eslint-plugin-sonarjs 3.0.7 → 4.0.0

package/docs/arrow-function-convention.md

@@ -10,9 +10,9 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name                          | Type    |
-| :---------------------------- | :------ |
-| `requireBodyBraces`           | Boolean |
-| `requireParameterParentheses` | Boolean |
+| Name                          | Type    | Default |
+| :---------------------------- | :------ | :------ |
+| `requireBodyBraces`           | Boolean | `false` |
+| `requireParameterParentheses` | Boolean | `false` |
 
 <!-- end auto-generated rule options list -->

package/docs/class-name.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name     | Type   |
-| :------- | :----- |
-| `format` | String |
+| Name     | Type   | Default               |
+| :------- | :----- | :-------------------- |
+| `format` | String | `^[A-Z][a-zA-Z0-9]*$` |
 
 <!-- end auto-generated rule options list -->

package/docs/comment-regex.md

@@ -10,10 +10,10 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name                | Type   |
-| :------------------ | :----- |
-| `flags`             | String |
-| `message`           | String |
-| `regularExpression` | String |
+| Name                | Type   | Default                                        |
+| :------------------ | :----- | :--------------------------------------------- |
+| `flags`             | String | ``                                             |
+| `message`           | String | `The regular expression matches this comment.` |
+| `regularExpression` | String | ``                                             |
 
 <!-- end auto-generated rule options list -->

package/docs/content-length.md

@@ -10,9 +10,9 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name                  | Type    |
-| :-------------------- | :------ |
-| `fileUploadSizeLimit` | Integer |
-| `standardSizeLimit`   | Integer |
+| Name                  | Type    | Default   |
+| :-------------------- | :------ | :-------- |
+| `fileUploadSizeLimit` | Integer | `8000000` |
+| `standardSizeLimit`   | Integer | `2000000` |
 
 <!-- end auto-generated rule options list -->

package/docs/cyclomatic-complexity.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name        | Type    |
-| :---------- | :------ |
-| `threshold` | Integer |
+| Name        | Type    | Default |
+| :---------- | :------ | :------ |
+| `threshold` | Integer | `10`    |
 
 <!-- end auto-generated rule options list -->

package/docs/expression-complexity.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name  | Type    |
-| :---- | :------ |
-| `max` | Integer |
+| Name  | Type    | Default |
+| :---- | :------ | :------ |
+| `max` | Integer | `3`     |
 
 <!-- end auto-generated rule options list -->

package/docs/file-header.md

@@ -10,9 +10,9 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name                  | Type    |
-| :-------------------- | :------ |
-| `headerFormat`        | String  |
-| `isRegularExpression` | Boolean |
+| Name                  | Type    | Default |
+| :-------------------- | :------ | :------ |
+| `headerFormat`        | String  | ``      |
+| `isRegularExpression` | Boolean | `false` |
 
 <!-- end auto-generated rule options list -->

package/docs/function-name.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name     | Type   |
-| :------- | :----- |
-| `format` | String |
+| Name     | Type   | Default                |
+| :------- | :----- | :--------------------- |
+| `format` | String | `^[_a-z][a-zA-Z0-9]*$` |
 
 <!-- end auto-generated rule options list -->

package/docs/max-lines-per-function.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name      | Type    |
-| :-------- | :------ |
-| `maximum` | Integer |
+| Name      | Type    | Default |
+| :-------- | :------ | :------ |
+| `maximum` | Integer | `200`   |
 
 <!-- end auto-generated rule options list -->

package/docs/max-lines.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name      | Type    |
-| :-------- | :------ |
-| `maximum` | Integer |
+| Name      | Type    | Default |
+| :-------- | :------ | :------ |
+| `maximum` | Integer | `1000`  |
 
 <!-- end auto-generated rule options list -->

package/docs/max-union-size.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name        | Type    |
-| :---------- | :------ |
-| `threshold` | Integer |
+| Name        | Type    | Default |
+| :---------- | :------ | :------ |
+| `threshold` | Integer | `3`     |
 
 <!-- end auto-generated rule options list -->

package/docs/nested-control-flow.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name                  | Type    |
-| :-------------------- | :------ |
-| `maximumNestingLevel` | Integer |
+| Name                  | Type    | Default |
+| :-------------------- | :------ | :------ |
+| `maximumNestingLevel` | Integer | `3`     |
 
 <!-- end auto-generated rule options list -->

package/docs/new-operator-misuse.md

@@ -12,8 +12,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name            | Type    |
-| :-------------- | :------ |
-| `considerJSDoc` | Boolean |
+| Name            | Type    | Default |
+| :-------------- | :------ | :------ |
+| `considerJSDoc` | Boolean | `false` |
 
 <!-- end auto-generated rule options list -->

package/docs/no-duplicate-string.md

@@ -10,9 +10,9 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name            | Type    |
-| :-------------- | :------ |
-| `ignoreStrings` | String  |
-| `threshold`     | Integer |
+| Name            | Type    | Default            |
+| :-------------- | :------ | :----------------- |
+| `ignoreStrings` | String  | `application/json` |
+| `threshold`     | Integer | `3`                |
 
 <!-- end auto-generated rule options list -->

package/docs/no-hardcoded-passwords.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name            | Type     |
-| :-------------- | :------- |
-| `passwordWords` | String[] |
+| Name            | Type     | Default                                     |
+| :-------------- | :------- | :------------------------------------------ |
+| `passwordWords` | String[] | [`password`, `pwd`, `passwd`, `passphrase`] |
 
 <!-- end auto-generated rule options list -->

package/docs/no-hardcoded-secrets.md

@@ -10,9 +10,9 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name                    | Type   |
-| :---------------------- | :----- |
-| `randomnessSensibility` | Number |
-| `secretWords`           | String |
+| Name                    | Type   | Default                                     |
+| :---------------------- | :----- | :------------------------------------------ |
+| `randomnessSensibility` | Number | `5`                                         |
+| `secretWords`           | String | `api[_.-]?key,auth,credential,secret,token` |
 
 <!-- end auto-generated rule options list -->

package/docs/no-implicit-dependencies.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name        | Type     |
-| :---------- | :------- |
-| `whitelist` | String[] |
+| Name        | Type     | Default |
+| :---------- | :------- | :------ |
+| `whitelist` | String[] | `[]`    |
 
 <!-- end auto-generated rule options list -->

package/docs/no-intrusive-permissions.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name          | Type     |
-| :------------ | :------- |
-| `permissions` | String[] |
+| Name          | Type     | Default         |
+| :------------ | :------- | :-------------- |
+| `permissions` | String[] | [`geolocation`] |
 
 <!-- end auto-generated rule options list -->

package/docs/no-nested-functions.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name        | Type    |
-| :---------- | :------ |
-| `threshold` | Integer |
+| Name        | Type    | Default |
+| :---------- | :------ | :------ |
+| `threshold` | Integer | `4`     |
 
 <!-- end auto-generated rule options list -->

package/docs/{code-eval.md → no-session-cookies-on-static-assets.md}

@@ -1,6 +1,6 @@
-# sonarjs/code-eval
+# sonarjs/no-session-cookies-on-static-assets
 
-📝 Dynamically executing code is security-sensitive.
+📝 Static Assets should not serve session cookies.
 
 💼 This rule is enabled in the ✅ `recommended` config.
 

package/docs/regex-complexity.md

@@ -12,8 +12,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name        | Type    |
-| :---------- | :------ |
-| `threshold` | Integer |
+| Name        | Type    | Default |
+| :---------- | :------ | :------ |
+| `threshold` | Integer | `20`    |
 
 <!-- end auto-generated rule options list -->

package/docs/variable-name.md

@@ -10,8 +10,8 @@
 
 <!-- begin auto-generated rule options list -->
 
-| Name     | Type   |
-| :------- | :----- |
-| `format` | String |
+| Name     | Type   | Default                                           |
+| :------- | :----- | :------------------------------------------------ |
+| `format` | String | `^[_$A-Za-z][$A-Za-z0-9]*$\|^[_$A-Z][_$A-Z0-9]+$` |
 
 <!-- end auto-generated rule options list -->

package/package.json

@@ -1,37 +1 @@
-{
-  "name": "eslint-plugin-sonarjs",
-  "description": "SonarJS rules for ESLint",
-  "version": "3.0.7",
-  "main": "./cjs/plugin.js",
-  "types": "./types/plugin.d.ts",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/SonarSource/SonarJS.git"
-  },
-  "author": "SonarSource",
-  "license": "LGPL-3.0-only",
-  "keywords": [
-    "sonarjs",
-    "eslint",
-    "eslintplugin"
-  ],
-  "bugs": {
-    "url": "https://community.sonarsource.com/"
-  },
-  "homepage": "https://github.com/SonarSource/SonarJS/blob/master/packages/jsts/src/rules/README.md",
-  "dependencies": {
-    "@eslint-community/regexpp": "4.12.2",
-    "builtin-modules": "3.3.0",
-    "bytes": "3.1.2",
-    "functional-red-black-tree": "1.0.1",
-    "jsx-ast-utils-x": "0.1.0",
-    "lodash.merge": "4.6.2",
-    "minimatch": "10.1.2",
-    "scslre": "0.3.0",
-    "semver": "7.7.4",
-    "typescript": ">=5"
-  },
-  "peerDependencies": {
-    "eslint": "^8.0.0 || ^9.0.0"
-  }
-}
+{"author":"SonarSource","bugs":{"url":"https://community.sonarsource.com/"},"description":"SonarJS rules for ESLint","homepage":"https://github.com/SonarSource/SonarJS/blob/master/packages/jsts/src/rules/README.md","keywords":["sonarjs","eslint","eslintplugin"],"license":"LGPL-3.0-only","main":"./cjs/plugin.js","peerDependencies":{"eslint":"^8.0.0 || ^9.0.0 || ^10.0.0"},"repository":{"type":"git","url":"git+https://github.com/SonarSource/SonarJS.git"},"types":"./types/plugin.d.ts","name":"eslint-plugin-sonarjs","version":"4.0.0","dependencies":{"typescript":">=5","semver":"7.7.4","jsx-ast-utils-x":"0.1.0","lodash.merge":"4.6.2","functional-red-black-tree":"1.0.1","@eslint-community/regexpp":"4.12.2","minimatch":"10.2.1","ts-api-utils":"2.4.0","scslre":"0.3.0","bytes":"3.1.2","builtin-modules":"3.3.0","globals":"17.3.0"}}

package/types/S125/rule.d.ts

@@ -1,2 +1,2 @@
-import { Rule } from 'eslint';
+import type { Rule } from 'eslint';
 export declare const rule: Rule.RuleModule;

package/types/{S1523 → S8441}/generated-meta.d.ts

@@ -11,7 +11,7 @@ export declare const meta: {
     deprecated: false;
     defaultOptions: never[];
 };
-export declare const sonarKey = "S1523";
-export declare const scope = "Main";
+export declare const sonarKey = "S8441";
+export declare const scope = "All";
 export declare const languages: ('js' | 'ts')[];
 export declare const requiredDependency: never[];

package/types/S8441/meta.d.ts

@@ -0,0 +1,3 @@
+export declare const implementation = "original";
+export declare const eslintId = "no-session-cookies-on-static-assets";
+export declare const hasSecondaries = true;

package/types/helpers/ancestor.d.ts

@@ -1,6 +1,7 @@
 import type { TSESTree } from '@typescript-eslint/utils';
 import { Rule, SourceCode } from 'eslint';
 import type { Node } from 'estree';
+import ts from 'typescript';
 export declare function findFirstMatchingLocalAncestor(node: TSESTree.Node, predicate: (node: TSESTree.Node) => boolean): TSESTree.Node | undefined;
 export declare function findFirstMatchingAncestor(node: TSESTree.Node, predicate: (node: TSESTree.Node) => boolean): TSESTree.Node | undefined;
 export declare function localAncestorsChain(node: TSESTree.Node): TSESTree.Node[];
@@ -28,3 +29,4 @@ export declare function getNodeParent(node: Node): Node;
  * @returns the node children
  */
 export declare function childrenOf(node: Node, visitorKeys: SourceCode.VisitorKeys): Node[];
+export declare function isTsAncestor(candidate: ts.Node, node: ts.Node): boolean;

package/types/plugin-rules.d.ts

@@ -41,7 +41,6 @@ export declare const rules: {
     'no-unused-vars': import("eslint").Rule.RuleModule;
     'prefer-immediate-return': import("eslint").Rule.RuleModule;
     'function-inside-loop': import("eslint").Rule.RuleModule;
-    'code-eval': import("eslint").Rule.RuleModule;
     'no-variable-usage-before-declaration': import("eslint").Rule.RuleModule;
     'future-reserved-words': import("eslint").Rule.RuleModule;
     'array-constructor': import("eslint").Rule.RuleModule;
@@ -121,10 +120,6 @@ export declare const rules: {
     'no-redundant-jump': import("eslint").Rule.RuleModule;
     'inconsistent-function-call': import("eslint").Rule.RuleModule;
     'no-use-of-empty-return-value': import("eslint").Rule.RuleModule;
-    'enforce-trailing-comma': {
-        meta: import("@eslint/core").RulesMeta<string, unknown[], unknown>;
-        create(context: import("eslint").Rule.RuleContext): import("eslint").Rule.RuleListener;
-    };
     'void-use': import("eslint").Rule.RuleModule;
     'operation-returning-nan': import("eslint").Rule.RuleModule;
     'values-not-convertible-to-numbers': import("eslint").Rule.RuleModule;
@@ -137,7 +132,6 @@ export declare const rules: {
     'function-return-type': import("eslint").Rule.RuleModule;
     'no-inconsistent-returns': import("eslint").Rule.RuleModule;
     'no-reference-error': import("eslint").Rule.RuleModule;
-    'super-invocation': import("eslint").Rule.RuleModule;
     'no-all-duplicated-branches': import("eslint").Rule.RuleModule;
     'no-same-line-conditional': import("eslint").Rule.RuleModule;
     'conditional-indentation': import("eslint").Rule.RuleModule;
@@ -271,4 +265,5 @@ export declare const rules: {
     'no-async-constructor': import("eslint").Rule.RuleModule;
     'review-blockchain-mnemonic': import("eslint").Rule.RuleModule;
     'dynamically-constructed-templates': import("eslint").Rule.RuleModule;
+    'no-session-cookies-on-static-assets': import("eslint").Rule.RuleModule;
 };

package/cjs/S1523/generated-meta.js

@@ -1,51 +0,0 @@
-"use strict";
-/*
- * SonarQube JavaScript Plugin
- * Copyright (C) 2011-2025 SonarSource Sàrl
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the Sonar Source-Available License for more details.
- *
- * You should have received a copy of the Sonar Source-Available License
- * along with this program; if not, see https://sonarsource.com/license/ssal/
- */
-// https://sonarsource.github.io/rspec/#/rspec/S1523/javascript
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.requiredDependency = exports.languages = exports.scope = exports.sonarKey = exports.meta = void 0;
-__exportStar(require("./meta.js"), exports);
-exports.meta = {
-    type: 'problem',
-    docs: {
-        description: 'Dynamically executing code is security-sensitive',
-        recommended: true,
-        url: 'https://sonarsource.github.io/rspec/#/rspec/S1523/javascript',
-        requiresTypeChecking: false,
-    },
-    fixable: undefined,
-    deprecated: false,
-    defaultOptions: [],
-};
-exports.sonarKey = 'S1523';
-exports.scope = 'Main';
-exports.languages = ['js', 'ts'];
-exports.requiredDependency = [];

package/cjs/S1523/meta.js

@@ -1,21 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.eslintId = exports.implementation = void 0;
-/*
- * SonarQube JavaScript Plugin
- * Copyright (C) 2011-2025 SonarSource Sàrl
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the Sonar Source-Available License for more details.
- *
- * You should have received a copy of the Sonar Source-Available License
- * along with this program; if not, see https://sonarsource.com/license/ssal/
- */
-exports.implementation = 'original';
-exports.eslintId = 'code-eval';

package/cjs/S1523/rule.js

@@ -1,105 +0,0 @@
-"use strict";
-/*
- * SonarQube JavaScript Plugin
- * Copyright (C) 2011-2025 SonarSource Sàrl
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the Sonar Source-Available License for more details.
- *
- * You should have received a copy of the Sonar Source-Available License
- * along with this program; if not, see https://sonarsource.com/license/ssal/
- */
-// https://sonarsource.github.io/rspec/#/rspec/S1523/javascript
-// SQ key 'eval'
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.rule = void 0;
-const core_js_1 = require("../external/core.js");
-const index_js_1 = require("../helpers/index.js");
-const meta = __importStar(require("./generated-meta.js"));
-const noScriptUrlRule = (0, core_js_1.getESLintCoreRule)('no-script-url');
-const EVAL_LIKE_FUNCTIONS = new Set([
-    'eval',
-    'Function',
-    'vm.Script',
-    'vm.SourceTextModule',
-    'vm.runInContext',
-    'vm.runInNewContext',
-    'vm.runInThisContext',
-]);
-exports.rule = {
-    meta: (0, index_js_1.generateMeta)(meta, {
-        messages: {
-            safeCode: 'Make sure that this dynamic injection or execution of code is safe.',
-            unexpectedScriptURL: "Make sure that 'javascript:' code is safe as it is a form of eval().",
-        },
-    }),
-    create(context) {
-        return {
-            CallExpression: (node) => checkCallExpression(node, context),
-            NewExpression: (node) => checkCallExpression(node, context),
-            ...noScriptUrlRule.create(context),
-        };
-    },
-};
-function checkCallExpression(node, context) {
-    if (['Identifier', 'MemberExpression'].includes(node.callee.type)) {
-        const name = (0, index_js_1.getFullyQualifiedName)(context, node) || '';
-        if (EVAL_LIKE_FUNCTIONS.has(name) && hasAtLeastOneVariableArgument(node.arguments)) {
-            context.report({
-                messageId: 'safeCode',
-                node: node.callee,
-            });
-        }
-    }
-}
-function hasAtLeastOneVariableArgument(args) {
-    return args.some(arg => !isLiteral(arg));
-}
-function isLiteral(node) {
-    if (node.type === 'Literal') {
-        return true;
-    }
-    if (node.type === 'TemplateLiteral') {
-        return node.expressions.length === 0;
-    }
-    return false;
-}

package/cjs/S3723/config.js

@@ -1,25 +0,0 @@
-"use strict";
-/*
- * SonarQube JavaScript Plugin
- * Copyright (C) 2011-2025 SonarSource Sàrl
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the Sonar Source-Available License for more details.
- *
- * You should have received a copy of the Sonar Source-Available License
- * along with this program; if not, see https://sonarsource.com/license/ssal/
- */
-// https://sonarsource.github.io/rspec/#/rspec/S3723/javascript
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.fields = void 0;
-exports.fields = [
-    {
-        default: 'always-multiline',
-    },
-];