npm - eslint-plugin-secure-coding - Versions diffs - 2.4.0 → 3.0.1 - Mend

eslint-plugin-secure-coding 2.4.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/src/index.d.ts CHANGED Viewed

@@ -1,16 +1,7 @@
 /**
- * eslint-plugin-secure-coding
- *
- * A comprehensive security-focused ESLint plugin with 48+ rules
- * for detecting and preventing security vulnerabilities in JavaScript/TypeScript code.
- *
- * Features:
- * - LLM-optimized error messages with CWE references
- * - OWASP Top 10 coverage
- * - Auto-fix capabilities where safe
- * - Structured context for AI assistants
- *
- * @see https://github.com/ofri-peretz/eslint#readme
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 import { TSESLint } from '@interlace/eslint-devkit';
 /**

package/src/index.js CHANGED Viewed

@@ -1,4 +1,11 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configs = exports.plugin = exports.rules = void 0;
 /**
  * eslint-plugin-secure-coding
  *
@@ -13,8 +20,6 @@
  *
  * @see https://github.com/ofri-peretz/eslint#readme
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.configs = exports.plugin = exports.rules = void 0;
 // Security rules - Injection
 const detect_eval_with_expression_1 = require("./rules/detect-eval-with-expression");
 const detect_child_process_1 = require("./rules/detect-child-process");

package/src/rules/detect-child-process/index.d.ts CHANGED Viewed

@@ -1,3 +1,18 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: detect-child-process
+ * Detects instances of child_process & non-literal exec() calls
+ * LLM-optimized with comprehensive command injection prevention guidance
+ *
+ * @see https://owasp.org/www-community/attacks/Command_Injection
+ * @see https://cwe.mitre.org/data/definitions/78.html
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'childProcessCommandInjection' | 'useExecFile' | 'useSpawn' | 'useSaferLibrary' | 'validateInput' | 'useShellFalse' | 'strategyValidate' | 'strategySanitize' | 'strategyRestrict';
 export interface Options {
     /** Allow exec() with literal strings. Default: false (stricter) */
     allowLiteralStrings?: boolean;
@@ -8,4 +23,6 @@ export interface Options {
     /** Strategy for fixing command injection: 'validate', 'sanitize', 'restrict', or 'auto' */
     strategy?: 'validate' | 'sanitize' | 'restrict' | 'auto';
 }
-export declare const detectChildProcess: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectChildProcess: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export {};

package/src/rules/detect-child-process/index.js CHANGED Viewed

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.detectChildProcess = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");

package/src/rules/detect-eval-with-expression/index.d.ts CHANGED Viewed

@@ -1,3 +1,18 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: detect-eval-with-expression
+ * Detects eval(variable) which can allow an attacker to run arbitrary code
+ * LLM-optimized with comprehensive fix guidance and security context
+ *
+ * @see https://owasp.org/www-community/attacks/Code_Injection
+ * @see https://cwe.mitre.org/data/definitions/95.html
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'evalWithExpression' | 'useJsonParse' | 'useObjectAccess' | 'useTemplateLiteral' | 'useFunctionConstructor' | 'useSaferAlternative' | 'strategyRemove' | 'strategyRefactor' | 'strategyValidate';
 export interface Options {
     /** Allow eval with literal strings. Default: false (stricter) */
     allowLiteralStrings?: boolean;
@@ -6,4 +21,6 @@ export interface Options {
     /** Strategy for fixing eval usage: 'remove', 'refactor', 'validate', or 'auto' */
     strategy?: 'remove' | 'refactor' | 'validate' | 'auto';
 }
-export declare const detectEvalWithExpression: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectEvalWithExpression: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export {};

package/src/rules/detect-eval-with-expression/index.js CHANGED Viewed

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.detectEvalWithExpression = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");

package/src/rules/detect-mixed-content/index.d.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 /**
- * @fileoverview Detect HTTP resources in HTTPS pages
- * @see https://owasp.org/www-project-mobile-top-10/
- * @see https://cwe.mitre.org/data/definitions/311.html
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const detectMixedContent: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectMixedContent: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/detect-mixed-content/index.js CHANGED Viewed

@@ -1,11 +1,16 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectMixedContent = void 0;
 /**
  * @fileoverview Detect HTTP resources in HTTPS pages
  * @see https://owasp.org/www-project-mobile-top-10/
  * @see https://cwe.mitre.org/data/definitions/311.html
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.detectMixedContent = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.detectMixedContent = (0, eslint_devkit_1.createRule)({
     name: 'detect-mixed-content',
@@ -13,10 +18,6 @@ exports.detectMixedContent = (0, eslint_devkit_1.createRule)({
         type: 'problem',
         docs: {
             description: 'Detect HTTP resources in HTTPS pages',
-            category: 'Security',
-            recommended: true,
-            owaspMobile: ['M5'],
-            cweIds: ["CWE-311"],
         },
         messages: {
             violationDetected: (0, eslint_devkit_1.formatLLMMessage)({

package/src/rules/detect-non-literal-fs-filename/index.d.ts CHANGED Viewed

@@ -1,7 +1,24 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: detect-non-literal-fs-filename
+ * Detects variable in filename argument of fs calls, which might allow an attacker to access anything on your system
+ * LLM-optimized with comprehensive path traversal prevention guidance
+ *
+ * @see https://owasp.org/www-community/attacks/Path_Traversal
+ * @see https://cwe.mitre.org/data/definitions/22.html
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'fsPathTraversal' | 'usePathResolve' | 'validatePath' | 'useBasename' | 'createSafeDir' | 'whitelistExtensions';
 export interface Options {
     /** Allow literal strings. Default: false (stricter) */
     allowLiterals?: boolean;
     /** Additional fs methods to check */
     additionalMethods?: string[];
 }
-export declare const detectNonLiteralFsFilename: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectNonLiteralFsFilename: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export {};

package/src/rules/detect-non-literal-fs-filename/index.js CHANGED Viewed

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.detectNonLiteralFsFilename = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");

package/src/rules/detect-non-literal-regexp/index.d.ts CHANGED Viewed

@@ -1,3 +1,18 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: detect-non-literal-regexp
+ * Detects RegExp(variable), which might allow an attacker to DOS your server with a long-running regular expression
+ * LLM-optimized with comprehensive ReDoS prevention guidance
+ *
+ * @see https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
+ * @see https://cwe.mitre.org/data/definitions/400.html
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'regexpReDoS' | 'useStaticRegex' | 'validateInput' | 'useRegexLibrary' | 'addTimeout' | 'escapeUserInput';
 export interface Options {
     /** Allow literal string regex patterns. Default: false (stricter) */
     allowLiterals?: boolean;
@@ -6,4 +21,6 @@ export interface Options {
     /** Maximum allowed pattern length for dynamic regex */
     maxPatternLength?: number;
 }
-export declare const detectNonLiteralRegexp: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectNonLiteralRegexp: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export {};

package/src/rules/detect-non-literal-regexp/index.js CHANGED Viewed

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.detectNonLiteralRegexp = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");

package/src/rules/detect-object-injection/index.d.ts CHANGED Viewed

@@ -1,3 +1,23 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: detect-object-injection
+ * Detects variable[key] as a left- or right-hand assignment operand (prototype pollution)
+ * LLM-optimized with comprehensive object injection prevention guidance
+ *
+ * Type-Aware Enhancement:
+ * This rule uses TypeScript type information when available to reduce false positives.
+ * If a property key is constrained to a union of string literals (e.g., 'name' | 'email'),
+ * the access is considered safe because the values are statically known at compile time.
+ *
+ * @see https://portswigger.net/web-security/prototype-pollution
+ * @see https://cwe.mitre.org/data/definitions/915.html
+ */
+import { TSESLint } from '@interlace/eslint-devkit';
+type MessageIds = 'objectInjection' | 'useMapInstead' | 'useHasOwnProperty' | 'whitelistKeys' | 'useObjectCreate' | 'freezePrototypes' | 'strategyValidate' | 'strategyWhitelist' | 'strategyFreeze';
 export interface Options {
     /** Allow bracket notation with literal strings. Default: false (stricter) */
     allowLiterals?: boolean;
@@ -8,4 +28,6 @@ export interface Options {
     /** Strategy for fixing object injection: 'validate', 'whitelist', 'freeze', or 'auto' */
     strategy?: 'validate' | 'whitelist' | 'freeze' | 'auto';
 }
-export declare const detectObjectInjection: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectObjectInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export {};

package/src/rules/detect-object-injection/index.js CHANGED Viewed

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.detectObjectInjection = void 0;
 /**

package/src/rules/detect-suspicious-dependencies/index.d.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 /**
- * @fileoverview Detect potential typosquatting in dependencies
- * @see https://owasp.org/www-project-mobile-top-10/
- * @see https://cwe.mitre.org/data/definitions/506.html
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const detectSuspiciousDependencies: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectSuspiciousDependencies: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/detect-suspicious-dependencies/index.js CHANGED Viewed

@@ -1,11 +1,16 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectSuspiciousDependencies = void 0;
 /**
  * @fileoverview Detect potential typosquatting in dependencies
  * @see https://owasp.org/www-project-mobile-top-10/
  * @see https://cwe.mitre.org/data/definitions/506.html
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.detectSuspiciousDependencies = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.detectSuspiciousDependencies = (0, eslint_devkit_1.createRule)({
     name: 'detect-suspicious-dependencies',

package/src/rules/detect-weak-password-validation/index.d.ts CHANGED Viewed

@@ -1,6 +1,10 @@
 /**
- * @fileoverview Identify weak password requirements
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const detectWeakPasswordValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const detectWeakPasswordValidation: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/detect-weak-password-validation/index.js CHANGED Viewed

@@ -1,9 +1,14 @@
 "use strict";
 /**
- * @fileoverview Identify weak password requirements
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.detectWeakPasswordValidation = void 0;
+/**
+ * @fileoverview Identify weak password requirements
+ */
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.detectWeakPasswordValidation = (0, eslint_devkit_1.createRule)({
     name: 'detect-weak-password-validation',

package/src/rules/no-allow-arbitrary-loads/index.d.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 /**
- * @fileoverview Prevent configuration allowing insecure loads
- * @see https://owasp.org/www-project-mobile-top-10/
- * @see https://cwe.mitre.org/data/definitions/749.html
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const noAllowArbitraryLoads: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const noAllowArbitraryLoads: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/no-allow-arbitrary-loads/index.js CHANGED Viewed

@@ -1,11 +1,16 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noAllowArbitraryLoads = void 0;
 /**
  * @fileoverview Prevent configuration allowing insecure loads
  * @see https://owasp.org/www-project-mobile-top-10/
  * @see https://cwe.mitre.org/data/definitions/749.html
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noAllowArbitraryLoads = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.noAllowArbitraryLoads = (0, eslint_devkit_1.createRule)({
     name: 'no-allow-arbitrary-loads',
@@ -13,10 +18,6 @@ exports.noAllowArbitraryLoads = (0, eslint_devkit_1.createRule)({
         type: 'problem',
         docs: {
             description: 'Prevent configuration allowing insecure loads',
-            category: 'Security',
-            recommended: true,
-            owaspMobile: ['M5'],
-            cweIds: ["CWE-749"],
         },
         messages: {
             violationDetected: (0, eslint_devkit_1.formatLLMMessage)({

package/src/rules/no-arbitrary-file-access/index.d.ts CHANGED Viewed

@@ -1,13 +1,10 @@
 /**
- * @fileoverview Prevent file access from user input
- *
- * False Positive Reduction:
- * This rule detects safe patterns including:
- * - path.basename() sanitization
- * - path.join() with validated base directories
- * - startsWith() validation guards
- * - Early-return throw patterns
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const noArbitraryFileAccess: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const noArbitraryFileAccess: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/no-arbitrary-file-access/index.js CHANGED Viewed

@@ -1,4 +1,11 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noArbitraryFileAccess = void 0;
 /**
  * @fileoverview Prevent file access from user input
  *
@@ -9,8 +16,6 @@
  * - startsWith() validation guards
  * - Early-return throw patterns
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noArbitraryFileAccess = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.noArbitraryFileAccess = (0, eslint_devkit_1.createRule)({
     name: 'no-arbitrary-file-access',

package/src/rules/no-buffer-overread/index.d.ts CHANGED Viewed

@@ -1,3 +1,8 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 /**
  * ESLint Rule: no-buffer-overread
  * Detects buffer access beyond bounds (CWE-126)
@@ -13,7 +18,8 @@
  * - JSDoc annotations (@safe, @validated)
  * - Input validation functions
  */
-import type { SecurityRuleOptions } from '@interlace/eslint-devkit';
+import type { TSESLint, SecurityRuleOptions } from '@interlace/eslint-devkit';
+type MessageIds = 'bufferOverread' | 'unsafeBufferAccess' | 'missingBoundsCheck' | 'negativeBufferIndex' | 'userControlledBufferIndex' | 'unsafeBufferSlice' | 'bufferLengthNotChecked' | 'useSafeBufferAccess' | 'validateBufferIndices' | 'checkBufferBounds' | 'strategyBoundsChecking' | 'strategyInputValidation' | 'strategySafeBuffers';
 export interface Options extends SecurityRuleOptions {
     /** Buffer methods to check for bounds safety */
     bufferMethods?: string[];
@@ -26,4 +32,6 @@ export interface Options extends SecurityRuleOptions {
     /** Additional JSDoc annotations to consider as safe markers */
     strictMode?: boolean;
 }
-export declare const noBufferOverread: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const noBufferOverread: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export {};

package/src/rules/no-buffer-overread/index.js CHANGED Viewed

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.noBufferOverread = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");

package/src/rules/no-clickjacking/index.d.ts CHANGED Viewed

@@ -1,4 +1,26 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: no-clickjacking
+ * Detects clickjacking vulnerabilities (CWE-1021)
+ *
+ * Clickjacking tricks users into clicking on invisible or disguised elements
+ * by overlaying them with transparent frames. This rule detects missing
+ * protections against clickjacking attacks.
+ *
+ * False Positive Reduction:
+ * This rule uses security utilities to reduce false positives by detecting:
+ * - Safe iframe usage patterns
+ * - Trusted frame sources
+ * - JSDoc annotations (@trusted-frame, @safe-iframe)
+ * - Frame-busting protections
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
 import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
+type MessageIds = 'clickjackingVulnerability' | 'missingFrameBusting' | 'unsafeIframeUsage' | 'missingXFrameOptions' | 'missingCspFrameAncestors' | 'transparentFrameOverlay' | 'frameManipulation' | 'implementFrameBusting' | 'useXFrameOptions' | 'setCspFrameAncestors' | 'strategyFrameProtection' | 'strategyContentSecurity' | 'strategyUserInteraction';
 export interface Options extends SecurityRuleOptions {
     /** Trusted iframe sources */
     trustedSources?: string[];
@@ -7,4 +29,6 @@ export interface Options extends SecurityRuleOptions {
     /** Detect transparent overlays */
     detectTransparentOverlays?: boolean;
 }
-export declare const noClickjacking: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const noClickjacking: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export {};

package/src/rules/no-clickjacking/index.js CHANGED Viewed

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.noClickjacking = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");

package/src/rules/no-client-side-auth-logic/index.d.ts CHANGED Viewed

@@ -1,6 +1,10 @@
 /**
- * @fileoverview Prevent authentication logic in client code
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const noClientSideAuthLogic: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const noClientSideAuthLogic: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/no-client-side-auth-logic/index.js CHANGED Viewed

@@ -1,9 +1,14 @@
 "use strict";
 /**
- * @fileoverview Prevent authentication logic in client code
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.noClientSideAuthLogic = void 0;
+/**
+ * @fileoverview Prevent authentication logic in client code
+ */
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.noClientSideAuthLogic = (0, eslint_devkit_1.createRule)({
     name: 'no-client-side-auth-logic',

package/src/rules/no-credentials-in-query-params/index.d.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 /**
- * @fileoverview Disallow credentials in URL query parameters
- * @see https://owasp.org/www-project-mobile-top-10/
- * @see https://cwe.mitre.org/data/definitions/598.html
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const noCredentialsInQueryParams: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const noCredentialsInQueryParams: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/no-credentials-in-query-params/index.js CHANGED Viewed

@@ -1,11 +1,16 @@
 "use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noCredentialsInQueryParams = void 0;
 /**
  * @fileoverview Disallow credentials in URL query parameters
  * @see https://owasp.org/www-project-mobile-top-10/
  * @see https://cwe.mitre.org/data/definitions/598.html
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noCredentialsInQueryParams = void 0;
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.noCredentialsInQueryParams = (0, eslint_devkit_1.createRule)({
     name: 'no-credentials-in-query-params',

package/src/rules/no-data-in-temp-storage/index.d.ts CHANGED Viewed

@@ -1,6 +1,10 @@
 /**
- * @fileoverview Prevent sensitive data in temp directories
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 export interface Options {
 }
-export declare const noDataInTempStorage: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
+type RuleOptions = [Options?];
+export declare const noDataInTempStorage: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export {};

package/src/rules/no-data-in-temp-storage/index.js CHANGED Viewed

@@ -1,9 +1,14 @@
 "use strict";
 /**
- * @fileoverview Prevent sensitive data in temp directories
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.noDataInTempStorage = void 0;
+/**
+ * @fileoverview Prevent sensitive data in temp directories
+ */
 const eslint_devkit_1 = require("@interlace/eslint-devkit");
 exports.noDataInTempStorage = (0, eslint_devkit_1.createRule)({
     name: 'no-data-in-temp-storage',