eslint-plugin-secure-coding 3.0.1 → 3.1.0

package/README.md

@@ -266,10 +266,11 @@ Part of the **Interlace ESLint Ecosystem** — AI-native security plugins with L
 | [`eslint-plugin-crypto`](https://www.npmjs.com/package/eslint-plugin-crypto)                         |             [![downloads](https://img.shields.io/npm/dt/eslint-plugin-crypto.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-crypto)             | NodeJS Cryptography security rules.         |
 | [`eslint-plugin-jwt`](https://www.npmjs.com/package/eslint-plugin-jwt)                               |                [![downloads](https://img.shields.io/npm/dt/eslint-plugin-jwt.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-jwt)                | JWT security & best practices.              |
 | [`eslint-plugin-browser-security`](https://www.npmjs.com/package/eslint-plugin-browser-security)     |   [![downloads](https://img.shields.io/npm/dt/eslint-plugin-browser-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-browser-security)   | Browser-specific security & XSS prevention. |
-| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-vercel-ai-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security rules.               |
 | [`eslint-plugin-express-security`](https://www.npmjs.com/package/eslint-plugin-express-security)     |   [![downloads](https://img.shields.io/npm/dt/eslint-plugin-express-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-express-security)   | Express.js security hardening rules.        |
 | [`eslint-plugin-lambda-security`](https://www.npmjs.com/package/eslint-plugin-lambda-security)       |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-lambda-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-lambda-security)    | AWS Lambda security best practices.         |
 | [`eslint-plugin-nestjs-security`](https://www.npmjs.com/package/eslint-plugin-nestjs-security)       |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-nestjs-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-nestjs-security)    | NestJS security rules & patterns.           |
+| [`eslint-plugin-mongodb-security`](https://www.npmjs.com/package/eslint-plugin-mongodb-security)     |    [![downloads](https://img.shields.io/npm/dt/eslint-plugin-mongodb-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-mongodb-security)    | MongoDB security best practices.           |
+| [`eslint-plugin-vercel-ai-security`](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | [![downloads](https://img.shields.io/npm/dt/eslint-plugin-vercel-ai-security.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-vercel-ai-security) | Vercel AI SDK security hardening.           |
 | [`eslint-plugin-import-next`](https://www.npmjs.com/package/eslint-plugin-import-next)               |        [![downloads](https://img.shields.io/npm/dt/eslint-plugin-import-next.svg?style=flat-square)](https://www.npmjs.com/package/eslint-plugin-import-next)        | Next-gen import sorting & architecture.     |
 
 ## 📄 License

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eslint-plugin-secure-coding",
-  "version": "3.0.1",
+  "version": "3.1.0",
   "description": "Security-focused ESLint plugin with 89 AI-parseable rules for detecting and preventing vulnerabilities. OWASP Top 10 2021 + Mobile Top 10 2024 coverage, CWE references, and AI-assisted fix guidance.",
   "type": "commonjs",
   "main": "./src/index.js",
@@ -41,6 +41,7 @@
     "eslint",
     "eslint-plugin",
     "eslintplugin",
+    "interlace-security",
     "security",
     "secure-coding",
     "owasp",
@@ -69,8 +70,8 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@interlace/eslint-devkit": "^1.2.1",
-    "tslib": "^2.3.0"
+    "tslib": "^2.3.0",
+    "@interlace/eslint-devkit": "^1.2.1"
   },
   "devDependencies": {
     "@typescript-eslint/parser": "^8.46.2",

package/src/index.d.ts

@@ -5,7 +5,7 @@
  */
 import { TSESLint } from '@interlace/eslint-devkit';
 /**
- * Collection of all security ESLint rules
+ * Collection of all core security ESLint rules
  */
 export declare const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>>;
 /**
@@ -20,4 +20,4 @@ export default plugin;
 /**
  * Re-export all types from the types barrel
  */
-export type { DetectEvalWithExpressionOptions, DetectChildProcessOptions, NoUnsafeDynamicRequireOptions, NoGraphqlInjectionOptions, NoXxeInjectionOptions, NoXpathInjectionOptions, NoLdapInjectionOptions, NoDirectiveInjectionOptions, NoFormatStringInjectionOptions, DetectNonLiteralFsFilenameOptions, NoZipSlipOptions, NoToctouVulnerabilityOptions, DetectNonLiteralRegexpOptions, NoRedosVulnerableRegexOptions, NoUnsafeRegexConstructionOptions, DetectObjectInjectionOptions, NoUnsafeDeserializationOptions, NoHardcodedCredentialsOptions, NoInsecureComparisonOptions, NoUnvalidatedUserInputOptions, NoUnescapedUrlParameterOptions, NoImproperSanitizationOptions, NoImproperTypeValidationOptions, NoMissingAuthenticationOptions, NoPrivilegeEscalationOptions, NoWeakPasswordRecoveryOptions, NoMissingCsrfProtectionOptions, NoMissingCorsCheckOptions, NoMissingSecurityHeadersOptions, NoInsecureRedirectsOptions, NoUnencryptedTransmissionOptions, NoClickjackingOptions, NoExposedSensitiveDataOptions, NoSensitiveDataExposureOptions, NoBufferOverreadOptions, NoUnlimitedResourceAllocationOptions, NoUncheckedLoopConditionOptions, NoElectronSecurityIssuesOptions, AllSecurityRulesOptions, } from './types/index';
+export type { AllSecurityRulesOptions, } from './types/index';

package/src/index.js

@@ -9,31 +9,24 @@ exports.configs = exports.plugin = exports.rules = void 0;
 /**
  * eslint-plugin-secure-coding
  *
- * A comprehensive security-focused ESLint plugin with 48+ rules
- * for detecting and preventing security vulnerabilities in JavaScript/TypeScript code.
+ * A comprehensive security-focused ESLint plugin restricted to "pure coding security rules"
+ * (logic, AST patterns, and generic vulnerabilities independent of environment).
  *
- * Features:
- * - LLM-optimized error messages with CWE references
- * - OWASP Top 10 coverage
- * - Auto-fix capabilities where safe
- * - Structured context for AI assistants
+ * Rules focus on:
+ * - Language-level logic flaws
+ * - AST pattern risks
+ * - Generic injection patterns
+ * - Cryptographic logic (logic level)
  *
  * @see https://github.com/ofri-peretz/eslint#readme
  */
 // Security rules - Injection
-const detect_eval_with_expression_1 = require("./rules/detect-eval-with-expression");
-const detect_child_process_1 = require("./rules/detect-child-process");
-const no_unsafe_dynamic_require_1 = require("./rules/no-unsafe-dynamic-require");
 const no_graphql_injection_1 = require("./rules/no-graphql-injection");
 const no_xxe_injection_1 = require("./rules/no-xxe-injection");
 const no_xpath_injection_1 = require("./rules/no-xpath-injection");
 const no_ldap_injection_1 = require("./rules/no-ldap-injection");
 const no_directive_injection_1 = require("./rules/no-directive-injection");
 const no_format_string_injection_1 = require("./rules/no-format-string-injection");
-// Security rules - Path & File
-const detect_non_literal_fs_filename_1 = require("./rules/detect-non-literal-fs-filename");
-const no_zip_slip_1 = require("./rules/no-zip-slip");
-const no_toctou_vulnerability_1 = require("./rules/no-toctou-vulnerability");
 // Security rules - Regex
 const detect_non_literal_regexp_1 = require("./rules/detect-non-literal-regexp");
 const no_redos_vulnerable_regex_1 = require("./rules/no-redos-vulnerable-regex");
@@ -44,170 +37,53 @@ const no_unsafe_deserialization_1 = require("./rules/no-unsafe-deserialization")
 // Security rules - Credentials & Crypto
 const no_hardcoded_credentials_1 = require("./rules/no-hardcoded-credentials");
 const no_insecure_comparison_1 = require("./rules/no-insecure-comparison");
-// Security rules - Input Validation & XSS
-const no_unvalidated_user_input_1 = require("./rules/no-unvalidated-user-input");
-const no_unescaped_url_parameter_1 = require("./rules/no-unescaped-url-parameter");
+// Security rules - Input Validation
 const no_improper_sanitization_1 = require("./rules/no-improper-sanitization");
 const no_improper_type_validation_1 = require("./rules/no-improper-type-validation");
 // Security rules - Authentication & Authorization
 const no_missing_authentication_1 = require("./rules/no-missing-authentication");
 const no_privilege_escalation_1 = require("./rules/no-privilege-escalation");
 const no_weak_password_recovery_1 = require("./rules/no-weak-password-recovery");
-// Security rules - Session & Cookies
-const no_missing_csrf_protection_1 = require("./rules/no-missing-csrf-protection");
-// Security rules - Network & Headers
-const no_missing_cors_check_1 = require("./rules/no-missing-cors-check");
-const no_missing_security_headers_1 = require("./rules/no-missing-security-headers");
-const no_insecure_redirects_1 = require("./rules/no-insecure-redirects");
-const no_unencrypted_transmission_1 = require("./rules/no-unencrypted-transmission");
-const no_clickjacking_1 = require("./rules/no-clickjacking");
+const require_backend_authorization_1 = require("./rules/require-backend-authorization");
 // Security rules - Data Exposure
-const no_exposed_sensitive_data_1 = require("./rules/no-exposed-sensitive-data");
 const no_sensitive_data_exposure_1 = require("./rules/no-sensitive-data-exposure");
-// Security rules - Buffer & Memory
-const no_buffer_overread_1 = require("./rules/no-buffer-overread");
+const no_pii_in_logs_1 = require("./rules/no-pii-in-logs");
 // Security rules - Resource & DoS
 const no_unlimited_resource_allocation_1 = require("./rules/no-unlimited-resource-allocation");
 const no_unchecked_loop_condition_1 = require("./rules/no-unchecked-loop-condition");
-// Security rules - Platform Specific
-const no_electron_security_issues_1 = require("./rules/no-electron-security-issues");
-// OWASP Mobile Top 10 2023/2024 - Mobile Security Rules (40 rules)
-// M1: Improper Credential Usage (3 rules)
-const no_credentials_in_query_params_1 = require("./rules/no-credentials-in-query-params");
-const require_secure_credential_storage_1 = require("./rules/require-secure-credential-storage");
-// M2: Inadequate Supply Chain Security (4 rules)
-const require_dependency_integrity_1 = require("./rules/require-dependency-integrity");
-const detect_suspicious_dependencies_1 = require("./rules/detect-suspicious-dependencies");
-const no_dynamic_dependency_loading_1 = require("./rules/no-dynamic-dependency-loading");
-const require_package_lock_1 = require("./rules/require-package-lock");
-// M3: Insecure Authentication/Authorization (5 rules)
-const no_client_side_auth_logic_1 = require("./rules/no-client-side-auth-logic");
-const require_backend_authorization_1 = require("./rules/require-backend-authorization");
-const no_hardcoded_session_tokens_1 = require("./rules/no-hardcoded-session-tokens");
-const detect_weak_password_validation_1 = require("./rules/detect-weak-password-validation");
-const no_password_in_url_1 = require("./rules/no-password-in-url");
-// M4: Insufficient Input/Output Validation (6 rules)
-const no_unvalidated_deeplinks_1 = require("./rules/no-unvalidated-deeplinks");
-const require_url_validation_1 = require("./rules/require-url-validation");
-const no_arbitrary_file_access_1 = require("./rules/no-arbitrary-file-access");
-const require_mime_type_validation_1 = require("./rules/require-mime-type-validation");
-const require_csp_headers_1 = require("./rules/require-csp-headers");
-// M5: Insecure Communication (7 rules)
-const no_http_urls_1 = require("./rules/no-http-urls");
-const no_disabled_certificate_validation_1 = require("./rules/no-disabled-certificate-validation");
-const require_https_only_1 = require("./rules/require-https-only");
-const no_insecure_websocket_1 = require("./rules/no-insecure-websocket");
-const detect_mixed_content_1 = require("./rules/detect-mixed-content");
-const no_allow_arbitrary_loads_1 = require("./rules/no-allow-arbitrary-loads");
-const require_network_timeout_1 = require("./rules/require-network-timeout");
-// M6: Inadequate Privacy Controls (4 rules)
-const no_pii_in_logs_1 = require("./rules/no-pii-in-logs");
-const no_tracking_without_consent_1 = require("./rules/no-tracking-without-consent");
-const require_data_minimization_1 = require("./rules/require-data-minimization");
-const no_sensitive_data_in_analytics_1 = require("./rules/no-sensitive-data-in-analytics");
-// M7: Insufficient Binary Protections (2 rules)
-const no_debug_code_in_production_1 = require("./rules/no-debug-code-in-production");
-const require_code_minification_1 = require("./rules/require-code-minification");
-// M8: Security Misconfiguration (4 rules)
-const no_verbose_error_messages_1 = require("./rules/no-verbose-error-messages");
-const no_exposed_debug_endpoints_1 = require("./rules/no-exposed-debug-endpoints");
-const require_secure_defaults_1 = require("./rules/require-secure-defaults");
-const no_permissive_cors_1 = require("./rules/no-permissive-cors");
-// M9: Insecure Data Storage (5 rules)
-const no_sensitive_data_in_cache_1 = require("./rules/no-sensitive-data-in-cache");
-const require_storage_encryption_1 = require("./rules/require-storage-encryption");
-const no_data_in_temp_storage_1 = require("./rules/no-data-in-temp-storage");
-const require_secure_deletion_1 = require("./rules/require-secure-deletion");
 /**
- * Collection of all security ESLint rules
+ * Collection of all core security ESLint rules
  */
 exports.rules = {
-    // Flat rule names (recommended usage)
-    'detect-eval-with-expression': detect_eval_with_expression_1.detectEvalWithExpression,
-    'detect-child-process': detect_child_process_1.detectChildProcess,
-    'no-unsafe-dynamic-require': no_unsafe_dynamic_require_1.noUnsafeDynamicRequire,
+    // Fundamental Injection (6 rules)
     'no-graphql-injection': no_graphql_injection_1.noGraphqlInjection,
     'no-xxe-injection': no_xxe_injection_1.noXxeInjection,
     'no-xpath-injection': no_xpath_injection_1.noXpathInjection,
     'no-ldap-injection': no_ldap_injection_1.noLdapInjection,
     'no-directive-injection': no_directive_injection_1.noDirectiveInjection,
     'no-format-string-injection': no_format_string_injection_1.noFormatStringInjection,
-    'detect-non-literal-fs-filename': detect_non_literal_fs_filename_1.detectNonLiteralFsFilename,
-    'no-zip-slip': no_zip_slip_1.noZipSlip,
-    'no-toctou-vulnerability': no_toctou_vulnerability_1.noToctouVulnerability,
+    // Regex Safety & Stability (3 rules)
     'detect-non-literal-regexp': detect_non_literal_regexp_1.detectNonLiteralRegexp,
     'no-redos-vulnerable-regex': no_redos_vulnerable_regex_1.noRedosVulnerableRegex,
     'no-unsafe-regex-construction': no_unsafe_regex_construction_1.noUnsafeRegexConstruction,
+    // Data & Logic Integrity (5 rules)
     'detect-object-injection': detect_object_injection_1.detectObjectInjection,
     'no-unsafe-deserialization': no_unsafe_deserialization_1.noUnsafeDeserialization,
-    'no-hardcoded-credentials': no_hardcoded_credentials_1.noHardcodedCredentials,
     'no-insecure-comparison': no_insecure_comparison_1.noInsecureComparison,
-    'no-unvalidated-user-input': no_unvalidated_user_input_1.noUnvalidatedUserInput,
-    'no-unescaped-url-parameter': no_unescaped_url_parameter_1.noUnescapedUrlParameter,
     'no-improper-sanitization': no_improper_sanitization_1.noImproperSanitization,
     'no-improper-type-validation': no_improper_type_validation_1.noImproperTypeValidation,
+    // Auth/Access Logic (4 rules)
     'no-missing-authentication': no_missing_authentication_1.noMissingAuthentication,
     'no-privilege-escalation': no_privilege_escalation_1.noPrivilegeEscalation,
     'no-weak-password-recovery': no_weak_password_recovery_1.noWeakPasswordRecovery,
-    'no-missing-csrf-protection': no_missing_csrf_protection_1.noMissingCsrfProtection,
-    'no-missing-cors-check': no_missing_cors_check_1.noMissingCorsCheck,
-    'no-missing-security-headers': no_missing_security_headers_1.noMissingSecurityHeaders,
-    'no-insecure-redirects': no_insecure_redirects_1.noInsecureRedirects,
-    'no-unencrypted-transmission': no_unencrypted_transmission_1.noUnencryptedTransmission,
-    'no-clickjacking': no_clickjacking_1.noClickjacking,
-    'no-exposed-sensitive-data': no_exposed_sensitive_data_1.noExposedSensitiveData,
+    'require-backend-authorization': require_backend_authorization_1.requireBackendAuthorization,
+    // Secrets & Exposure (3 rules)
+    'no-hardcoded-credentials': no_hardcoded_credentials_1.noHardcodedCredentials,
     'no-sensitive-data-exposure': no_sensitive_data_exposure_1.noSensitiveDataExposure,
-    'no-buffer-overread': no_buffer_overread_1.noBufferOverread,
+    'no-pii-in-logs': no_pii_in_logs_1.noPiiInLogs,
+    // Resource Handling (2 rules)
     'no-unlimited-resource-allocation': no_unlimited_resource_allocation_1.noUnlimitedResourceAllocation,
     'no-unchecked-loop-condition': no_unchecked_loop_condition_1.noUncheckedLoopCondition,
-    'no-electron-security-issues': no_electron_security_issues_1.noElectronSecurityIssues,
-    // OWASP Mobile Top 10 2023/2024 rules (40 rules)
-    // M1: Improper Credential Usage (3 rules)
-    'no-credentials-in-query-params': no_credentials_in_query_params_1.noCredentialsInQueryParams,
-    'require-secure-credential-storage': require_secure_credential_storage_1.requireSecureCredentialStorage,
-    // M2: Inadequate Supply Chain Security (4 rules)
-    'require-dependency-integrity': require_dependency_integrity_1.requireDependencyIntegrity,
-    'detect-suspicious-dependencies': detect_suspicious_dependencies_1.detectSuspiciousDependencies,
-    'no-dynamic-dependency-loading': no_dynamic_dependency_loading_1.noDynamicDependencyLoading,
-    'require-package-lock': require_package_lock_1.requirePackageLock,
-    // M3: Insecure Authentication/Authorization (5 rules)
-    'no-client-side-auth-logic': no_client_side_auth_logic_1.noClientSideAuthLogic,
-    'require-backend-authorization': require_backend_authorization_1.requireBackendAuthorization,
-    'no-hardcoded-session-tokens': no_hardcoded_session_tokens_1.noHardcodedSessionTokens,
-    'detect-weak-password-validation': detect_weak_password_validation_1.detectWeakPasswordValidation,
-    'no-password-in-url': no_password_in_url_1.noPasswordInUrl,
-    // M4: Insufficient Input/Output Validation (6 rules)
-    'no-unvalidated-deeplinks': no_unvalidated_deeplinks_1.noUnvalidatedDeeplinks,
-    'require-url-validation': require_url_validation_1.requireUrlValidation,
-    'no-arbitrary-file-access': no_arbitrary_file_access_1.noArbitraryFileAccess,
-    'require-mime-type-validation': require_mime_type_validation_1.requireMimeTypeValidation,
-    'require-csp-headers': require_csp_headers_1.requireCspHeaders,
-    // M5: Insecure Communication (7 rules)
-    'no-http-urls': no_http_urls_1.noHttpUrls,
-    'no-disabled-certificate-validation': no_disabled_certificate_validation_1.noDisabledCertificateValidation,
-    'require-https-only': require_https_only_1.requireHttpsOnly,
-    'no-insecure-websocket': no_insecure_websocket_1.noInsecureWebsocket,
-    'detect-mixed-content': detect_mixed_content_1.detectMixedContent,
-    'no-allow-arbitrary-loads': no_allow_arbitrary_loads_1.noAllowArbitraryLoads,
-    'require-network-timeout': require_network_timeout_1.requireNetworkTimeout,
-    // M6: Inadequate Privacy Controls (4 rules)
-    'no-pii-in-logs': no_pii_in_logs_1.noPiiInLogs,
-    'no-tracking-without-consent': no_tracking_without_consent_1.noTrackingWithoutConsent,
-    'require-data-minimization': require_data_minimization_1.requireDataMinimization,
-    'no-sensitive-data-in-analytics': no_sensitive_data_in_analytics_1.noSensitiveDataInAnalytics,
-    // M7: Insufficient Binary Protections (2 rules)
-    'no-debug-code-in-production': no_debug_code_in_production_1.noDebugCodeInProduction,
-    'require-code-minification': require_code_minification_1.requireCodeMinification,
-    // M8: Security Misconfiguration (4 rules)
-    'no-verbose-error-messages': no_verbose_error_messages_1.noVerboseErrorMessages,
-    'no-exposed-debug-endpoints': no_exposed_debug_endpoints_1.noExposedDebugEndpoints,
-    'require-secure-defaults': require_secure_defaults_1.requireSecureDefaults,
-    'no-permissive-cors': no_permissive_cors_1.noPermissiveCors,
-    // M9: Insecure Data Storage (5 rules)
-    'no-sensitive-data-in-cache': no_sensitive_data_in_cache_1.noSensitiveDataInCache,
-    'require-storage-encryption': require_storage_encryption_1.requireStorageEncryption,
-    'no-data-in-temp-storage': no_data_in_temp_storage_1.noDataInTempStorage,
-    'require-secure-deletion': require_secure_deletion_1.requireSecureDeletion,
 };
 /**
  * ESLint Plugin object
@@ -215,7 +91,7 @@ exports.rules = {
 exports.plugin = {
     meta: {
         name: 'eslint-plugin-secure-coding',
-        version: '1.0.0',
+        version: '1.1.0',
     },
     rules: exports.rules,
 };
@@ -223,20 +99,11 @@ exports.plugin = {
  * Preset configurations for security rules
  */
 const recommendedRules = {
-    // Critical - Injection vulnerabilities (OWASP A03)
-    'secure-coding/detect-eval-with-expression': 'error',
-    'secure-coding/detect-child-process': 'error',
-    'secure-coding/no-unsafe-dynamic-require': 'error',
+    // Critical - Injection vulnerabilities
     'secure-coding/no-graphql-injection': 'error',
     'secure-coding/no-xxe-injection': 'error',
     'secure-coding/no-xpath-injection': 'error',
     'secure-coding/no-ldap-injection': 'error',
-    'secure-coding/no-directive-injection': 'error',
-    'secure-coding/no-format-string-injection': 'error',
-    // Critical - Path traversal & file operations
-    'secure-coding/detect-non-literal-fs-filename': 'error',
-    'secure-coding/no-zip-slip': 'error',
-    'secure-coding/no-toctou-vulnerability': 'error',
     // Critical - Deserialization
     'secure-coding/no-unsafe-deserialization': 'error',
     // High - Regex vulnerabilities
@@ -245,55 +112,26 @@ const recommendedRules = {
     'secure-coding/no-unsafe-regex-construction': 'warn',
     // High - Prototype pollution
     'secure-coding/detect-object-injection': 'warn',
-    // Critical - Cryptography (OWASP A02)
+    // Critical - Credentials
     'secure-coding/no-hardcoded-credentials': 'error',
     'secure-coding/no-insecure-comparison': 'warn',
-    // Critical - XSS vulnerabilities (OWASP A03)
-    'secure-coding/no-unvalidated-user-input': 'warn',
-    'secure-coding/no-unescaped-url-parameter': 'warn',
+    // Critical - Data integrity
     'secure-coding/no-improper-sanitization': 'error',
-    'secure-coding/no-improper-type-validation': 'warn',
-    // High - Authentication & Authorization (OWASP A01, A07)
+    // High - Logic
     'secure-coding/no-missing-authentication': 'warn',
     'secure-coding/no-privilege-escalation': 'warn',
     'secure-coding/no-weak-password-recovery': 'error',
-    // High - Session & Cookies
-    'secure-coding/no-missing-csrf-protection': 'warn',
-    // High - Network & Headers (OWASP A05)
-    'secure-coding/no-missing-cors-check': 'warn',
-    'secure-coding/no-missing-security-headers': 'warn',
-    'secure-coding/no-insecure-redirects': 'warn',
-    'secure-coding/no-unencrypted-transmission': 'warn',
-    'secure-coding/no-clickjacking': 'error',
-    // High - Data Exposure (OWASP A01)
-    'secure-coding/no-exposed-sensitive-data': 'error',
+    // High - Exposure
     'secure-coding/no-sensitive-data-exposure': 'warn',
-    // Medium - Buffer & Memory
-    'secure-coding/no-buffer-overread': 'error',
     // Medium - Resource & DoS
     'secure-coding/no-unlimited-resource-allocation': 'error',
     'secure-coding/no-unchecked-loop-condition': 'error',
-    // Medium - Platform specific
-    'secure-coding/no-electron-security-issues': 'error',
-    // Mobile & General Security (OWASP Mobile)
-    'secure-coding/no-credentials-in-query-params': 'error',
-    'secure-coding/no-http-urls': 'error',
-    'secure-coding/require-https-only': 'error',
-    'secure-coding/no-pii-in-logs': 'warn',
-    'secure-coding/no-verbose-error-messages': 'warn',
-    'secure-coding/no-hardcoded-session-tokens': 'error',
-    'secure-coding/detect-mixed-content': 'error',
-    'secure-coding/no-unvalidated-deeplinks': 'error',
-    'secure-coding/no-insecure-websocket': 'error',
-    'secure-coding/detect-suspicious-dependencies': 'warn',
 };
 exports.configs = {
     /**
      * Recommended security configuration
      *
-     * Enables all security rules with sensible severity levels:
-     * - Critical injection vulnerabilities as errors
-     * - Important security issues as warnings
+     * Enables all core security rules with sensible severity levels.
      */
     recommended: {
         plugins: {
@@ -304,7 +142,7 @@ exports.configs = {
     /**
      * Strict security configuration
      *
-     * All security rules set to 'error' for maximum protection
+     * All security rules set to 'error' for maximum protection.
      */
     strict: {
         plugins: {
@@ -315,7 +153,7 @@ exports.configs = {
     /**
      * OWASP Top 10 focused configuration
      *
-     * Rules mapped to OWASP Top 10 2021 categories
+     * Rules mapped to OWASP Top 10 2021 categories.
      */
     'owasp-top-10': {
         plugins: {
@@ -325,93 +163,21 @@ exports.configs = {
             // A01:2021 – Broken Access Control
             'secure-coding/no-missing-authentication': 'error',
             'secure-coding/no-privilege-escalation': 'error',
-            'secure-coding/no-exposed-sensitive-data': 'error',
-            'secure-coding/no-insecure-redirects': 'error',
             // A02:2021 – Cryptographic Failures
             'secure-coding/no-hardcoded-credentials': 'error',
-            'secure-coding/no-unencrypted-transmission': 'error',
             'secure-coding/no-sensitive-data-exposure': 'error',
             // A03:2021 – Injection
-            'secure-coding/detect-eval-with-expression': 'error',
-            'secure-coding/detect-child-process': 'error',
             'secure-coding/no-graphql-injection': 'error',
             'secure-coding/no-xxe-injection': 'error',
             'secure-coding/no-xpath-injection': 'error',
             'secure-coding/no-ldap-injection': 'error',
-            'secure-coding/no-unescaped-url-parameter': 'error',
             // A04:2021 – Insecure Design
             'secure-coding/no-weak-password-recovery': 'error',
             'secure-coding/no-improper-type-validation': 'error',
-            // A05:2021 – Security Misconfiguration
-            'secure-coding/no-missing-security-headers': 'error',
-            'secure-coding/no-missing-cors-check': 'error',
-            'secure-coding/no-clickjacking': 'error',
-            'secure-coding/no-electron-security-issues': 'error',
             // A07:2021 – Identification and Authentication Failures
             'secure-coding/no-insecure-comparison': 'error',
-            'secure-coding/no-missing-csrf-protection': 'error',
             // A08:2021 – Software and Data Integrity Failures
             'secure-coding/no-unsafe-deserialization': 'error',
-            'secure-coding/no-unsafe-dynamic-require': 'error',
-        },
-    },
-    /**
-     * OWASP Mobile Top 10 focused configuration
-     *
-     * Rules mapped to OWASP Mobile Top 10 2024 categories
-     */
-    'owasp-mobile-top-10': {
-        plugins: {
-            'secure-coding': exports.plugin,
-        },
-        rules: {
-            // M1: Improper Credential Usage
-            'secure-coding/no-credentials-in-query-params': 'error',
-            'secure-coding/require-secure-credential-storage': 'error',
-            'secure-coding/no-hardcoded-credentials': 'error',
-            // M2: Inadequate Supply Chain Security
-            'secure-coding/require-dependency-integrity': 'error',
-            'secure-coding/detect-suspicious-dependencies': 'error',
-            'secure-coding/no-dynamic-dependency-loading': 'error',
-            'secure-coding/require-package-lock': 'error',
-            // M3: Insecure Authentication/Authorization
-            'secure-coding/no-client-side-auth-logic': 'error',
-            'secure-coding/require-backend-authorization': 'error',
-            'secure-coding/no-hardcoded-session-tokens': 'error',
-            'secure-coding/detect-weak-password-validation': 'error',
-            'secure-coding/no-password-in-url': 'error',
-            // M4: Insufficient Input/Output Validation
-            'secure-coding/no-unvalidated-deeplinks': 'error',
-            'secure-coding/require-url-validation': 'error',
-            'secure-coding/no-arbitrary-file-access': 'error',
-            'secure-coding/require-mime-type-validation': 'error',
-            'secure-coding/require-csp-headers': 'error',
-            // M5: Insecure Communication
-            'secure-coding/no-http-urls': 'error',
-            'secure-coding/no-disabled-certificate-validation': 'error',
-            'secure-coding/require-https-only': 'error',
-            'secure-coding/no-insecure-websocket': 'error',
-            'secure-coding/detect-mixed-content': 'error',
-            'secure-coding/no-allow-arbitrary-loads': 'error',
-            'secure-coding/require-network-timeout': 'error',
-            // M6: Inadequate Privacy Controls
-            'secure-coding/no-pii-in-logs': 'error',
-            'secure-coding/no-tracking-without-consent': 'error',
-            'secure-coding/require-data-minimization': 'error',
-            'secure-coding/no-sensitive-data-in-analytics': 'error',
-            // M7: Insufficient Binary Protections
-            'secure-coding/no-debug-code-in-production': 'error',
-            'secure-coding/require-code-minification': 'error',
-            // M8: Security Misconfiguration
-            'secure-coding/no-verbose-error-messages': 'error',
-            'secure-coding/no-exposed-debug-endpoints': 'error',
-            'secure-coding/require-secure-defaults': 'error',
-            'secure-coding/no-permissive-cors': 'error',
-            // M9: Insecure Data Storage
-            'secure-coding/no-sensitive-data-in-cache': 'error',
-            'secure-coding/require-storage-encryption': 'error',
-            'secure-coding/no-data-in-temp-storage': 'error',
-            'secure-coding/require-secure-deletion': 'error',
         },
     },
 };

package/src/rules/detect-non-literal-regexp/index.d.ts

@@ -22,5 +22,7 @@ export interface Options {
     maxPatternLength?: number;
 }
 type RuleOptions = [Options?];
-export declare const detectNonLiteralRegexp: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const detectNonLiteralRegexp: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/detect-object-injection/index.d.ts

@@ -29,5 +29,7 @@ export interface Options {
     strategy?: 'validate' | 'whitelist' | 'freeze' | 'auto';
 }
 type RuleOptions = [Options?];
-export declare const detectObjectInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const detectObjectInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/detect-weak-password-validation/index.d.ts

@@ -6,5 +6,7 @@
 export interface Options {
 }
 type RuleOptions = [Options?];
-export declare const detectWeakPasswordValidation: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export declare const detectWeakPasswordValidation: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-directive-injection/index.d.ts

@@ -32,5 +32,7 @@ export interface Options extends SecurityRuleOptions {
     allowDynamicInComponents?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const noDirectiveInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noDirectiveInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-electron-security-issues/index.d.ts

@@ -30,5 +30,7 @@ export interface Options extends SecurityRuleOptions {
     allowedIpcChannels?: string[];
 }
 type RuleOptions = [Options?];
-export declare const noElectronSecurityIssues: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noElectronSecurityIssues: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-format-string-injection/index.d.ts

@@ -38,5 +38,7 @@ export interface Options {
     strictMode?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const noFormatStringInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noFormatStringInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-graphql-injection/index.d.ts

@@ -34,5 +34,7 @@ export interface Options extends SecurityRuleOptions {
     validationFunctions?: string[];
 }
 type RuleOptions = [Options?];
-export declare const noGraphqlInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noGraphqlInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-hardcoded-credentials/index.d.ts

@@ -38,5 +38,7 @@ export interface Options {
     strategy?: 'env' | 'config' | 'vault' | 'auto';
 }
 type RuleOptions = [Options?];
-export declare const noHardcodedCredentials: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noHardcodedCredentials: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-hardcoded-session-tokens/index.d.ts

@@ -6,5 +6,7 @@
 export interface Options {
 }
 type RuleOptions = [Options?];
-export declare const noHardcodedSessionTokens: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener>;
+export declare const noHardcodedSessionTokens: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-improper-sanitization/index.d.ts

@@ -32,5 +32,7 @@ export interface Options extends SecurityRuleOptions {
     trustedLibraries?: string[];
 }
 type RuleOptions = [Options?];
-export declare const noImproperSanitization: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noImproperSanitization: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-improper-type-validation/index.d.ts

@@ -30,5 +30,7 @@ export interface Options extends SecurityRuleOptions {
     allowInstanceofSameRealm?: boolean;
 }
 type RuleOptions = [Options?];
-export declare const noImproperTypeValidation: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noImproperTypeValidation: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-insecure-comparison/index.d.ts

@@ -20,5 +20,7 @@ export interface Options {
     ignorePatterns?: string[];
 }
 type RuleOptions = [Options?];
-export declare const noInsecureComparison: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noInsecureComparison: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-ldap-injection/index.d.ts

@@ -33,5 +33,7 @@ export interface Options extends SecurityRuleOptions {
     ldapValidationFunctions?: string[];
 }
 type RuleOptions = [Options?];
-export declare const noLdapInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noLdapInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};

package/src/rules/no-missing-authentication/index.d.ts

@@ -26,5 +26,7 @@ export interface Options {
     ignorePatterns?: string[];
 }
 type RuleOptions = [Options?];
-export declare const noMissingAuthentication: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener>;
+export declare const noMissingAuthentication: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
 export {};