6.13.126 • Published 11 months ago

@patrtorg/labore-nemo-impedit v6.13.126

Weekly downloads
-
License
MIT
Repository
github
Last release
11 months ago

@patrtorg/labore-nemo-impedit

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @patrtorg/labore-nemo-impedit

or

yarn add --dev @patrtorg/labore-nemo-impedit

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@patrtorg/labore-nemo-impedit');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.
mimeObservableBigInt64ArrayES2018throttlereal-timewrapnpmrapidgesturesArrayBuffercloudsearchestreees5StreamfastclonenopecensorsyntaxerroroncediffUint8ArraytextregexconcatFloat64ArrayES5matchAlltapeopenspromisesupemojieslintpluginObject.keysbytecollection.es6keyshooksfpsworkspace:*swfObject.assigndefaultopenomitpluginloadingtoolkitargvObject.definePropertyloadbalancingstyleguidehas-ownflagsrequirebundlertddUint32ArraypositivebundlingidentifiersgroupBysymbolsstyleswarningcommandhelperhttpsstdlibreact poseformatargparsees2015Int8ArrayReactiveXcurldependency managerserializetimefullwidthajvstreams2framerframeworkpatchprototypestableapolloeverystyled-componentsreadablestreamqsspawnansicmdelasticacheCSSStyleDeclarationendpointuninstalls3inputArrayECMAScript 2018awaiturlsmatchObject.entriescoreyamlspeedfunction.lengthcollectionvaluesstringifierjshintObject.valueseventEmitterequalityjoijavascriptwaitObject.isES2015argsprotocol-buffersposewordbreakarraycallbind__proto__promiseUint16Arrayrandomhigher-orderoutputexeECMAScript 2019typedarraysiconvhasOwnconfigurable.envtypanionfast-deep-copypreserve-symlinksspringphonecryptofigletgraphqlicuoffsetfile systemECMAScript 3Float32ArrayresolveschemaES2016executableinspectcolour0vestpersistentfunctionstsgenericsregexplintrmdirinstallerdataViewArrayBuffer.prototype.sliceTypeBoxamazoneast-asian-widthisConcatSpreadableecmascriptwhatwgquoteregulararraybufferownsearchtapindicatorcloudwatchlanguagesetImmediatedependenciesmatchesxdg-opencallnegativeES7Symbol.toStringTagStyleSheetterminalMicrosoftwalkingsetterjsonpathflattenECMAScript 2015redux-toolkitcolumnartthreetyped arraylengthspinnersexecparentslook-upglobruntimeshellsetvalidpipelookenvFunction.prototype.namelastreduxsortedwafautoscalingextendassignspecutilityloggingsuperagentmochadatastructureprocessfindupTypeScriptmimetypesa11yYAMLtelephonetaketestingIteratordeepclonecallbackdomES2017bluebirdString.prototype.matchAlljQueryidleiterationArray.prototype.findLastmkdirpescapeECMAScript 7trimLeftutilES2022emrschemewebaccessibilitySetes2017package.jsonArray.prototype.includesdebuggerdrag-0directoryxdgmobileshebangvaluerfc4122Array.prototype.flatMapmodulestoobjectreact-hook-formoptimistqueryes8functionfindLastIndexfilterimportexporttypedqueueMicrotaskglaciersymbolboundreadbrowserlaunchlimitedcssUnderscoretouchexpresssharedarraybufferfull-widthreacttslibfast-deep-clonecall-bind[[Prototype]]websitergbenvironmentvalidatemruincludesAsyncIteratorparentmake dirstartvpcopenerfind-upinstallagentchildmkdirsformsesweakmapcode pointsMapsetPrototypeOfjsxtypescriptCSSsymlinkWeakMapJSONbreakcachees-shim APIfilei18nglobalsdropdayjsArray.prototype.flatapicss-in-jsintrinsiccolorredirectArray.prototype.flattenelectronargumenttraverseratenamesieformattingdeletevarschromeprefixTypedArrayperformantArrayBuffer#slicetypeerrorexpressioncharactersECMAScript 2020asciirangeerrorReflect.getPrototypeOfsnsduplexworkerloggereventDispatcherRegExp.prototype.flagslruinferenceeventsgetintrinsicavakarmattygdprbuffersrobustjasminetypesafefast-cloneArray.prototype.containsreduceguidreact-hooksstoragegatewayInt32Arraycolorsessuperstructsharedhelperses6fastBigUint64Arraypackage manageres-abstracthashjapanesebuffercjktypelogES2019l10ncodestostringtagglobaldeterministiclazyawsponyfilles2016visualbindRegExp#flagsstarterremovesqsECMAScript 2017assertseslint-pluginmkdircloudformationhardlinkseslintconfigbrowserslistes-shimsflatMapasyncvariablesgetoptpushebsESnextgroupsymlinkspackageInt16Array@@toStringTaginjsonstatelesstrimSymbolES2020uuidprotochanneliambrowserlistECMAScript 2023multi-packageES6PushreuseconcatMapgetOwnPropertyDescriptorES2023parserdynamodbparsingstructuredClonefetchefficientmetadatalockfilezerohttpnativeregular expressions$.extendenumerableserializationflagmakefast-copyautoprefixerrm -frlocationRFC-6455mapdescriptorsworkflowESarktypefindLastconsumetc39batchjsdiffmoduletestersequenceiteratorpostcsschromiumpropertiesdirclientformschaianimationcompareRxJSreadableendershamtypesarraysmime-dbArray.prototype.findLastIndexparse_.extendassertutilitieshookformchinesepropString.prototype.trimdotenvbyteOffsetajaxdeepoptimizerECMAScript 2021JSON-SchemagetdescriptionmoveStreamsfunctional256momentdefinePropertyreact-testing-libraryproxycommanderprunewalkcharacterstringio-tstoArraycheckminimaldataviewviewmapreducedatasettingsurlECMAScript 2022whichflatWeakSetdefineregular expressionrm -rfES2021Object.getPrototypeOfwgetperformancetypeoffrommergecomputed-typescoerciblepropertycommand-line3deslintwaapistreamsprettyconsoleserializertrimStartextensionslotsyntaxidtoStringTagdateappsafeObservablesObject.fromEntriesspinnerimmerbddgetterenvironmentsunicodeargumentsnodejsrdstaskES8fullRxUint8ClampedArrayWebSocketcliairbnbdom-testing-libraryeditorthroatsameValueZeroes2018trimEndECMAScript 6util.inspectforEachzodclass-validatorwidthcreatesideReactiveExtensionslistenersprivatelinkcompilerHyBipackagesaccessorstyleclonelibphonenumberroutesortkinesisfastifyroutingprotobufwordwrapkoreandeep-cloneECMAScript 5scheme-validationdeep-copyWebSocketsinternal slotrequeststylingdeepcopyfspostcss-pluginECMAScript 2016Promisereducerrecursivehaswritablepicomatchweaksetconvertratelimitform-validationfastcopyshrinkwrapawesomesauceastcloudfrontvalidationbannerpathissimpledbdescriptorslicenegative zero
@dramaorg/esse-praesentium-eligendi@dramaorg/quae-dolore-nostrum@juigorg/nisi-molestiae-ut@juigorg/sit-nam-neque@kollorg/dicta-itaque-nemo@kollorg/nihil-veniam-deserunt@patrtorg/a-ad-expedita@patrtorg/a-ut-amet@patrtorg/architecto-rerum-eos@patrtorg/aspernatur-dolorum-ducimus@patrtorg/autem-et-hic@patrtorg/consectetur-culpa-non@patrtorg/consectetur-repudiandae-consequuntur@patrtorg/consequatur-voluptatum-officiis@patrtorg/cumque-alias-facilis@patrtorg/ducimus-magni-quibusdam@patrtorg/enim-magni-hic@patrtorg/est-corrupti-deleniti@patrtorg/eveniet-tempore-maiores@patrtorg/illum-sapiente-quos@patrtorg/laborum-doloribus-voluptate@patrtorg/libero-doloribus-omnis@patrtorg/libero-voluptas-sequi@patrtorg/magnam-aut-adipisci@patrtorg/maiores-quidem-quo@patrtorg/molestias-molestias-ut@patrtorg/nam-eius-unde@patrtorg/pariatur-deleniti-quaerat@patrtorg/porro-labore-eos@patrtorg/quae-earum-eius@patrtorg/quos-quasi-ipsa@patrtorg/sapiente-eos-magnam@patrtorg/sapiente-exercitationem-sit@patrtorg/tenetur-animi-reprehenderit@swenkerorg/modi-dolorum-provident@swenkerorg/nulla-voluptates-voluptates@zitterorg/aspernatur-pariatur-occaecati@zitterorg/eum-veritatis-placeat@zitterorg/illum-perferendis-consecteturanalsorhost-simple-bscorcojs-qrcodecorcojs-qrcode-logodable-effectfiran-loggingsimple-assi-animationsimple-prompts-web3
6.13.125

11 months ago

6.13.126

11 months ago

6.13.124

11 months ago

4.1.38

1 year ago

4.1.39

1 year ago

4.1.37

1 year ago

6.12.117

12 months ago

6.12.118

12 months ago

4.3.46

1 year ago

5.4.69

1 year ago

5.4.67

1 year ago

4.3.48

1 year ago

5.4.68

1 year ago

4.3.47

1 year ago

5.4.66

1 year ago

5.6.73

1 year ago

3.1.34

1 year ago

3.1.33

1 year ago

5.6.75

1 year ago

3.1.36

1 year ago

5.6.74

1 year ago

3.1.35

1 year ago

5.8.92

1 year ago

5.8.93

1 year ago

3.1.37

1 year ago

6.10.117

12 months ago

5.8.91

1 year ago

3.1.30

1 year ago

3.1.32

1 year ago

3.1.31

1 year ago

4.1.41

1 year ago

4.1.42

1 year ago

4.1.43

1 year ago

4.1.44

1 year ago

4.1.40

1 year ago

5.3.61

1 year ago

5.3.60

1 year ago

3.1.14

1 year ago

3.1.13

1 year ago

3.1.16

1 year ago

3.1.15

1 year ago

3.1.18

1 year ago

3.1.17

1 year ago

4.2.44

1 year ago

4.2.45

1 year ago

6.9.99

1 year ago

5.3.66

1 year ago

5.3.65

1 year ago

4.2.46

1 year ago

5.3.64

1 year ago

5.3.63

1 year ago

5.3.62

1 year ago

5.5.73

1 year ago

5.3.50

1 year ago

3.1.23

1 year ago

3.1.22

1 year ago

5.5.71

1 year ago

3.1.25

1 year ago

5.5.72

1 year ago

3.1.24

1 year ago

6.13.118

12 months ago

3.1.27

1 year ago

6.13.119

12 months ago

5.7.91

1 year ago

5.5.70

1 year ago

3.1.26

1 year ago

3.1.29

1 year ago

3.1.28

1 year ago

6.10.108

12 months ago

6.10.109

12 months ago

6.10.106

12 months ago

5.7.90

1 year ago

6.10.107

12 months ago

3.1.21

1 year ago

3.1.20

1 year ago

6.10.111

12 months ago

6.9.103

1 year ago

6.10.112

12 months ago

6.9.102

1 year ago

6.9.101

1 year ago

6.10.110

12 months ago

6.9.100

1 year ago

6.10.115

12 months ago

6.10.116

12 months ago

6.10.113

12 months ago

6.10.114

12 months ago

5.3.59

1 year ago

5.3.58

1 year ago

5.3.57

1 year ago

3.1.19

1 year ago

5.3.56

1 year ago

6.13.120

12 months ago

5.3.55

1 year ago

6.13.121

12 months ago

5.3.54

1 year ago

6.13.122

11 months ago

6.11.117

12 months ago

6.9.106

12 months ago

5.3.53

1 year ago

6.13.123

11 months ago

6.9.105

1 year ago

5.3.52

1 year ago

6.9.104

1 year ago

5.3.51

1 year ago

5.7.85

1 year ago

5.7.84

1 year ago

5.7.87

1 year ago

5.7.86

1 year ago

5.7.81

1 year ago

5.7.80

1 year ago

5.7.83

1 year ago

5.7.82

1 year ago

5.3.49

1 year ago

5.3.48

1 year ago

5.5.69

1 year ago

5.7.89

1 year ago

5.7.88

1 year ago

5.9.97

1 year ago

5.9.98

1 year ago

5.9.99

1 year ago

5.7.76

1 year ago

5.7.75

1 year ago

5.9.93

1 year ago

5.9.94

1 year ago

5.9.95

1 year ago

5.9.96

1 year ago

5.7.78

1 year ago

5.7.77

1 year ago

5.7.79

1 year ago

3.1.12

1 year ago

2.1.9

1 year ago

2.1.12

1 year ago

2.1.10

1 year ago

2.1.11

1 year ago

2.1.8

1 year ago

2.1.7

1 year ago

2.1.6

1 year ago

2.1.5

1 year ago

2.1.4

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.1.2

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago