6.13.126 • Published 11 months ago

@patrtorg/labore-nemo-impedit v6.13.126

Weekly downloads
-
License
MIT
Repository
github
Last release
11 months ago

@patrtorg/labore-nemo-impedit

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @patrtorg/labore-nemo-impedit

or

yarn add --dev @patrtorg/labore-nemo-impedit

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@patrtorg/labore-nemo-impedit');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.
mimeObservableBigInt64ArrayES2018throttlereal-timewrapnpmrapidgesturesArrayBuffercloudsearchestreees5StreamfastclonenopecensorsyntaxerroroncediffUint8ArraytextregexconcatFloat64ArrayES5matchAlltapeopenspromisesupemojieslintpluginObject.keysbytecollection.es6keyshooksfpsworkspace:*swfObject.assigndefaultopenomitpluginloadingtoolkitargvObject.definePropertyloadbalancingstyleguidehas-ownflagsrequirebundlertddUint32ArraypositivebundlingidentifiersgroupBysymbolsstyleswarningcommandhelperhttpsstdlibreact poseformatargparsees2015Int8ArrayReactiveXcurldependency managerserializetimefullwidthajvstreams2framerframeworkpatchprototypestableapolloeverystyled-componentsreadablestreamqsspawnansicmdelasticacheCSSStyleDeclarationendpointuninstalls3inputArrayECMAScript 2018awaiturlsmatchObject.entriescoreyamlspeedfunction.lengthcollectionvaluesstringifierjshintObject.valueseventEmitterequalityjoijavascriptwaitObject.isES2015argsprotocol-buffersposewordbreakarraycallbind__proto__promiseUint16Arrayrandomhigher-orderoutputexeECMAScript 2019typedarraysiconvhasOwnconfigurable.envtypanionfast-deep-copypreserve-symlinksspringphonecryptofigletgraphqlicuoffsetfile systemECMAScript 3Float32ArrayresolveschemaES2016executableinspectcolour0vestpersistentfunctionstsgenericsregexplintrmdirinstallerdataViewArrayBuffer.prototype.sliceTypeBoxamazoneast-asian-widthisConcatSpreadableecmascriptwhatwgquoteregulararraybufferownsearchtapindicatorcloudwatchlanguagesetImmediatedependenciesmatchesxdg-opencallnegativeES7Symbol.toStringTagStyleSheetterminalMicrosoftwalkingsetterjsonpathflattenECMAScript 2015redux-toolkitcolumnartthreetyped arraylengthspinnersexecparentslook-upglobruntimeshellsetvalidpipelookenvFunction.prototype.namelastreduxsortedwafautoscalingextendassignspecutilityloggingsuperagentmochadatastructureprocessfindupTypeScriptmimetypesa11yYAMLtelephonetaketestingIteratordeepclonecallbackdomES2017bluebirdString.prototype.matchAlljQueryidleiterationArray.prototype.findLastmkdirpescapeECMAScript 7trimLeftutilES2022emrschemewebaccessibilitySetes2017package.jsonArray.prototype.includesdebuggerdrag-0directoryxdgmobileshebangvaluerfc4122Array.prototype.flatMapmodulestoobjectreact-hook-formoptimistqueryes8functionfindLastIndexfilterimportexporttypedqueueMicrotaskglaciersymbolboundreadbrowserlaunchlimitedcssUnderscoretouchexpresssharedarraybufferfull-widthreacttslibfast-deep-clonecall-bind[[Prototype]]websitergbenvironmentvalidatemruincludesAsyncIteratorparentmake dirstartvpcopenerfind-upinstallagentchildmkdirsformsesweakmapcode pointsMapsetPrototypeOfjsxtypescriptCSSsymlinkWeakMapJSONbreakcachees-shim APIfilei18nglobalsdropdayjsArray.prototype.flatapicss-in-jsintrinsiccolorredirectArray.prototype.flattenelectronargumenttraverseratenamesieformattingdeletevarschromeprefixTypedArrayperformantArrayBuffer#slicetypeerrorexpressioncharactersECMAScript 2020asciirangeerrorReflect.getPrototypeOfsnsduplexworkerloggereventDispatcherRegExp.prototype.flagslruinferenceeventsgetintrinsicavakarmattygdprbuffersrobustjasminetypesafefast-cloneArray.prototype.containsreduceguidreact-hooksstoragegatewayInt32Arraycolorsessuperstructsharedhelperses6fastBigUint64Arraypackage manageres-abstracthashjapanesebuffercjktypelogES2019l10ncodestostringtagglobaldeterministiclazyawsponyfilles2016visualbindRegExp#flagsstarterremovesqsECMAScript 2017assertseslint-pluginmkdircloudformationhardlinkseslintconfigbrowserslistes-shimsflatMapasyncvariablesgetoptpushebsESnextgroupsymlinkspackageInt16Array@@toStringTaginjsonstatelesstrimSymbolES2020uuidprotochanneliambrowserlistECMAScript 2023multi-packageES6PushreuseconcatMapgetOwnPropertyDescriptorES2023parserdynamodbparsingstructuredClonefetchefficientmetadatalockfilezerohttpnativeregular expressions$.extendenumerableserializationflagmakefast-copyautoprefixerrm -frlocationRFC-6455mapdescriptorsworkflowESarktypefindLastconsumetc39batchjsdiffmoduletestersequenceiteratorpostcsschromiumpropertiesdirclientformschaianimationcompareRxJSreadableendershamtypesarraysmime-dbArray.prototype.findLastIndexparse_.extendassertutilitieshookformchinesepropString.prototype.trimdotenvbyteOffsetajaxdeepoptimizerECMAScript 2021JSON-SchemagetdescriptionmoveStreamsfunctional256momentdefinePropertyreact-testing-libraryproxycommanderprunewalkcharacterstringio-tstoArraycheckminimaldataviewviewmapreducedatasettingsurlECMAScript 2022whichflatWeakSetdefineregular expressionrm -rfES2021Object.getPrototypeOfwgetperformancetypeoffrommergecomputed-typescoerciblepropertycommand-line3deslintwaapistreamsprettyconsoleserializertrimStartextensionslotsyntaxidtoStringTagdateappsafeObservablesObject.fromEntriesspinnerimmerbddgetterenvironmentsunicodeargumentsnodejsrdstaskES8fullRxUint8ClampedArrayWebSocketcliairbnbdom-testing-libraryeditorthroatsameValueZeroes2018trimEndECMAScript 6util.inspectforEachzodclass-validatorwidthcreatesideReactiveExtensionslistenersprivatelinkcompilerHyBipackagesaccessorstyleclonelibphonenumberroutesortkinesisfastifyroutingprotobufwordwrapkoreandeep-cloneECMAScript 5scheme-validationdeep-copyWebSocketsinternal slotrequeststylingdeepcopyfspostcss-pluginECMAScript 2016Promisereducerrecursivehaswritablepicomatchweaksetconvertratelimitform-validationfastcopyshrinkwrapawesomesauceastcloudfrontvalidationbannerpathissimpledbdescriptorslicenegative zero
6.13.125

11 months ago

6.13.126

11 months ago

6.13.124

11 months ago

4.1.38

1 year ago

4.1.39

1 year ago

4.1.37

1 year ago

6.12.117

12 months ago

6.12.118

12 months ago

4.3.46

1 year ago

5.4.69

1 year ago

5.4.67

1 year ago

4.3.48

1 year ago

5.4.68

1 year ago

4.3.47

1 year ago

5.4.66

1 year ago

5.6.73

1 year ago

3.1.34

1 year ago

3.1.33

1 year ago

5.6.75

1 year ago

3.1.36

1 year ago

5.6.74

1 year ago

3.1.35

1 year ago

5.8.92

1 year ago

5.8.93

1 year ago

3.1.37

1 year ago

6.10.117

12 months ago

5.8.91

1 year ago

3.1.30

1 year ago

3.1.32

1 year ago

3.1.31

1 year ago

4.1.41

1 year ago

4.1.42

1 year ago

4.1.43

1 year ago

4.1.44

1 year ago

4.1.40

1 year ago

5.3.61

1 year ago

5.3.60

1 year ago

3.1.14

1 year ago

3.1.13

1 year ago

3.1.16

1 year ago

3.1.15

1 year ago

3.1.18

1 year ago

3.1.17

1 year ago

4.2.44

1 year ago

4.2.45

1 year ago

6.9.99

1 year ago

5.3.66

1 year ago

5.3.65

1 year ago

4.2.46

1 year ago

5.3.64

1 year ago

5.3.63

1 year ago

5.3.62

1 year ago

5.5.73

1 year ago

5.3.50

1 year ago

3.1.23

1 year ago

3.1.22

1 year ago

5.5.71

1 year ago

3.1.25

1 year ago

5.5.72

1 year ago

3.1.24

1 year ago

6.13.118

12 months ago

3.1.27

1 year ago

6.13.119

12 months ago

5.7.91

1 year ago

5.5.70

1 year ago

3.1.26

1 year ago

3.1.29

1 year ago

3.1.28

1 year ago

6.10.108

12 months ago

6.10.109

12 months ago

6.10.106

12 months ago

5.7.90

1 year ago

6.10.107

12 months ago

3.1.21

1 year ago

3.1.20

1 year ago

6.10.111

12 months ago

6.9.103

1 year ago

6.10.112

12 months ago

6.9.102

1 year ago

6.9.101

1 year ago

6.10.110

12 months ago

6.9.100

1 year ago

6.10.115

12 months ago

6.10.116

12 months ago

6.10.113

12 months ago

6.10.114

12 months ago

5.3.59

1 year ago

5.3.58

1 year ago

5.3.57

1 year ago

3.1.19

1 year ago

5.3.56

1 year ago

6.13.120

12 months ago

5.3.55

1 year ago

6.13.121

12 months ago

5.3.54

1 year ago

6.13.122

11 months ago

6.11.117

12 months ago

6.9.106

12 months ago

5.3.53

1 year ago

6.13.123

11 months ago

6.9.105

1 year ago

5.3.52

1 year ago

6.9.104

1 year ago

5.3.51

1 year ago

5.7.85

1 year ago

5.7.84

1 year ago

5.7.87

1 year ago

5.7.86

1 year ago

5.7.81

1 year ago

5.7.80

1 year ago

5.7.83

1 year ago

5.7.82

1 year ago

5.3.49

1 year ago

5.3.48

1 year ago

5.5.69

1 year ago

5.7.89

1 year ago

5.7.88

1 year ago

5.9.97

1 year ago

5.9.98

1 year ago

5.9.99

1 year ago

5.7.76

1 year ago

5.7.75

1 year ago

5.9.93

1 year ago

5.9.94

1 year ago

5.9.95

1 year ago

5.9.96

1 year ago

5.7.78

1 year ago

5.7.77

1 year ago

5.7.79

1 year ago

3.1.12

1 year ago

2.1.9

1 year ago

2.1.12

1 year ago

2.1.10

1 year ago

2.1.11

1 year ago

2.1.8

1 year ago

2.1.7

1 year ago

2.1.6

1 year ago

2.1.5

1 year ago

2.1.4

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.1.2

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago