE,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC;IACjC,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC;AACnD,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,MAAyC,EAClC,EAAE;IACT,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,MAAM,CAAC,KAAK,cAAc,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAClD,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,cAAc,CAAC,IAAI;gBACf,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvC,IACI,aAAa,KAAK,SAAS;oBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe,EACxC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,kBAAkB,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;gBAEzD,IACI,OAAO,kBAAkB,KAAK,QAAQ;oBACtC,yBAAyB,CAAC,kBAAkB,CAAC,EAC/C,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,aAAa;iBACtB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,uFAAuF;YAC3F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,iGAAiG;SACzG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,mEAAmE;SAC1E;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,qCAAqC;CAC9C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-electron-webview-allowpopups.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-electron-webview-allowpopups.d.ts.map

package/dist/rules/no-electron-webview-allowpopups.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-webview-allowpopups.d.ts","sourceRoot":"","sources":["../../src/rules/no-electron-webview-allowpopups.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAuDzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAkDtC,CAAC;AAEH,eAAe,IAAI,CAAC"}