eslint-plugin-secure-coding 3.0.1 → 3.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +1 -1
- package/README.md +41 -206
- package/package.json +6 -5
- package/src/index.d.ts +2 -2
- package/src/index.js +29 -263
- package/src/rules/detect-non-literal-regexp/index.d.ts +3 -1
- package/src/rules/detect-object-injection/index.d.ts +3 -1
- package/src/rules/detect-object-injection/index.js +63 -0
- package/src/rules/detect-weak-password-validation/index.d.ts +3 -1
- package/src/rules/no-directive-injection/index.d.ts +3 -1
- package/src/rules/no-electron-security-issues/index.d.ts +3 -1
- package/src/rules/no-format-string-injection/index.d.ts +3 -1
- package/src/rules/no-graphql-injection/index.d.ts +10 -1
- package/src/rules/no-graphql-injection/index.js +294 -38
- package/src/rules/no-hardcoded-credentials/index.d.ts +3 -1
- package/src/rules/no-hardcoded-session-tokens/index.d.ts +3 -1
- package/src/rules/no-improper-sanitization/index.d.ts +3 -1
- package/src/rules/no-improper-type-validation/index.d.ts +3 -1
- package/src/rules/no-insecure-comparison/index.d.ts +3 -1
- package/src/rules/no-insecure-comparison/index.js +9 -0
- package/src/rules/no-ldap-injection/index.d.ts +3 -1
- package/src/rules/no-missing-authentication/index.d.ts +3 -1
- package/src/rules/no-missing-authentication/index.js +0 -1
- package/src/rules/no-pii-in-logs/index.d.ts +3 -1
- package/src/rules/no-privilege-escalation/index.d.ts +3 -1
- package/src/rules/no-redos-vulnerable-regex/index.d.ts +3 -1
- package/src/rules/no-sensitive-data-exposure/index.d.ts +3 -1
- package/src/rules/no-sensitive-data-exposure/index.js +33 -18
- package/src/rules/no-unchecked-loop-condition/index.d.ts +3 -1
- package/src/rules/no-unlimited-resource-allocation/index.d.ts +3 -1
- package/src/rules/no-unsafe-deserialization/index.d.ts +3 -1
- package/src/rules/no-unsafe-regex-construction/index.d.ts +3 -1
- package/src/rules/no-weak-password-recovery/index.d.ts +3 -1
- package/src/rules/no-xpath-injection/index.d.ts +3 -1
- package/src/rules/no-xpath-injection/index.js +26 -2
- package/src/rules/no-xxe-injection/index.d.ts +3 -1
- package/src/rules/require-backend-authorization/index.d.ts +3 -1
- package/src/rules/require-secure-defaults/index.d.ts +3 -1
- package/src/types/index.d.ts +5 -52
- package/src/rules/detect-child-process/index.d.ts +0 -28
- package/src/rules/detect-child-process/index.js +0 -534
- package/src/rules/detect-eval-with-expression/index.d.ts +0 -26
- package/src/rules/detect-eval-with-expression/index.js +0 -397
- package/src/rules/detect-mixed-content/index.d.ts +0 -10
- package/src/rules/detect-mixed-content/index.js +0 -45
- package/src/rules/detect-non-literal-fs-filename/index.d.ts +0 -24
- package/src/rules/detect-non-literal-fs-filename/index.js +0 -459
- package/src/rules/detect-suspicious-dependencies/index.d.ts +0 -10
- package/src/rules/detect-suspicious-dependencies/index.js +0 -76
- package/src/rules/no-allow-arbitrary-loads/index.d.ts +0 -10
- package/src/rules/no-allow-arbitrary-loads/index.js +0 -48
- package/src/rules/no-arbitrary-file-access/index.d.ts +0 -10
- package/src/rules/no-arbitrary-file-access/index.js +0 -200
- package/src/rules/no-buffer-overread/index.d.ts +0 -37
- package/src/rules/no-buffer-overread/index.js +0 -611
- package/src/rules/no-clickjacking/index.d.ts +0 -34
- package/src/rules/no-clickjacking/index.js +0 -401
- package/src/rules/no-client-side-auth-logic/index.d.ts +0 -10
- package/src/rules/no-client-side-auth-logic/index.js +0 -74
- package/src/rules/no-credentials-in-query-params/index.d.ts +0 -10
- package/src/rules/no-credentials-in-query-params/index.js +0 -62
- package/src/rules/no-data-in-temp-storage/index.d.ts +0 -10
- package/src/rules/no-data-in-temp-storage/index.js +0 -69
- package/src/rules/no-debug-code-in-production/index.d.ts +0 -10
- package/src/rules/no-debug-code-in-production/index.js +0 -54
- package/src/rules/no-disabled-certificate-validation/index.d.ts +0 -10
- package/src/rules/no-disabled-certificate-validation/index.js +0 -66
- package/src/rules/no-dynamic-dependency-loading/index.d.ts +0 -10
- package/src/rules/no-dynamic-dependency-loading/index.js +0 -54
- package/src/rules/no-exposed-debug-endpoints/index.d.ts +0 -10
- package/src/rules/no-exposed-debug-endpoints/index.js +0 -67
- package/src/rules/no-exposed-sensitive-data/index.d.ts +0 -28
- package/src/rules/no-exposed-sensitive-data/index.js +0 -345
- package/src/rules/no-http-urls/index.d.ts +0 -15
- package/src/rules/no-http-urls/index.js +0 -119
- package/src/rules/no-insecure-redirects/index.d.ts +0 -24
- package/src/rules/no-insecure-redirects/index.js +0 -221
- package/src/rules/no-insecure-websocket/index.d.ts +0 -10
- package/src/rules/no-insecure-websocket/index.js +0 -66
- package/src/rules/no-missing-cors-check/index.d.ts +0 -26
- package/src/rules/no-missing-cors-check/index.js +0 -404
- package/src/rules/no-missing-csrf-protection/index.d.ts +0 -28
- package/src/rules/no-missing-csrf-protection/index.js +0 -185
- package/src/rules/no-missing-security-headers/index.d.ts +0 -24
- package/src/rules/no-missing-security-headers/index.js +0 -223
- package/src/rules/no-password-in-url/index.d.ts +0 -10
- package/src/rules/no-password-in-url/index.js +0 -55
- package/src/rules/no-permissive-cors/index.d.ts +0 -10
- package/src/rules/no-permissive-cors/index.js +0 -74
- package/src/rules/no-sensitive-data-in-analytics/index.d.ts +0 -10
- package/src/rules/no-sensitive-data-in-analytics/index.js +0 -66
- package/src/rules/no-sensitive-data-in-cache/index.d.ts +0 -10
- package/src/rules/no-sensitive-data-in-cache/index.js +0 -53
- package/src/rules/no-toctou-vulnerability/index.d.ts +0 -24
- package/src/rules/no-toctou-vulnerability/index.js +0 -213
- package/src/rules/no-tracking-without-consent/index.d.ts +0 -10
- package/src/rules/no-tracking-without-consent/index.js +0 -72
- package/src/rules/no-unencrypted-transmission/index.d.ts +0 -28
- package/src/rules/no-unencrypted-transmission/index.js +0 -241
- package/src/rules/no-unescaped-url-parameter/index.d.ts +0 -26
- package/src/rules/no-unescaped-url-parameter/index.js +0 -360
- package/src/rules/no-unsafe-dynamic-require/index.d.ts +0 -17
- package/src/rules/no-unsafe-dynamic-require/index.js +0 -111
- package/src/rules/no-unvalidated-deeplinks/index.d.ts +0 -10
- package/src/rules/no-unvalidated-deeplinks/index.js +0 -67
- package/src/rules/no-unvalidated-user-input/index.d.ts +0 -26
- package/src/rules/no-unvalidated-user-input/index.js +0 -425
- package/src/rules/no-verbose-error-messages/index.d.ts +0 -10
- package/src/rules/no-verbose-error-messages/index.js +0 -73
- package/src/rules/no-zip-slip/index.d.ts +0 -33
- package/src/rules/no-zip-slip/index.js +0 -450
- package/src/rules/require-code-minification/index.d.ts +0 -10
- package/src/rules/require-code-minification/index.js +0 -48
- package/src/rules/require-csp-headers/index.d.ts +0 -10
- package/src/rules/require-csp-headers/index.js +0 -69
- package/src/rules/require-data-minimization/index.d.ts +0 -10
- package/src/rules/require-data-minimization/index.js +0 -55
- package/src/rules/require-dependency-integrity/index.d.ts +0 -10
- package/src/rules/require-dependency-integrity/index.js +0 -69
- package/src/rules/require-https-only/index.d.ts +0 -10
- package/src/rules/require-https-only/index.js +0 -67
- package/src/rules/require-mime-type-validation/index.d.ts +0 -10
- package/src/rules/require-mime-type-validation/index.js +0 -71
- package/src/rules/require-network-timeout/index.d.ts +0 -10
- package/src/rules/require-network-timeout/index.js +0 -57
- package/src/rules/require-package-lock/index.d.ts +0 -10
- package/src/rules/require-package-lock/index.js +0 -64
- package/src/rules/require-secure-credential-storage/index.d.ts +0 -10
- package/src/rules/require-secure-credential-storage/index.js +0 -53
- package/src/rules/require-secure-deletion/index.d.ts +0 -10
- package/src/rules/require-secure-deletion/index.js +0 -45
- package/src/rules/require-storage-encryption/index.d.ts +0 -10
- package/src/rules/require-storage-encryption/index.js +0 -53
- package/src/rules/require-url-validation/index.d.ts +0 -10
- package/src/rules/require-url-validation/index.js +0 -77
package/AGENTS.md
CHANGED
package/README.md
CHANGED
|
@@ -10,13 +10,14 @@
|
|
|
10
10
|
<a href="https://www.npmjs.com/package/eslint-plugin-secure-coding" target="_blank"><img src="https://img.shields.io/npm/v/eslint-plugin-secure-coding.svg" alt="NPM Version" /></a>
|
|
11
11
|
<a href="https://www.npmjs.com/package/eslint-plugin-secure-coding" target="_blank"><img src="https://img.shields.io/npm/dm/eslint-plugin-secure-coding.svg" alt="NPM Downloads" /></a>
|
|
12
12
|
<a href="https://opensource.org/licenses/MIT" target="_blank"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="Package License" /></a>
|
|
13
|
-
<a href="https://app.codecov.io/gh/ofri-peretz/eslint/components?components%5B0%5D=secure-coding" target="_blank"><img src="https://codecov.io/gh/ofri-peretz/eslint/graph/badge.svg?component=secure-coding" alt="Codecov" /></a>
|
|
13
|
+
<a href="https://app.codecov.io/gh/ofri-peretz/eslint/components?components%5B0%5D=eslint-plugin-secure-coding" target="_blank"><img src="https://codecov.io/gh/ofri-peretz/eslint/graph/badge.svg?component=eslint-plugin-secure-coding" alt="Codecov" /></a>
|
|
14
14
|
<a href="https://github.com/ofri-peretz/eslint" target="_blank"><img src="https://img.shields.io/badge/Since-Dec_2025-blue?logo=rocket&logoColor=white" alt="Since Dec 2025" /></a>
|
|
15
15
|
</p>
|
|
16
16
|
|
|
17
17
|
## Description
|
|
18
18
|
|
|
19
|
-
This plugin provides
|
|
19
|
+
This plugin provides General secure coding practices and OWASP compliance for JavaScript/TypeScript.
|
|
20
|
+
By using this plugin, you can proactively identify and mitigate security risks across your entire codebase.
|
|
20
21
|
|
|
21
22
|
## Philosophy
|
|
22
23
|
|
|
@@ -24,12 +25,12 @@ This plugin provides a comprehensive set of security rules for JavaScript and Ty
|
|
|
24
25
|
|
|
25
26
|
## Getting Started
|
|
26
27
|
|
|
27
|
-
- To check out the [guide](https://eslint.interlace.tools/docs/secure-coding), visit [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
28
|
-
- 要查看中文 [指南](https://eslint.interlace.tools/docs/secure-coding), 请访问 [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
29
|
-
- [가이드](https://eslint.interlace.tools/docs/secure-coding) 문서는 [eslint.interlace.tools](https://eslint.interlace.tools)에서 확인하실 수 있습니다. 📚
|
|
30
|
-
- [ガイド](https://eslint.interlace.tools/docs/secure-coding)は [eslint.interlace.tools](https://eslint.interlace.tools)でご確認ください。 📚
|
|
31
|
-
- Para ver la [guía](https://eslint.interlace.tools/docs/secure-coding), visita [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
32
|
-
- للاطلاع على [الدليل](https://eslint.interlace.tools/docs/secure-coding)، قم بزيارة [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
28
|
+
- To check out the [guide](https://eslint.interlace.tools/docs/security/plugin-secure-coding), visit [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
29
|
+
- 要查看中文 [指南](https://eslint.interlace.tools/docs/security/plugin-secure-coding), 请访问 [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
30
|
+
- [가이드](https://eslint.interlace.tools/docs/security/plugin-secure-coding) 문서는 [eslint.interlace.tools](https://eslint.interlace.tools)에서 확인하실 수 있습니다. 📚
|
|
31
|
+
- [ガイド](https://eslint.interlace.tools/docs/security/plugin-secure-coding)は [eslint.interlace.tools](https://eslint.interlace.tools)でご確認ください。 📚
|
|
32
|
+
- Para ver la [guía](https://eslint.interlace.tools/docs/security/plugin-secure-coding), visita [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
33
|
+
- للاطلاع على [الدليل](https://eslint.interlace.tools/docs/security/plugin-secure-coding)، قم بزيارة [eslint.interlace.tools](https://eslint.interlace.tools). 📚
|
|
33
34
|
|
|
34
35
|
```bash
|
|
35
36
|
npm install eslint-plugin-secure-coding --save-dev
|
|
@@ -46,122 +47,6 @@ npm install eslint-plugin-secure-coding --save-dev
|
|
|
46
47
|
|
|
47
48
|
---
|
|
48
49
|
|
|
49
|
-
## 🏢 Enterprise Integration Example
|
|
50
|
-
|
|
51
|
-
```bash
|
|
52
|
-
# Install once at the repo root
|
|
53
|
-
pnpm add -D eslint-plugin-secure-coding
|
|
54
|
-
|
|
55
|
-
# eslint.config.js (org-standard)
|
|
56
|
-
import secureCoding from 'eslint-plugin-secure-coding';
|
|
57
|
-
|
|
58
|
-
export default [
|
|
59
|
-
// Baseline for all services (balanced)
|
|
60
|
-
secureCoding.configs.recommended,
|
|
61
|
-
|
|
62
|
-
// Add OWASP Top 10 enforcement for internet-facing apps
|
|
63
|
-
{
|
|
64
|
-
files: ['apps/web/**'],
|
|
65
|
-
...secureCoding.configs['owasp-top-10'],
|
|
66
|
-
},
|
|
67
|
-
|
|
68
|
-
// Add OWASP Mobile Top 10 for mobile/native apps
|
|
69
|
-
{
|
|
70
|
-
files: ['apps/mobile/**'],
|
|
71
|
-
...secureCoding.configs['owasp-mobile-top-10'],
|
|
72
|
-
},
|
|
73
|
-
|
|
74
|
-
// Force strict mode for critical backend services
|
|
75
|
-
{
|
|
76
|
-
files: ['services/payments/**', 'services/auth/**'],
|
|
77
|
-
...secureCoding.configs.strict,
|
|
78
|
-
},
|
|
79
|
-
];
|
|
80
|
-
```
|
|
81
|
-
|
|
82
|
-
What this gives organizations:
|
|
83
|
-
|
|
84
|
-
- OWASP/CWE/CVSS metadata in every finding for compliance mapping
|
|
85
|
-
- Consistent, LLM-ready fixes that teammates and AI can apply safely
|
|
86
|
-
- Tiered policies (baseline, OWASP-focused, strict) per surface area
|
|
87
|
-
|
|
88
|
-
---
|
|
89
|
-
|
|
90
|
-
## 🧭 Type-safe rule configuration (eslint.config.ts)
|
|
91
|
-
|
|
92
|
-
This package ships rule option types to keep flat configs type-safe.
|
|
93
|
-
|
|
94
|
-
```ts
|
|
95
|
-
import type { Linter } from 'eslint';
|
|
96
|
-
import type { AllSecurityRulesOptions } from 'eslint-plugin-secure-coding/types';
|
|
97
|
-
import secureCoding from 'eslint-plugin-secure-coding';
|
|
98
|
-
|
|
99
|
-
const secureCodingRuleOptions: AllSecurityRulesOptions = {
|
|
100
|
-
'no-sql-injection': { strategy: 'parameterize' },
|
|
101
|
-
'no-unsafe-deserialization': { allowJSON: false },
|
|
102
|
-
};
|
|
103
|
-
|
|
104
|
-
export default [
|
|
105
|
-
{
|
|
106
|
-
...secureCoding.configs.recommended,
|
|
107
|
-
rules: {
|
|
108
|
-
...secureCoding.configs.recommended.rules,
|
|
109
|
-
'secure-coding/no-sql-injection': [
|
|
110
|
-
'error',
|
|
111
|
-
secureCodingRuleOptions['no-sql-injection'],
|
|
112
|
-
],
|
|
113
|
-
'secure-coding/no-unsafe-deserialization': [
|
|
114
|
-
'error',
|
|
115
|
-
secureCodingRuleOptions['no-unsafe-deserialization'],
|
|
116
|
-
],
|
|
117
|
-
},
|
|
118
|
-
},
|
|
119
|
-
secureCoding.configs['owasp-top-10'],
|
|
120
|
-
secureCoding.configs.strict,
|
|
121
|
-
] satisfies Linter.FlatConfig[];
|
|
122
|
-
```
|
|
123
|
-
|
|
124
|
-
---
|
|
125
|
-
|
|
126
|
-
## AI-Optimized Messages
|
|
127
|
-
|
|
128
|
-
This plugin is optimized for ESLint's [Model Context Protocol (MCP)](https://eslint.org/docs/latest/use/mcp), enabling AI assistants like **Cursor**, **GitHub Copilot**, and **Claude** to:
|
|
129
|
-
|
|
130
|
-
- Understand the exact vulnerability type via CWE references
|
|
131
|
-
- Apply the correct fix using structured guidance
|
|
132
|
-
- Provide educational context to developers
|
|
133
|
-
|
|
134
|
-
```bash
|
|
135
|
-
src/api.ts
|
|
136
|
-
42:15 error 🔒 CWE-89 OWASP:A03-Injection CVSS:9.8 | SQL Injection detected | CRITICAL [SOC2,PCI-DSS,HIPAA]
|
|
137
|
-
Fix: Use parameterized query: db.query("SELECT * FROM users WHERE id = ?", [userId]) | https://owasp.org/...
|
|
138
|
-
```
|
|
139
|
-
|
|
140
|
-
```json
|
|
141
|
-
// .cursor/mcp.json
|
|
142
|
-
{
|
|
143
|
-
"mcpServers": {
|
|
144
|
-
"eslint": {
|
|
145
|
-
"command": "npx",
|
|
146
|
-
"args": ["@eslint/mcp@latest"]
|
|
147
|
-
}
|
|
148
|
-
}
|
|
149
|
-
}
|
|
150
|
-
```
|
|
151
|
-
|
|
152
|
-
By providing this structured context (CWE, OWASP, Fix), we enable AI tools to **reason** about the security flaw rather than hallucinating. This allows Copilot/Cursor to suggest the _exact_ correct fix immediately.
|
|
153
|
-
|
|
154
|
-
---
|
|
155
|
-
|
|
156
|
-
## 🔒 Privacy
|
|
157
|
-
|
|
158
|
-
This plugin runs **100% locally**. No data ever leaves your machine.
|
|
159
|
-
|
|
160
|
-
---
|
|
161
|
-
|
|
162
|
-
**Q: Does it work with ESLint 9 flat config?**
|
|
163
|
-
A: Yes, fully compatible.
|
|
164
|
-
|
|
165
50
|
## Rules
|
|
166
51
|
|
|
167
52
|
**Legend**
|
|
@@ -174,86 +59,35 @@ A: Yes, fully compatible.
|
|
|
174
59
|
| 💡 | **Suggestions**: Providing code suggestions in IDE. |
|
|
175
60
|
| 🚫 | **Deprecated**: This rule is deprecated. |
|
|
176
61
|
|
|
177
|
-
| Rule
|
|
178
|
-
|
|
|
179
|
-
| [
|
|
180
|
-
| [
|
|
181
|
-
| [detect-
|
|
182
|
-
| [
|
|
183
|
-
| [no-
|
|
184
|
-
| [no-
|
|
185
|
-
| [no-
|
|
186
|
-
| [no-
|
|
187
|
-
| [no-
|
|
188
|
-
| [no-
|
|
189
|
-
| [no-
|
|
190
|
-
| [no-
|
|
191
|
-
| [no-
|
|
192
|
-
| [no-
|
|
193
|
-
| [no-
|
|
194
|
-
| [no-
|
|
195
|
-
| [no-
|
|
196
|
-
| [
|
|
197
|
-
| [
|
|
198
|
-
| [
|
|
199
|
-
| [no-
|
|
200
|
-
| [no-
|
|
201
|
-
| [no-
|
|
202
|
-
| [
|
|
203
|
-
| [
|
|
204
|
-
| [
|
|
205
|
-
| [
|
|
206
|
-
| [no-tracking-without-consent](https://eslint.interlace.tools/docs/secure-coding/rules/no-tracking-without-consent) | CWE-359 | | 7.5 | [no-tracking-without-consent](./docs/rules/no-tracking-without-consent.md) | | | | | |
|
|
207
|
-
| [no-sensitive-data-in-analytics](https://eslint.interlace.tools/docs/secure-coding/rules/no-sensitive-data-in-analytics) | CWE-359 | | 7.5 | [no-sensitive-data-in-analytics](./docs/rules/no-sensitive-data-in-analytics.md) | | | | | |
|
|
208
|
-
| [require-data-minimization](https://eslint.interlace.tools/docs/secure-coding/rules/require-data-minimization) | CWE-213 | | 7.5 | [require-data-minimization](./docs/rules/require-data-minimization.md) | | | | | |
|
|
209
|
-
| [no-debug-code-in-production](https://eslint.interlace.tools/docs/secure-coding/rules/no-debug-code-in-production) | CWE-489 | | 7.5 | [no-debug-code-in-production](./docs/rules/no-debug-code-in-production.md) | | | | | |
|
|
210
|
-
| [require-code-minification](https://eslint.interlace.tools/docs/secure-coding/rules/require-code-minification) | CWE-656 | | 7.5 | [require-code-minification](./docs/rules/require-code-minification.md) | | | | | |
|
|
211
|
-
| [no-verbose-error-messages](https://eslint.interlace.tools/docs/secure-coding/rules/no-verbose-error-messages) | CWE-209 | | 7.5 | [no-verbose-error-messages](./docs/rules/no-verbose-error-messages.md) | | ⚠️ | | | |
|
|
212
|
-
| [require-secure-defaults](https://eslint.interlace.tools/docs/secure-coding/rules/require-secure-defaults) | CWE-276 | | 7.5 | [require-secure-defaults](./docs/rules/require-secure-defaults.md) | | | | | |
|
|
213
|
-
| [no-sensitive-data-in-cache](https://eslint.interlace.tools/docs/secure-coding/rules/no-sensitive-data-in-cache) | CWE-524 | | 7.5 | [no-sensitive-data-in-cache](./docs/rules/no-sensitive-data-in-cache.md) | | | | | |
|
|
214
|
-
| [no-data-in-temp-storage](https://eslint.interlace.tools/docs/secure-coding/rules/no-data-in-temp-storage) | CWE-312 | | 7.5 | [no-data-in-temp-storage](./docs/rules/no-data-in-temp-storage.md) | | | | | |
|
|
215
|
-
| [require-secure-deletion](https://eslint.interlace.tools/docs/secure-coding/rules/require-secure-deletion) | CWE-459 | | 7.5 | [require-secure-deletion](./docs/rules/require-secure-deletion.md) | | | | | |
|
|
216
|
-
| [require-storage-encryption](https://eslint.interlace.tools/docs/secure-coding/rules/require-storage-encryption) | CWE-311 | | 7.5 | [require-storage-encryption](./docs/rules/require-storage-encryption.md) | | | | | |
|
|
217
|
-
| [no-unencrypted-local-storage](https://eslint.interlace.tools/docs/secure-coding/rules/no-unencrypted-local-storage) | CWE-312 | | 7.5 | [no-unencrypted-local-storage](./docs/rules/no-unencrypted-local-storage.md) | | | | | |
|
|
218
|
-
| [require-credential-storage](https://eslint.interlace.tools/docs/secure-coding/rules/require-credential-storage) | CWE-522 | | 7.5 | [require-credential-storage](./docs/rules/require-credential-storage.md) | | | | | |
|
|
219
|
-
| [no-exposed-debug-endpoints](https://eslint.interlace.tools/docs/secure-coding/rules/no-exposed-debug-endpoints) | CWE-489 | | 7.5 | [no-exposed-debug-endpoints](./docs/rules/no-exposed-debug-endpoints.md) | | | | | |
|
|
220
|
-
| [detect-non-literal-fs-filename](https://eslint.interlace.tools/docs/secure-coding/rules/detect-non-literal-fs-filename) | CWE-22 | | 7.5 | [detect-non-literal-fs-filename](./docs/rules/detect-non-literal-fs-filename.md) | 💼 | | | | |
|
|
221
|
-
| [no-zip-slip](https://eslint.interlace.tools/docs/secure-coding/rules/no-zip-slip) | CWE-22 | | 8.1 | [no-zip-slip](./docs/rules/no-zip-slip.md) | 💼 | | | | |
|
|
222
|
-
| [no-toctou-vulnerability](https://eslint.interlace.tools/docs/secure-coding/rules/no-toctou-vulnerability) | CWE-367 | | 7.0 | [no-toctou-vulnerability](./docs/rules/no-toctou-vulnerability.md) | 💼 | | | 💡 | |
|
|
223
|
-
| [detect-non-literal-regexp](https://eslint.interlace.tools/docs/secure-coding/rules/detect-non-literal-regexp) | CWE-400 | | 7.5 | [detect-non-literal-regexp](./docs/rules/detect-non-literal-regexp.md) | | ⚠️ | | | |
|
|
224
|
-
| [no-redos-vulnerable-regex](https://eslint.interlace.tools/docs/secure-coding/rules/no-redos-vulnerable-regex) | CWE-1333 | | 7.5 | [no-redos-vulnerable-regex](./docs/rules/no-redos-vulnerable-regex.md) | 💼 | | | 💡 | |
|
|
225
|
-
| [no-unsafe-regex-construction](https://eslint.interlace.tools/docs/secure-coding/rules/no-unsafe-regex-construction) | CWE-400 | | 7.5 | [no-unsafe-regex-construction](./docs/rules/no-unsafe-regex-construction.md) | | ⚠️ | | 💡 | |
|
|
226
|
-
| [detect-object-injection](https://eslint.interlace.tools/docs/secure-coding/rules/detect-object-injection) | CWE-915 | | 7.3 | [detect-object-injection](./docs/rules/detect-object-injection.md) | | ⚠️ | | | |
|
|
227
|
-
| [no-unsafe-deserialization](https://eslint.interlace.tools/docs/secure-coding/rules/no-unsafe-deserialization) | CWE-502 | | 9.8 | [no-unsafe-deserialization](./docs/rules/no-unsafe-deserialization.md) | 💼 | | | | |
|
|
228
|
-
| [no-weak-crypto](https://eslint.interlace.tools/docs/secure-coding/rules/no-weak-crypto) | CWE-327 | | 7.5 | [no-weak-crypto](./docs/rules/no-weak-crypto.md) | 💼 | | | | 🚫 |
|
|
229
|
-
| [no-insufficient-random](https://eslint.interlace.tools/docs/secure-coding/rules/no-insufficient-random) | CWE-330 | | 5.3 | [no-insufficient-random](./docs/rules/no-insufficient-random.md) | | ⚠️ | | | 🚫 |
|
|
230
|
-
| [no-timing-attack](https://eslint.interlace.tools/docs/secure-coding/rules/no-timing-attack) | CWE-208 | | 5.9 | [no-timing-attack](./docs/rules/no-timing-attack.md) | 💼 | | | | 🚫 |
|
|
231
|
-
| [no-insecure-comparison](https://eslint.interlace.tools/docs/secure-coding/rules/no-insecure-comparison) | CWE-697 | | 5.3 | [no-insecure-comparison](./docs/rules/no-insecure-comparison.md) | | ⚠️ | 🔧 | | 🚫 |
|
|
232
|
-
| [no-insecure-jwt](https://eslint.interlace.tools/docs/secure-coding/rules/no-insecure-jwt) | CWE-347 | | 7.5 | [no-insecure-jwt](./docs/rules/no-insecure-jwt.md) | 💼 | | | | 🚫 |
|
|
233
|
-
| [no-unvalidated-user-input](https://eslint.interlace.tools/docs/secure-coding/rules/no-unvalidated-user-input) | CWE-20 | | 8.6 | [no-unvalidated-user-input](./docs/rules/no-unvalidated-user-input.md) | | ⚠️ | | | |
|
|
234
|
-
| [no-unsanitized-html](https://eslint.interlace.tools/docs/secure-coding/rules/no-unsanitized-html) | CWE-79 | | 6.1 | [no-unsanitized-html](./docs/rules/no-unsanitized-html.md) | 💼 | | | | |
|
|
235
|
-
| [no-unescaped-url-parameter](https://eslint.interlace.tools/docs/secure-coding/rules/no-unescaped-url-parameter) | CWE-79 | | 6.1 | [no-unescaped-url-parameter](./docs/rules/no-unescaped-url-parameter.md) | | ⚠️ | | | |
|
|
236
|
-
| [no-improper-sanitization](https://eslint.interlace.tools/docs/secure-coding/rules/no-improper-sanitization) | CWE-116 | | 7.5 | [no-improper-sanitization](./docs/rules/no-improper-sanitization.md) | 💼 | | | | |
|
|
237
|
-
| [no-improper-type-validation](https://eslint.interlace.tools/docs/secure-coding/rules/no-improper-type-validation) | CWE-20 | | 5.3 | [no-improper-type-validation](./docs/rules/no-improper-type-validation.md) | | ⚠️ | | | |
|
|
238
|
-
| [no-missing-authentication](https://eslint.interlace.tools/docs/secure-coding/rules/no-missing-authentication) | CWE-306 | | 9.8 | [no-missing-authentication](./docs/rules/no-missing-authentication.md) | | ⚠️ | | | |
|
|
239
|
-
| [no-privilege-escalation](https://eslint.interlace.tools/docs/secure-coding/rules/no-privilege-escalation) | CWE-269 | | 8.8 | [no-privilege-escalation](./docs/rules/no-privilege-escalation.md) | | ⚠️ | | | |
|
|
240
|
-
| [no-weak-password-recovery](https://eslint.interlace.tools/docs/secure-coding/rules/no-weak-password-recovery) | CWE-640 | | 9.8 | [no-weak-password-recovery](./docs/rules/no-weak-password-recovery.md) | 💼 | | | | |
|
|
241
|
-
| [no-insecure-cookie-settings](https://eslint.interlace.tools/docs/secure-coding/rules/no-insecure-cookie-settings) | CWE-614 | | 5.3 | [no-insecure-cookie-settings](./docs/rules/no-insecure-cookie-settings.md) | | ⚠️ | | | 🚫 |
|
|
242
|
-
| [no-missing-csrf-protection](https://eslint.interlace.tools/docs/secure-coding/rules/no-missing-csrf-protection) | CWE-352 | | 8.8 | [no-missing-csrf-protection](./docs/rules/no-missing-csrf-protection.md) | | ⚠️ | | | 🚫 |
|
|
243
|
-
| [no-document-cookie](https://eslint.interlace.tools/docs/secure-coding/rules/no-document-cookie) | CWE-565 | | 4.3 | [no-document-cookie](./docs/rules/no-document-cookie.md) | | ⚠️ | | 💡 | |
|
|
244
|
-
| [no-missing-cors-check](https://eslint.interlace.tools/docs/secure-coding/rules/no-missing-cors-check) | CWE-942 | | 7.5 | [no-missing-cors-check](./docs/rules/no-missing-cors-check.md) | | ⚠️ | | | 🚫 |
|
|
245
|
-
| [no-missing-security-headers](https://eslint.interlace.tools/docs/secure-coding/rules/no-missing-security-headers) | CWE-693 | | 5.3 | [no-missing-security-headers](./docs/rules/no-missing-security-headers.md) | | ⚠️ | | 💡 | 🚫 |
|
|
246
|
-
| [no-insecure-redirects](https://eslint.interlace.tools/docs/secure-coding/rules/no-insecure-redirects) | CWE-601 | | 6.1 | [no-insecure-redirects](./docs/rules/no-insecure-redirects.md) | | ⚠️ | | 💡 | |
|
|
247
|
-
| [no-unencrypted-transmission](https://eslint.interlace.tools/docs/secure-coding/rules/no-unencrypted-transmission) | CWE-319 | | 7.5 | [no-unencrypted-transmission](./docs/rules/no-unencrypted-transmission.md) | | ⚠️ | | | |
|
|
248
|
-
| [no-clickjacking](https://eslint.interlace.tools/docs/secure-coding/rules/no-clickjacking) | CWE-1021 | | 6.1 | [no-clickjacking](./docs/rules/no-clickjacking.md) | 💼 | | | | 🚫 |
|
|
249
|
-
| [no-exposed-sensitive-data](https://eslint.interlace.tools/docs/secure-coding/rules/no-exposed-sensitive-data) | CWE-200 | | 7.5 | [no-exposed-sensitive-data](./docs/rules/no-exposed-sensitive-data.md) | 💼 | | | | |
|
|
250
|
-
| [no-sensitive-data-exposure](https://eslint.interlace.tools/docs/secure-coding/rules/no-sensitive-data-exposure) | CWE-532 | | 5.5 | [no-sensitive-data-exposure](./docs/rules/no-sensitive-data-exposure.md) | | ⚠️ | | 💡 | |
|
|
251
|
-
| [no-buffer-overread](https://eslint.interlace.tools/docs/secure-coding/rules/no-buffer-overread) | CWE-126 | | 7.5 | [no-buffer-overread](./docs/rules/no-buffer-overread.md) | 💼 | | | | |
|
|
252
|
-
| [no-unlimited-resource-allocation](https://eslint.interlace.tools/docs/secure-coding/rules/no-unlimited-resource-allocation) | CWE-770 | | 7.5 | [no-unlimited-resource-allocation](./docs/rules/no-unlimited-resource-allocation.md) | 💼 | | | | |
|
|
253
|
-
| [no-unchecked-loop-condition](https://eslint.interlace.tools/docs/secure-coding/rules/no-unchecked-loop-condition) | CWE-835 | | 7.5 | [no-unchecked-loop-condition](./docs/rules/no-unchecked-loop-condition.md) | 💼 | | | | |
|
|
254
|
-
| [no-electron-security-issues](https://eslint.interlace.tools/docs/secure-coding/rules/no-electron-security-issues) | CWE-693 | | 8.8 | [no-electron-security-issues](./docs/rules/no-electron-security-issues.md) | 💼 | | | | |
|
|
255
|
-
| [no-insufficient-postmessage-validation](https://eslint.interlace.tools/docs/secure-coding/rules/no-insufficient-postmessage-validation) | CWE-346 | | 8.8 | [no-insufficient-postmessage-validation](./docs/rules/no-insufficient-postmessage-validation.md) | 💼 | | | | |
|
|
256
|
-
| [Deprecated](https://eslint.interlace.tools/docs/secure-coding/rules/Deprecated) | | | | Deprecated Rules | | | | | |
|
|
62
|
+
| Rule | CWE | OWASP | CVSS | Description | 💼 | ⚠️ | 🔧 | 💡 | 🚫 |
|
|
63
|
+
| :------------------------------------------------------------------------------------------------------------------------------------------- | :------: | :---: | :--: | :---------------------------------------------------------------------- | :-: | :-: | :-: | :-: | :-: |
|
|
64
|
+
| [detect-non-literal-regexp](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/detect-non-literal-regexp) | CWE-400 | | 7.5 | ESLint security rule documentation for detect-non-literal-regexp | | ⚠️ | | | |
|
|
65
|
+
| [detect-object-injection](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/detect-object-injection) | CWE-915 | | 7.3 | ESLint security rule documentation for detect-object-injection | | ⚠️ | | | |
|
|
66
|
+
| [detect-weak-password-validation](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/detect-weak-password-validation) | CWE-521 | | 7.5 | ESLint security rule documentation for detect-weak-password-validation | | | | | |
|
|
67
|
+
| [no-directive-injection](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-directive-injection) | CWE-94 | | 8.8 | ESLint security rule documentation for no-directive-injection | 💼 | | | | |
|
|
68
|
+
| [no-electron-security-issues](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-electron-security-issues) | CWE-693 | | 8.8 | ESLint security rule documentation for no-electron-security-issues | 💼 | | | | |
|
|
69
|
+
| [no-format-string-injection](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-format-string-injection) | CWE-134 | | 9.8 | ESLint security rule documentation for no-format-string-injection | 💼 | | | | |
|
|
70
|
+
| [no-graphql-injection](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-graphql-injection) | CWE-943 | | 8.6 | ESLint security rule documentation for no-graphql-injection | 💼 | | | | |
|
|
71
|
+
| [no-hardcoded-credentials](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-hardcoded-credentials) | CWE-798 | | 7.5 | ESLint security rule documentation for no-hardcoded-credentials | 💼 | | 🔧 | 💡 | |
|
|
72
|
+
| [no-hardcoded-session-tokens](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-hardcoded-session-tokens) | CWE-798 | | 9.8 | ESLint security rule documentation for no-hardcoded-session-tokens | 💼 | | | | |
|
|
73
|
+
| [no-improper-sanitization](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-improper-sanitization) | CWE-116 | | 7.5 | ESLint security rule documentation for no-improper-sanitization | 💼 | | | | |
|
|
74
|
+
| [no-improper-type-validation](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-improper-type-validation) | CWE-20 | | 5.3 | ESLint security rule documentation for no-improper-type-validation | | ⚠️ | | | |
|
|
75
|
+
| [no-insecure-comparison](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-insecure-comparison) | CWE-697 | | 5.3 | ESLint security rule documentation for no-insecure-comparison | | ⚠️ | 🔧 | | 🚫 |
|
|
76
|
+
| [no-ldap-injection](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-ldap-injection) | CWE-90 | | 9.8 | ESLint security rule documentation for no-ldap-injection | 💼 | | | | |
|
|
77
|
+
| [no-missing-authentication](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-missing-authentication) | CWE-306 | | 9.8 | ESLint security rule documentation for no-missing-authentication | | ⚠️ | | | |
|
|
78
|
+
| [no-pii-in-logs](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-pii-in-logs) | CWE-532 | | 7.5 | Enforce no pii in logs | | ⚠️ | | | |
|
|
79
|
+
| [no-privilege-escalation](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-privilege-escalation) | CWE-269 | | 8.8 | ESLint security rule documentation for no-privilege-escalation | | ⚠️ | | | |
|
|
80
|
+
| [no-redos-vulnerable-regex](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-redos-vulnerable-regex) | CWE-1333 | | 7.5 | ESLint security rule documentation for no-redos-vulnerable-regex | 💼 | | | 💡 | |
|
|
81
|
+
| [no-sensitive-data-exposure](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-sensitive-data-exposure) | CWE-532 | | 5.5 | ESLint security rule documentation for no-sensitive-data-exposure | | ⚠️ | | 💡 | |
|
|
82
|
+
| [no-unchecked-loop-condition](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-unchecked-loop-condition) | CWE-835 | | 7.5 | ESLint security rule documentation for no-unchecked-loop-condition | 💼 | | | | |
|
|
83
|
+
| [no-unlimited-resource-allocation](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-unlimited-resource-allocation) | CWE-770 | | 7.5 | ESLint security rule documentation for no-unlimited-resource-allocation | 💼 | | | | |
|
|
84
|
+
| [no-unsafe-deserialization](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-unsafe-deserialization) | CWE-502 | | 9.8 | ESLint security rule documentation for no-unsafe-deserialization | 💼 | | | | |
|
|
85
|
+
| [no-unsafe-regex-construction](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-unsafe-regex-construction) | CWE-400 | | 7.5 | ESLint security rule documentation for no-unsafe-regex-construction | | ⚠️ | | 💡 | |
|
|
86
|
+
| [no-weak-password-recovery](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-weak-password-recovery) | CWE-640 | | 9.8 | ESLint security rule documentation for no-weak-password-recovery | 💼 | | | | |
|
|
87
|
+
| [no-xpath-injection](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-xpath-injection) | CWE-643 | | 9.8 | ESLint security rule documentation for no-xpath-injection | 💼 | | | | |
|
|
88
|
+
| [no-xxe-injection](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/no-xxe-injection) | CWE-611 | | 9.1 | ESLint security rule documentation for no-xxe-injection | 💼 | | | | |
|
|
89
|
+
| [require-backend-authorization](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/require-backend-authorization) | | | | ESLint security rule documentation for require-backend-authorization | | | | | |
|
|
90
|
+
| [require-secure-defaults](https://eslint.interlace.tools/docs/security/plugin-secure-coding/rules/require-secure-defaults) | CWE-276 | | 7.5 | ESLint security rule documentation for require-secure-defaults | | | | | |
|
|
257
91
|
|
|
258
92
|
## 🔗 Related ESLint Plugins
|
|
259
93
|
|
|
@@ -266,10 +100,11 @@ Part of the **Interlace ESLint Ecosystem** — AI-native security plugins with L
|
|
|
266
100
|
| [`eslint-plugin-crypto`](https://www.npmjs.com/package/eslint-plugin-crypto) | [](https://www.npmjs.com/package/eslint-plugin-crypto) | NodeJS Cryptography security rules. |
|
|
267
101
|
| [`eslint-plugin-jwt`](https://www.npmjs.com/package/eslint-plugin-jwt) | [](https://www.npmjs.com/package/eslint-plugin-jwt) | JWT security & best practices. |
|
|
268
102
|
| [`eslint-plugin-browser-security`](https://www.npmjs.com/package/eslint-plugin-browser-security) | [](https://www.npmjs.com/package/eslint-plugin-browser-security) | Browser-specific security & XSS prevention. |
|
|
269
|
-
| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security rules. |
|
|
270
103
|
| [`eslint-plugin-express-security`](https://www.npmjs.com/package/eslint-plugin-express-security) | [](https://www.npmjs.com/package/eslint-plugin-express-security) | Express.js security hardening rules. |
|
|
271
104
|
| [`eslint-plugin-lambda-security`](https://www.npmjs.com/package/eslint-plugin-lambda-security) | [](https://www.npmjs.com/package/eslint-plugin-lambda-security) | AWS Lambda security best practices. |
|
|
272
105
|
| [`eslint-plugin-nestjs-security`](https://www.npmjs.com/package/eslint-plugin-nestjs-security) | [](https://www.npmjs.com/package/eslint-plugin-nestjs-security) | NestJS security rules & patterns. |
|
|
106
|
+
| [`eslint-plugin-mongodb-security`](https://www.npmjs.com/package/eslint-plugin-mongodb-security) | [](https://www.npmjs.com/package/eslint-plugin-mongodb-security) | MongoDB security best practices. |
|
|
107
|
+
| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security hardening. |
|
|
273
108
|
| [`eslint-plugin-import-next`](https://www.npmjs.com/package/eslint-plugin-import-next) | [](https://www.npmjs.com/package/eslint-plugin-import-next) | Next-gen import sorting & architecture. |
|
|
274
109
|
|
|
275
110
|
## 📄 License
|
|
@@ -277,5 +112,5 @@ Part of the **Interlace ESLint Ecosystem** — AI-native security plugins with L
|
|
|
277
112
|
MIT © [Ofri Peretz](https://github.com/ofri-peretz)
|
|
278
113
|
|
|
279
114
|
<p align="center">
|
|
280
|
-
<a href="https://eslint.interlace.tools/docs/secure-coding"><img src="https://eslint.interlace.tools/images/og-secure-coding.png" alt="ESLint Interlace Plugin" width="
|
|
115
|
+
<a href="https://eslint.interlace.tools/docs/security/plugin-secure-coding"><img src="https://eslint.interlace.tools/images/og-secure-coding.png" alt="ESLint Interlace Plugin" width="100%" /></a>
|
|
281
116
|
</p>
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "eslint-plugin-secure-coding",
|
|
3
|
-
"version": "3.0.
|
|
3
|
+
"version": "3.0.3",
|
|
4
4
|
"description": "Security-focused ESLint plugin with 89 AI-parseable rules for detecting and preventing vulnerabilities. OWASP Top 10 2021 + Mobile Top 10 2024 coverage, CWE references, and AI-assisted fix guidance.",
|
|
5
5
|
"type": "commonjs",
|
|
6
6
|
"main": "./src/index.js",
|
|
@@ -17,10 +17,10 @@
|
|
|
17
17
|
},
|
|
18
18
|
"author": "Ofri Peretz <ofriperetzdev@gmail.com>",
|
|
19
19
|
"license": "MIT",
|
|
20
|
-
"homepage": "https://github.com/ofri-peretz/eslint/
|
|
20
|
+
"homepage": "https://github.com/ofri-peretz/eslint/tree/main/packages/eslint-plugin-secure-coding#readme",
|
|
21
21
|
"repository": {
|
|
22
22
|
"type": "git",
|
|
23
|
-
"url": "
|
|
23
|
+
"url": "https://github.com/ofri-peretz/eslint",
|
|
24
24
|
"directory": "packages/eslint-plugin-secure-coding"
|
|
25
25
|
},
|
|
26
26
|
"bugs": {
|
|
@@ -41,6 +41,7 @@
|
|
|
41
41
|
"eslint",
|
|
42
42
|
"eslint-plugin",
|
|
43
43
|
"eslintplugin",
|
|
44
|
+
"interlace-security",
|
|
44
45
|
"security",
|
|
45
46
|
"secure-coding",
|
|
46
47
|
"owasp",
|
|
@@ -69,8 +70,8 @@
|
|
|
69
70
|
"node": ">=18.0.0"
|
|
70
71
|
},
|
|
71
72
|
"dependencies": {
|
|
72
|
-
"
|
|
73
|
-
"
|
|
73
|
+
"tslib": "^2.3.0",
|
|
74
|
+
"@interlace/eslint-devkit": "^1.2.1"
|
|
74
75
|
},
|
|
75
76
|
"devDependencies": {
|
|
76
77
|
"@typescript-eslint/parser": "^8.46.2",
|
package/src/index.d.ts
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
*/
|
|
6
6
|
import { TSESLint } from '@interlace/eslint-devkit';
|
|
7
7
|
/**
|
|
8
|
-
* Collection of all security ESLint rules
|
|
8
|
+
* Collection of all core security ESLint rules
|
|
9
9
|
*/
|
|
10
10
|
export declare const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>>;
|
|
11
11
|
/**
|
|
@@ -20,4 +20,4 @@ export default plugin;
|
|
|
20
20
|
/**
|
|
21
21
|
* Re-export all types from the types barrel
|
|
22
22
|
*/
|
|
23
|
-
export type {
|
|
23
|
+
export type { AllSecurityRulesOptions, } from './types/index';
|