oauthlint 0.2.2 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +19 -19
- package/package.json +3 -3
package/LICENSE
CHANGED
package/README.md
CHANGED
|
@@ -1,17 +1,15 @@
|
|
|
1
1
|
<div align="center">
|
|
2
2
|
|
|
3
|
-
<img src="https://raw.githubusercontent.com/Auspeo/oauthlint/main/docs/public/logo.svg" width="76" alt="oauthlint logo" />
|
|
4
|
-
|
|
5
3
|
# oauthlint
|
|
6
4
|
|
|
7
5
|
**Catch the OAuth / OIDC / JWT anti-patterns AI coding tools systematically produce.**
|
|
8
6
|
|
|
9
|
-
|
|
7
|
+
A curated, multi-language Semgrep rule pack · JS/TS · Python · Go · Java · Rust (and growing) · CLI + GitHub Action + VS Code · free & MIT
|
|
10
8
|
|
|
11
9
|
[](https://www.npmjs.com/package/oauthlint)
|
|
12
10
|
[](https://www.npmjs.com/package/oauthlint)
|
|
13
11
|
[](https://github.com/Auspeo/oauthlint/actions/workflows/ci.yml)
|
|
14
|
-
[](https://
|
|
12
|
+
[](https://opensource.org/licenses/MIT)
|
|
15
13
|
[](https://oauthlint.dev)
|
|
16
14
|
|
|
17
15
|
</div>
|
|
@@ -60,9 +58,10 @@ oauthlint gives you is the work most people never do:
|
|
|
60
58
|
- **Low false positives, validated against real auth libraries.** The rules are
|
|
61
59
|
run against `jose`, NextAuth, PyJWT, Authlib, `golang/oauth2`, `oauth2-rs`,
|
|
62
60
|
Spring Security and more. Anything that fires on mature library source goes to
|
|
63
|
-
a triage queue, not to you —
|
|
64
|
-
on the clean
|
|
65
|
-
|
|
61
|
+
a triage queue, not to you — validated across thousands of files of real
|
|
62
|
+
auth-library source, with **zero false positives** on the clean libraries
|
|
63
|
+
([validation report](https://oauthlint.dev/VALIDATION)).
|
|
64
|
+
- **One coherent product across every language it covers.** Same concepts, same ID scheme,
|
|
66
65
|
same docs — not a patchwork of community rules with mismatched styles.
|
|
67
66
|
- **Every finding teaches.** All 90 rules link to a fix page with CWE and OWASP
|
|
68
67
|
mappings. It's a lesson, not a grep hit.
|
|
@@ -134,18 +133,19 @@ Or just fail the build on HIGH findings: `npx oauthlint scan ./src --fail-on HIG
|
|
|
134
133
|
|
|
135
134
|
## What it catches
|
|
136
135
|
|
|
137
|
-
|
|
138
|
-
|
|
136
|
+
Rules across OAuth 2.0, OIDC, JWT, cookies, CORS, secrets and session hygiene —
|
|
137
|
+
each mapped to CWE & OWASP, each with a documentation page. Languages covered
|
|
138
|
+
today (more on the way):
|
|
139
139
|
|
|
140
|
-
| Language |
|
|
141
|
-
|
|
142
|
-
| JavaScript / TypeScript |
|
|
143
|
-
| Python
|
|
144
|
-
| Java
|
|
145
|
-
| Go
|
|
146
|
-
| Rust
|
|
140
|
+
| Language | Libraries |
|
|
141
|
+
|----------|-----------|
|
|
142
|
+
| JavaScript / TypeScript | jose, jsonwebtoken, NextAuth, express, … |
|
|
143
|
+
| Python | PyJWT, Authlib, requests, Flask, Django |
|
|
144
|
+
| Java | Spring Security, jjwt, nimbus-jose-jwt |
|
|
145
|
+
| Go | golang-jwt, crypto/tls, net/http |
|
|
146
|
+
| Rust | jsonwebtoken, reqwest, actix/tower |
|
|
147
147
|
|
|
148
|
-
👉 **Browse the full catalogue at [oauthlint.dev/rules](https://oauthlint.dev/rules/).**
|
|
148
|
+
👉 **Browse the full, always-current catalogue at [oauthlint.dev/rules](https://oauthlint.dev/rules/).**
|
|
149
149
|
|
|
150
150
|
## Configuration
|
|
151
151
|
|
|
@@ -184,5 +184,5 @@ the next reviewer needs to see exactly which lines opted out, and why.
|
|
|
184
184
|
|
|
185
185
|
## License
|
|
186
186
|
|
|
187
|
-
MIT — see [LICENSE](https://github.com/Auspeo/oauthlint/blob/main/LICENSE).
|
|
188
|
-
by [
|
|
187
|
+
MIT — see [LICENSE](https://github.com/Auspeo/oauthlint/blob/main/LICENSE).
|
|
188
|
+
Built and maintained by [Auspeo](https://github.com/Auspeo).
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "oauthlint",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.4",
|
|
4
4
|
"description": "Catch the OAuth/OIDC/JWT anti-patterns AI coding tools systematically produce. CLI wrapper around the oauthlint-rules Semgrep rule pack.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"picocolors": "1.1.1",
|
|
48
48
|
"yaml": "2.9.0",
|
|
49
49
|
"zod": "3.24.1",
|
|
50
|
-
"oauthlint-rules": "0.2.
|
|
50
|
+
"oauthlint-rules": "0.2.2"
|
|
51
51
|
},
|
|
52
52
|
"devDependencies": {
|
|
53
53
|
"@types/node": "22.10.5",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"homepage": "https://oauthlint.dev",
|
|
66
66
|
"bugs": "https://github.com/Auspeo/oauthlint/issues",
|
|
67
67
|
"license": "MIT",
|
|
68
|
-
"author": "
|
|
68
|
+
"author": "Auspeo (https://github.com/Auspeo)",
|
|
69
69
|
"engines": {
|
|
70
70
|
"node": ">=20.0.0"
|
|
71
71
|
},
|