eslint-plugin-secure-coding 3.0.0 → 3.0.2

package/src/rules/no-clickjacking/index.js

@@ -1,396 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noClickjacking = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-const eslint_devkit_2 = require("@interlace/eslint-devkit");
-const eslint_devkit_3 = require("@interlace/eslint-devkit");
-exports.noClickjacking = (0, eslint_devkit_1.createRule)({
-    name: 'no-clickjacking',
-    meta: {
-        type: 'problem',
-        deprecated: true,
-        replacedBy: ['@see eslint-plugin-express-security/require-helmet'],
-        docs: {
-            description: 'Detects clickjacking vulnerabilities and missing frame protections',
-        },
-        fixable: 'code',
-        hasSuggestions: true,
-        messages: {
-            clickjackingVulnerability: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Clickjacking Vulnerability',
-                cwe: 'CWE-1021',
-                description: 'Clickjacking protection missing',
-                severity: '{{severity}}',
-                fix: '{{safeAlternative}}',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            }),
-            missingFrameBusting: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Missing Frame Busting',
-                cwe: 'CWE-1021',
-                description: 'No frame-busting code to prevent clickjacking',
-                severity: 'HIGH',
-                fix: 'Add frame-busting JavaScript to prevent framing',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            }),
-            unsafeIframeUsage: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Unsafe iframe Usage',
-                cwe: 'CWE-1021',
-                description: 'iframe may enable clickjacking attacks',
-                severity: 'MEDIUM',
-                fix: 'Add X-Frame-Options or CSP frame-ancestors protection',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            }),
-            missingXFrameOptions: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Missing X-Frame-Options',
-                cwe: 'CWE-1021',
-                description: 'X-Frame-Options header not set',
-                severity: 'HIGH',
-                fix: 'Set X-Frame-Options: DENY or SAMEORIGIN',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options',
-            }),
-            missingCspFrameAncestors: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Missing CSP frame-ancestors',
-                cwe: 'CWE-1021',
-                description: 'CSP frame-ancestors directive not configured',
-                severity: 'HIGH',
-                fix: 'Add frame-ancestors to Content-Security-Policy',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors',
-            }),
-            transparentFrameOverlay: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Transparent Frame Overlay',
-                cwe: 'CWE-1021',
-                description: 'Transparent elements may hide clickjacking attacks',
-                severity: 'MEDIUM',
-                fix: 'Use frame-busting or CSP protections',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            }),
-            frameManipulation: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Frame Manipulation',
-                cwe: 'CWE-1021',
-                description: 'Code attempts to manipulate parent frames',
-                severity: 'LOW',
-                fix: 'Implement proper frame communication or prevent framing',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            }),
-            implementFrameBusting: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.INFO,
-                issueName: 'Implement Frame Busting',
-                description: 'Add JavaScript to prevent framing',
-                severity: 'LOW',
-                fix: 'if (top != self) top.location = location;',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            }),
-            useXFrameOptions: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.INFO,
-                issueName: 'Use X-Frame-Options',
-                description: 'Set X-Frame-Options HTTP header',
-                severity: 'LOW',
-                fix: 'X-Frame-Options: DENY',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options',
-            }),
-            setCspFrameAncestors: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.INFO,
-                issueName: 'Set CSP frame-ancestors',
-                description: 'Configure CSP frame-ancestors directive',
-                severity: 'LOW',
-                fix: 'frame-ancestors \'self\' https://trusted.com',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors',
-            }),
-            strategyFrameProtection: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.STRATEGY,
-                issueName: 'Frame Protection Strategy',
-                description: 'Implement multiple layers of frame protection',
-                severity: 'LOW',
-                fix: 'Use X-Frame-Options, CSP, and frame-busting together',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            }),
-            strategyContentSecurity: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.STRATEGY,
-                issueName: 'Content Security Strategy',
-                description: 'Use CSP for comprehensive frame control',
-                severity: 'LOW',
-                fix: 'Implement strict CSP with frame-ancestors',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP',
-            }),
-            strategyUserInteraction: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.STRATEGY,
-                issueName: 'User Interaction Strategy',
-                description: 'Protect user interactions from framing attacks',
-                severity: 'LOW',
-                fix: 'Validate user intent for sensitive actions',
-                documentationLink: 'https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html',
-            })
-        },
-        schema: [
-            {
-                type: 'object',
-                properties: {
-                    trustedSources: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: ['self', 'same-origin'],
-                    },
-                    requireFrameBusting: {
-                        type: 'boolean',
-                        default: true,
-                    },
-                    detectTransparentOverlays: {
-                        type: 'boolean',
-                        default: true,
-                    },
-                    trustedSanitizers: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: [],
-                        description: 'Additional function names to consider as frame protectors',
-                    },
-                    trustedAnnotations: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: [],
-                        description: 'Additional JSDoc annotations to consider as safe markers',
-                    },
-                    strictMode: {
-                        type: 'boolean',
-                        default: false,
-                        description: 'Disable all false positive detection (strict mode)',
-                    },
-                },
-                additionalProperties: false,
-            },
-        ],
-    },
-    defaultOptions: [
-        {
-            trustedSources: ['self', 'same-origin'],
-            requireFrameBusting: true,
-            detectTransparentOverlays: true,
-            trustedSanitizers: [],
-            trustedAnnotations: [],
-            strictMode: false,
-        },
-    ],
-    create(context) {
-        const options = context.options[0] || {};
-        const { trustedSources = ['self', 'same-origin'], requireFrameBusting = true, detectTransparentOverlays = true, trustedSanitizers = [], trustedAnnotations = [], strictMode = false, } = options;
-        const sourceCode = context.sourceCode || context.sourceCode;
-        const filename = context.filename || context.getFilename();
-        // Create safety checker for false positive detection
-        const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
-            trustedSanitizers,
-            trustedAnnotations,
-            trustedOrmPatterns: [],
-            strictMode,
-        });
-        // Track if frame-busting code is present
-        let hasFrameBusting = false;
-        /**
-         * Check if source is trusted
-         */
-        const isTrustedSource = (source) => {
-            return trustedSources.some(trusted => source.includes(trusted) ||
-                (trusted === 'self' && (source === 'self' || source.startsWith('/'))) ||
-                (trusted === 'same-origin' && source === 'same-origin'));
-        };
-        /**
-         * Check if this is frame-busting code
-         */
-        const isFrameBustingCode = (node) => {
-            const test = node.test;
-            const testText = sourceCode.getText(test).toLowerCase();
-            // Look for common frame-busting patterns
-            return testText.includes('top != self') ||
-                testText.includes('top !== self') ||
-                testText.includes('window.top !== window.self') ||
-                testText.includes('parent != self') ||
-                testText.includes('top.location') ||
-                testText.includes('self.location');
-        };
-        /**
-         * Check for transparent/invisible elements that could hide clickjacking
-         */
-        const hasTransparentStyles = (styleText) => {
-            const styles = styleText.toLowerCase();
-            return styles.includes('opacity: 0') ||
-                styles.includes('opacity:0') ||
-                styles.includes('visibility: hidden') ||
-                styles.includes('display: none') ||
-                styles.includes('z-index: -1') ||
-                styles.includes('position: absolute') && styles.includes('top: 0') && styles.includes('left: 0');
-        };
-        return {
-            // Check for frame-busting code
-            IfStatement(node) {
-                if (isFrameBustingCode(node)) {
-                    hasFrameBusting = true;
-                }
-            },
-            // Check iframe elements (in JSX/TSX)
-            JSXElement(node) {
-                if (node.openingElement.name.type === 'JSXIdentifier' &&
-                    node.openingElement.name.name === 'iframe') {
-                    // Check iframe attributes
-                    const attributes = node.openingElement.attributes;
-                    let hasSrc = false;
-                    let srcValue = '';
-                    for (const attr of attributes) {
-                        if (attr.type === 'JSXAttribute' &&
-                            attr.name.type === 'JSXIdentifier' &&
-                            attr.name.name === 'src' &&
-                            attr.value) {
-                            hasSrc = true;
-                            if (attr.value.type === 'Literal' && typeof attr.value.value === 'string') {
-                                srcValue = attr.value.value;
-                            }
-                        }
-                    }
-                    if (hasSrc && srcValue && !isTrustedSource(srcValue)) {
-                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
-                        if (safetyChecker.isSafe(node, context)) {
-                            return;
-                        }
-                        /* c8 ignore stop */
-                        context.report({
-                            node: node.openingElement,
-                            messageId: 'unsafeIframeUsage',
-                            data: {
-                                filePath: filename,
-                                line: String(node.loc?.start.line ?? 0),
-                            },
-                        });
-                    }
-                }
-            },
-            // Check for frame manipulation code
-            MemberExpression(node) {
-                // Look for top.location or window.top manipulation
-                if (node.object.type === 'Identifier' &&
-                    (node.object.name === 'top' || node.object.name === 'window')) {
-                    if (node.property.type === 'Identifier' &&
-                        (node.property.name === 'location' || node.property.name === 'top')) {
-                        // Check if this is being assigned or compared
-                        let current = node;
-                        let isFrameManipulation = false;
-                        // Walk up to see if this is an assignment or comparison
-                        while (current && !isFrameManipulation) {
-                            if (current.type === 'AssignmentExpression' &&
-                                current.left === node) {
-                                isFrameManipulation = true;
-                                break;
-                            }
-                            if (current.type === 'BinaryExpression' &&
-                                (current.left === node || current.right === node)) {
-                                // Comparison like top != self
-                                const operator = current.operator;
-                                if (operator === '!=' || operator === '!==' ||
-                                    operator === '==' || operator === '===') {
-                                    // This might be frame-busting code
-                                    break;
-                                }
-                                isFrameManipulation = true;
-                                break;
-                            }
-                            current = current.parent;
-                        }
-                        if (isFrameManipulation) {
-                            /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
-                            if (safetyChecker.isSafe(node, context)) {
-                                return;
-                            }
-                            /* c8 ignore stop */
-                            context.report({
-                                node,
-                                messageId: 'frameManipulation',
-                                data: {
-                                    filePath: filename,
-                                    line: String(node.loc?.start.line ?? 0),
-                                },
-                            });
-                        }
-                    }
-                }
-            },
-            // Check for CSS that could hide clickjacking attacks
-            Literal(node) {
-                if (typeof node.value === 'string' && detectTransparentOverlays) {
-                    // Check if this looks like CSS
-                    const text = node.value.toLowerCase();
-                    if ((text.includes('style=') || text.includes('css')) &&
-                        hasTransparentStyles(text)) {
-                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
-                        if (safetyChecker.isSafe(node, context)) {
-                            return;
-                        }
-                        /* c8 ignore stop */
-                        context.report({
-                            node,
-                            messageId: 'transparentFrameOverlay',
-                            data: {
-                                filePath: filename,
-                                line: String(node.loc?.start.line ?? 0),
-                            },
-                        });
-                    }
-                }
-            },
-            // Check template literals for CSS
-            TemplateLiteral(node) {
-                if (detectTransparentOverlays) {
-                    const text = sourceCode.getText(node).toLowerCase();
-                    if (text.includes('style') && hasTransparentStyles(text)) {
-                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
-                        if (safetyChecker.isSafe(node, context)) {
-                            return;
-                        }
-                        /* c8 ignore stop */
-                        context.report({
-                            node,
-                            messageId: 'transparentFrameOverlay',
-                            data: {
-                                filePath: filename,
-                                line: String(node.loc?.start.line ?? 0),
-                            },
-                        });
-                    }
-                }
-            },
-            // At the end of the file, check if frame-busting is required but missing
-            'Program:exit'() {
-                if (requireFrameBusting && !hasFrameBusting) {
-                    // Only check files that are likely entry points or render HTML
-                    const isEntryPoint = /\.(html|htm)$/.test(filename) ||
-                        /(index|app|main|page)\.(tsx|jsx)$/i.test(filename) ||
-                        /pages?\/.*\.(tsx|jsx)$/i.test(filename) ||
-                        /layout\.(tsx|jsx)$/i.test(filename);
-                    // Skip non-entry point files
-                    if (!isEntryPoint) {
-                        return;
-                    }
-                    // Check if this file has actual UI rendering (JSX elements with event handlers)
-                    const fileContent = sourceCode.getText();
-                    const hasUIElements = fileContent.includes('<button') ||
-                        fileContent.includes('<form') ||
-                        fileContent.includes('<input') ||
-                        (fileContent.includes('onClick') && fileContent.includes('<'));
-                    if (hasUIElements) {
-                        context.report({
-                            node: context.sourceCode.ast,
-                            messageId: 'missingFrameBusting',
-                            data: {
-                                filePath: filename,
-                                line: '1',
-                            },
-                        });
-                    }
-                }
-            }
-        };
-    },
-});

package/src/rules/no-client-side-auth-logic/index.d.ts

@@ -1,6 +0,0 @@
-/**
- * @fileoverview Prevent authentication logic in client code
- */
-export interface Options {
-}
-export declare const noClientSideAuthLogic: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-client-side-auth-logic/index.js

@@ -1,69 +0,0 @@
-"use strict";
-/**
- * @fileoverview Prevent authentication logic in client code
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noClientSideAuthLogic = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-exports.noClientSideAuthLogic = (0, eslint_devkit_1.createRule)({
-    name: 'no-client-side-auth-logic',
-    meta: {
-        type: 'problem',
-        docs: {
-            description: 'Prevent authentication logic in client code',
-        },
-        messages: {
-            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.SECURITY,
-                issueName: 'Client-Side Auth Logic',
-                cwe: 'CWE-602',
-                description: 'Authentication logic in client code - easily bypassed',
-                severity: 'CRITICAL',
-                fix: 'Move authentication checks to the server',
-                documentationLink: 'https://cwe.mitre.org/data/definitions/602.html',
-            })
-        },
-        schema: [],
-    },
-    defaultOptions: [],
-    create(context) {
-        function report(node) {
-            context.report({ node, messageId: 'violationDetected' });
-        }
-        const authKeywords = ['admin', 'authenticated', 'authorized', 'isAdmin', 'isAuthenticated', 'role'];
-        return {
-            IfStatement(node) {
-                // Detect role/auth checks from localStorage
-                if (node.test.type === 'CallExpression' &&
-                    node.test.callee.type === 'MemberExpression' &&
-                    node.test.callee.object.type === 'Identifier' &&
-                    node.test.callee.object.name === 'localStorage' &&
-                    node.test.callee.property.type === 'Identifier' &&
-                    node.test.callee.property.name === 'getItem') {
-                    const keyArg = node.test.arguments[0];
-                    if (keyArg && keyArg.type === 'Literal') {
-                        const key = String(keyArg.value).toLowerCase();
-                        if (authKeywords.some(kw => key.includes(kw))) {
-                            report(node);
-                        }
-                    }
-                }
-                // Detect password comparison
-                if (node.test.type === 'BinaryExpression') {
-                    const checkMember = (expr) => {
-                        if (expr.type === 'MemberExpression' &&
-                            expr.property.type === 'Identifier' &&
-                            ['password', 'secret', 'token'].includes(expr.property.name)) {
-                            return true;
-                        }
-                        return false;
-                    };
-                    if (checkMember(node.test.left) ||
-                        checkMember(node.test.right)) {
-                        report(node);
-                    }
-                }
-            },
-        };
-    },
-});

package/src/rules/no-credentials-in-query-params/index.d.ts

@@ -1,8 +0,0 @@
-/**
- * @fileoverview Disallow credentials in URL query parameters
- * @see https://owasp.org/www-project-mobile-top-10/
- * @see https://cwe.mitre.org/data/definitions/598.html
- */
-export interface Options {
-}
-export declare const noCredentialsInQueryParams: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-credentials-in-query-params/index.js

@@ -1,57 +0,0 @@
-"use strict";
-/**
- * @fileoverview Disallow credentials in URL query parameters
- * @see https://owasp.org/www-project-mobile-top-10/
- * @see https://cwe.mitre.org/data/definitions/598.html
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noCredentialsInQueryParams = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-exports.noCredentialsInQueryParams = (0, eslint_devkit_1.createRule)({
-    name: 'no-credentials-in-query-params',
-    meta: {
-        type: 'problem',
-        docs: {
-            description: 'Disallow credentials in URL query parameters',
-        },
-        messages: {
-            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.SECURITY,
-                issueName: 'Credentials in Query Parameters',
-                cwe: 'CWE-798',
-                description: 'Credentials detected in URL query parameters - this is a security risk',
-                severity: 'CRITICAL',
-                fix: 'Use secure methods: POST body, headers (Authorization), or secure cookies',
-                documentationLink: 'https://cwe.mitre.org/data/definitions/798.html',
-            })
-        },
-        schema: [],
-    },
-    defaultOptions: [],
-    create(context) {
-        const sourceCode = context.sourceCode;
-        const sensitiveParams = ['password=', 'token=', 'apikey=', 'secret=', 'auth='];
-        function report(node) {
-            context.report({
-                node,
-                messageId: 'violationDetected',
-            });
-        }
-        return {
-            Literal(node) {
-                if (typeof node.value === 'string') {
-                    const url = node.value.toLowerCase();
-                    if (sensitiveParams.some(param => url.includes('?' + param) || url.includes('&' + param))) {
-                        report(node);
-                    }
-                }
-            },
-            TemplateLiteral(node) {
-                const text = sourceCode.getText(node).toLowerCase();
-                if (sensitiveParams.some(param => text.includes(param))) {
-                    report(node);
-                }
-            },
-        };
-    },
-});

package/src/rules/no-data-in-temp-storage/index.d.ts

@@ -1,6 +0,0 @@
-/**
- * @fileoverview Prevent sensitive data in temp directories
- */
-export interface Options {
-}
-export declare const noDataInTempStorage: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-data-in-temp-storage/index.js

@@ -1,64 +0,0 @@
-"use strict";
-/**
- * @fileoverview Prevent sensitive data in temp directories
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noDataInTempStorage = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-exports.noDataInTempStorage = (0, eslint_devkit_1.createRule)({
-    name: 'no-data-in-temp-storage',
-    meta: {
-        type: 'problem',
-        docs: {
-            description: 'Prevent sensitive data in temp directories',
-        },
-        messages: {
-            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.SECURITY,
-                issueName: 'Temp Storage Data',
-                cwe: 'CWE-312',
-                description: 'Sensitive data written to temp directory - not secure',
-                severity: 'HIGH',
-                fix: 'Use secure storage location or encrypt data before writing',
-                documentationLink: 'https://cwe.mitre.org/data/definitions/312.html',
-            })
-        },
-        schema: [],
-    },
-    defaultOptions: [],
-    create(context) {
-        function report(node) {
-            context.report({ node, messageId: 'violationDetected' });
-        }
-        const tempPaths = ['/tmp', '/var/tmp', 'temp/', '/temp'];
-        return {
-            CallExpression(node) {
-                // Detect fs.writeFileSync or fs.writeFile with temp path
-                if (node.callee.type === 'MemberExpression' &&
-                    node.callee.object.type === 'Identifier' &&
-                    node.callee.object.name === 'fs' &&
-                    node.callee.property.type === 'Identifier' &&
-                    ['writeFileSync', 'writeFile'].includes(node.callee.property.name)) {
-                    const pathArg = node.arguments[0];
-                    if (pathArg && pathArg.type === 'Literal' && typeof pathArg.value === 'string') {
-                        if (tempPaths.some(tp => pathArg.value.includes(tp))) {
-                            report(node);
-                        }
-                    }
-                }
-            },
-            Literal(node) {
-                // Detect temp path literals
-                if (typeof node.value === 'string') {
-                    if (tempPaths.some(tp => node.value.includes(tp))) {
-                        // Only flag if parent is assignment or variable declaration
-                        const parent = node.parent;
-                        if (parent?.type === 'VariableDeclarator' || parent?.type === 'AssignmentExpression') {
-                            report(node);
-                        }
-                    }
-                }
-            },
-        };
-    },
-});

package/src/rules/no-debug-code-in-production/index.d.ts

@@ -1,8 +0,0 @@
-/**
- * @fileoverview Detect debug code in production
- * @see https://owasp.org/www-project-mobile-top-10/
- * @see https://cwe.mitre.org/data/definitions/489.html
- */
-export interface Options {
-}
-export declare const noDebugCodeInProduction: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;