6.13.126 • Published 10 months ago

@patrtorg/labore-nemo-impedit v6.13.126

Weekly downloads
-
License
MIT
Repository
github
Last release
10 months ago

@patrtorg/labore-nemo-impedit

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @patrtorg/labore-nemo-impedit

or

yarn add --dev @patrtorg/labore-nemo-impedit

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@patrtorg/labore-nemo-impedit');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.
mimeObservableBigInt64ArrayES2018throttlereal-timewrapnpmrapidgesturesArrayBuffercloudsearchestreees5StreamfastclonenopecensorsyntaxerroroncediffUint8ArraytextregexconcatFloat64ArrayES5matchAlltapeopenspromisesupemojieslintpluginObject.keysbytecollection.es6keyshooksfpsworkspace:*swfObject.assigndefaultopenomitpluginloadingtoolkitargvObject.definePropertyloadbalancingstyleguidehas-ownflagsrequirebundlertddUint32ArraypositivebundlingidentifiersgroupBysymbolsstyleswarningcommandhelperhttpsstdlibreact poseformatargparsees2015Int8ArrayReactiveXcurldependency managerserializetimefullwidthajvstreams2framerframeworkpatchprototypestableapolloeverystyled-componentsreadablestreamqsspawnansicmdelasticacheCSSStyleDeclarationendpointuninstalls3inputArrayECMAScript 2018awaiturlsmatchObject.entriescoreyamlspeedfunction.lengthcollectionvaluesstringifierjshintObject.valueseventEmitterequalityjoijavascriptwaitObject.isES2015argsprotocol-buffersposewordbreakarraycallbind__proto__promiseUint16Arrayrandomhigher-orderoutputexeECMAScript 2019typedarraysiconvhasOwnconfigurable.envtypanionfast-deep-copypreserve-symlinksspringphonecryptofigletgraphqlicuoffsetfile systemECMAScript 3Float32ArrayresolveschemaES2016executableinspectcolour0vestpersistentfunctionstsgenericsregexplintrmdirinstallerdataViewArrayBuffer.prototype.sliceTypeBoxamazoneast-asian-widthisConcatSpreadableecmascriptwhatwgquoteregulararraybufferownsearchtapindicatorcloudwatchlanguagesetImmediatedependenciesmatchesxdg-opencallnegativeES7Symbol.toStringTagStyleSheetterminalMicrosoftwalkingsetterjsonpathflattenECMAScript 2015redux-toolkitcolumnartthreetyped arraylengthspinnersexecparentslook-upglobruntimeshellsetvalidpipelookenvFunction.prototype.namelastreduxsortedwafautoscalingextendassignspecutilityloggingsuperagentmochadatastructureprocessfindupTypeScriptmimetypesa11yYAMLtelephonetaketestingIteratordeepclonecallbackdomES2017bluebirdString.prototype.matchAlljQueryidleiterationArray.prototype.findLastmkdirpescapeECMAScript 7trimLeftutilES2022emrschemewebaccessibilitySetes2017package.jsonArray.prototype.includesdebuggerdrag-0directoryxdgmobileshebangvaluerfc4122Array.prototype.flatMapmodulestoobjectreact-hook-formoptimistqueryes8functionfindLastIndexfilterimportexporttypedqueueMicrotaskglaciersymbolboundreadbrowserlaunchlimitedcssUnderscoretouchexpresssharedarraybufferfull-widthreacttslibfast-deep-clonecall-bind[[Prototype]]websitergbenvironmentvalidatemruincludesAsyncIteratorparentmake dirstartvpcopenerfind-upinstallagentchildmkdirsformsesweakmapcode pointsMapsetPrototypeOfjsxtypescriptCSSsymlinkWeakMapJSONbreakcachees-shim APIfilei18nglobalsdropdayjsArray.prototype.flatapicss-in-jsintrinsiccolorredirectArray.prototype.flattenelectronargumenttraverseratenamesieformattingdeletevarschromeprefixTypedArrayperformantArrayBuffer#slicetypeerrorexpressioncharactersECMAScript 2020asciirangeerrorReflect.getPrototypeOfsnsduplexworkerloggereventDispatcherRegExp.prototype.flagslruinferenceeventsgetintrinsicavakarmattygdprbuffersrobustjasminetypesafefast-cloneArray.prototype.containsreduceguidreact-hooksstoragegatewayInt32Arraycolorsessuperstructsharedhelperses6fastBigUint64Arraypackage manageres-abstracthashjapanesebuffercjktypelogES2019l10ncodestostringtagglobaldeterministiclazyawsponyfilles2016visualbindRegExp#flagsstarterremovesqsECMAScript 2017assertseslint-pluginmkdircloudformationhardlinkseslintconfigbrowserslistes-shimsflatMapasyncvariablesgetoptpushebsESnextgroupsymlinkspackageInt16Array@@toStringTaginjsonstatelesstrimSymbolES2020uuidprotochanneliambrowserlistECMAScript 2023multi-packageES6PushreuseconcatMapgetOwnPropertyDescriptorES2023parserdynamodbparsingstructuredClonefetchefficientmetadatalockfilezerohttpnativeregular expressions$.extendenumerableserializationflagmakefast-copyautoprefixerrm -frlocationRFC-6455mapdescriptorsworkflowESarktypefindLastconsumetc39batchjsdiffmoduletestersequenceiteratorpostcsschromiumpropertiesdirclientformschaianimationcompareRxJSreadableendershamtypesarraysmime-dbArray.prototype.findLastIndexparse_.extendassertutilitieshookformchinesepropString.prototype.trimdotenvbyteOffsetajaxdeepoptimizerECMAScript 2021JSON-SchemagetdescriptionmoveStreamsfunctional256momentdefinePropertyreact-testing-libraryproxycommanderprunewalkcharacterstringio-tstoArraycheckminimaldataviewviewmapreducedatasettingsurlECMAScript 2022whichflatWeakSetdefineregular expressionrm -rfES2021Object.getPrototypeOfwgetperformancetypeoffrommergecomputed-typescoerciblepropertycommand-line3deslintwaapistreamsprettyconsoleserializertrimStartextensionslotsyntaxidtoStringTagdateappsafeObservablesObject.fromEntriesspinnerimmerbddgetterenvironmentsunicodeargumentsnodejsrdstaskES8fullRxUint8ClampedArrayWebSocketcliairbnbdom-testing-libraryeditorthroatsameValueZeroes2018trimEndECMAScript 6util.inspectforEachzodclass-validatorwidthcreatesideReactiveExtensionslistenersprivatelinkcompilerHyBipackagesaccessorstyleclonelibphonenumberroutesortkinesisfastifyroutingprotobufwordwrapkoreandeep-cloneECMAScript 5scheme-validationdeep-copyWebSocketsinternal slotrequeststylingdeepcopyfspostcss-pluginECMAScript 2016Promisereducerrecursivehaswritablepicomatchweaksetconvertratelimitform-validationfastcopyshrinkwrapawesomesauceastcloudfrontvalidationbannerpathissimpledbdescriptorslicenegative zero
@dramaorg/esse-praesentium-eligendi@dramaorg/quae-dolore-nostrum@juigorg/nisi-molestiae-ut@juigorg/sit-nam-neque@kollorg/dicta-itaque-nemo@kollorg/nihil-veniam-deserunt@patrtorg/a-ad-expedita@patrtorg/a-ut-amet@patrtorg/architecto-rerum-eos@patrtorg/aspernatur-dolorum-ducimus@patrtorg/autem-et-hic@patrtorg/consectetur-culpa-non@patrtorg/consectetur-repudiandae-consequuntur@patrtorg/consequatur-voluptatum-officiis@patrtorg/cumque-alias-facilis@patrtorg/ducimus-magni-quibusdam@patrtorg/enim-magni-hic@patrtorg/est-corrupti-deleniti@patrtorg/eveniet-tempore-maiores@patrtorg/illum-sapiente-quos@patrtorg/laborum-doloribus-voluptate@patrtorg/libero-doloribus-omnis@patrtorg/libero-voluptas-sequi@patrtorg/magnam-aut-adipisci@patrtorg/maiores-quidem-quo@patrtorg/molestias-molestias-ut@patrtorg/nam-eius-unde@patrtorg/pariatur-deleniti-quaerat@patrtorg/porro-labore-eos@patrtorg/quae-earum-eius@patrtorg/quos-quasi-ipsa@patrtorg/sapiente-eos-magnam@patrtorg/sapiente-exercitationem-sit@patrtorg/tenetur-animi-reprehenderit@swenkerorg/modi-dolorum-provident@swenkerorg/nulla-voluptates-voluptates@zitterorg/aspernatur-pariatur-occaecati@zitterorg/eum-veritatis-placeat@zitterorg/illum-perferendis-consecteturanalsorhost-simple-bscorcojs-qrcodecorcojs-qrcode-logodable-effectfiran-loggingsimple-assi-animationsimple-prompts-web3
6.13.125

10 months ago

6.13.126

10 months ago

6.13.124

10 months ago

4.1.38

1 year ago

4.1.39

1 year ago

4.1.37

1 year ago

6.12.117

10 months ago

6.12.118

10 months ago

4.3.46

1 year ago

5.4.69

12 months ago

5.4.67

12 months ago

4.3.48

1 year ago

5.4.68

12 months ago

4.3.47

1 year ago

5.4.66

12 months ago

5.6.73

12 months ago

3.1.34

1 year ago

3.1.33

1 year ago

5.6.75

12 months ago

3.1.36

1 year ago

5.6.74

12 months ago

3.1.35

1 year ago

5.8.92

11 months ago

5.8.93

11 months ago

3.1.37

1 year ago

6.10.117

10 months ago

5.8.91

11 months ago

3.1.30

1 year ago

3.1.32

1 year ago

3.1.31

1 year ago

4.1.41

1 year ago

4.1.42

1 year ago

4.1.43

1 year ago

4.1.44

1 year ago

4.1.40

1 year ago

5.3.61

1 year ago

5.3.60

1 year ago

3.1.14

1 year ago

3.1.13

1 year ago

3.1.16

1 year ago

3.1.15

1 year ago

3.1.18

1 year ago

3.1.17

1 year ago

4.2.44

1 year ago

4.2.45

1 year ago

6.9.99

11 months ago

5.3.66

12 months ago

5.3.65

12 months ago

4.2.46

1 year ago

5.3.64

1 year ago

5.3.63

1 year ago

5.3.62

1 year ago

5.5.73

12 months ago

5.3.50

1 year ago

3.1.23

1 year ago

3.1.22

1 year ago

5.5.71

12 months ago

3.1.25

1 year ago

5.5.72

12 months ago

3.1.24

1 year ago

6.13.118

10 months ago

3.1.27

1 year ago

6.13.119

10 months ago

5.7.91

11 months ago

5.5.70

12 months ago

3.1.26

1 year ago

3.1.29

1 year ago

3.1.28

1 year ago

6.10.108

10 months ago

6.10.109

10 months ago

6.10.106

11 months ago

5.7.90

11 months ago

6.10.107

10 months ago

3.1.21

1 year ago

3.1.20

1 year ago

6.10.111

10 months ago

6.9.103

11 months ago

6.10.112

10 months ago

6.9.102

11 months ago

6.9.101

11 months ago

6.10.110

10 months ago

6.9.100

11 months ago

6.10.115

10 months ago

6.10.116

10 months ago

6.10.113

10 months ago

6.10.114

10 months ago

5.3.59

1 year ago

5.3.58

1 year ago

5.3.57

1 year ago

3.1.19

1 year ago

5.3.56

1 year ago

6.13.120

10 months ago

5.3.55

1 year ago

6.13.121

10 months ago

5.3.54

1 year ago

6.13.122

10 months ago

6.11.117

10 months ago

6.9.106

11 months ago

5.3.53

1 year ago

6.13.123

10 months ago

6.9.105

11 months ago

5.3.52

1 year ago

6.9.104

11 months ago

5.3.51

1 year ago

5.7.85

11 months ago

5.7.84

11 months ago

5.7.87

11 months ago

5.7.86

11 months ago

5.7.81

11 months ago

5.7.80

12 months ago

5.7.83

11 months ago

5.7.82

11 months ago

5.3.49

1 year ago

5.3.48

1 year ago

5.5.69

12 months ago

5.7.89

11 months ago

5.7.88

11 months ago

5.9.97

11 months ago

5.9.98

11 months ago

5.9.99

11 months ago

5.7.76

12 months ago

5.7.75

12 months ago

5.9.93

11 months ago

5.9.94

11 months ago

5.9.95

11 months ago

5.9.96

11 months ago

5.7.78

12 months ago

5.7.77

12 months ago

5.7.79

12 months ago

3.1.12

1 year ago

2.1.9

1 year ago

2.1.12

1 year ago

2.1.10

1 year ago

2.1.11

1 year ago

2.1.8

1 year ago

2.1.7

1 year ago

2.1.6

1 year ago

2.1.5

1 year ago

2.1.4

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.1.2

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago