3.13.94 • Published 10 months ago

@taktikorg/deleniti-sint v3.13.94

Weekly downloads
-
License
MIT
Repository
github
Last release
10 months ago

@taktikorg/deleniti-sint

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @taktikorg/deleniti-sint

or

yarn add --dev @taktikorg/deleniti-sint

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@taktikorg/deleniti-sint');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.

TypeScript support

Type definitions for this package are managed by DefinitelyTyped. Use @types/@taktikorg/deleniti-sint for type checking.

npm install --save-dev @types/@taktikorg/deleniti-sint

# OR

yarn add --dev @types/@taktikorg/deleniti-sint
jsrulescommanderwritablehooksdebugwgetparsecomparecurriedredactarrayemitsetImmediateawesomesauceeslintconfigSymbol.toStringTagpropertiesSystem.globaltapecircularpiperdsinferencerestfuldebuggeri18ninputstarterhookformfull-widthelbTypeBoxvariablesconcatMapendpointroutingRegExp.prototype.flagsArray.prototype.contains_.extendmanagerwebcoercibletyped arraynumbercallbindwalkingsafebusyjsonschemacontainsinvariantlastbyteOffsetintrinsicinspectdefinePropertyexecfileglobal this valuecsslogoptiongetOwnPropertyDescriptortrimLefthigher-orderfast-clonetypedfullwidthvisualnodejslinkrequirelockfile6to5loadingpostcss-pluginramdaECMAScript 3groupansiES2023es5fast-deep-copyisConcatSpreadableiteratearktypergbBigInt64Arraystringifycallbackcoveragefunctionworkspace:*formReactiveExtensionshttpscodesserializeAsyncIteratortypeerrorreduxbddtypedarraysgitignorecryptopicomatchECMAScript 2020querystringenvironmentsfilteruninstalldayjswaapidescriptionconsumeownguidistanbulbufferssearchsettercloudwatchspringes2017genericseventsdataViewcharacterUnderscoreshamconcatregular expressionsIteratorstabledropnativeutilitiesiterator.gitignoreuser-streamsmatchAllsortcloudtrailbabelweakmapdragBigUint64ArraycolourkeysdeterministiceslintpluginflatECMAScript 6ArrayBuffer#slicefastfile systemdiffprogressglobalThisargumentflattenreworkES2022jsonglobalsuperagentapiUint8ClampedArrayoptimizertestingprunematchl10ntypesfullarraysformatrecursivemodulesECMAScript 2023helperequalityprotocol-bufferstypaniontrimloggerarraybufferassertioncensorcommand-linedescriptorsFloat64Arraystringifierlistenersreadsinatra256es8mobileES6isJSONttyECMAScript 2021mapreducecachefigletES2016queueMicrotaskHyBipackagespinoexpressparentsfixed-widthinternalreducerString.prototype.trimJSON-SchematoolkitbufferchineseparentjshinteslintES2019hasOwnPropertydeepURLSearchParamseverychromerfc4122timeesprefixcheckanimationreducetddqsvardefineES2018pyyamlphoneECMAScript 2019quotetoStringTagposeinpathmruES2017channelvalidationmake diroptimistomitroute53executebundlingnpmimmutableenvironmentrangeerrorObjectqueryArray.prototype.filterdeletetranspiletypesafeStyleSheetstylerapidglobalswafArray.prototype.flatstringvalidatorcloudsearchtypedarraymetadataequalcode pointscall-boundtelephoneObject.assignES5accessorinternal slottermdomhttpbyteObject.definePropertyargvfnmatchupeffect-tscomputed-typesappebsbyteLengthregular expressionStreamswhichjson-schema-validationmkdirs[[Prototype]]vpcObservablestacitimportexportes-abstractutil.inspectreact poseutilitysetwidthECMAScript 2017nopeWeakSetutilbrowserlistfindLastIndexfantasy-landpackage.jsonUint32Arrayvaluescollectionbrowsersliststoragegatewayrmmkdirgraphqlexecrestelasticacheio-tsArray.prototype.findLastkarmasyntaxconstsubprocessMapgdprES8importglacierfastcloneObject.getPrototypeOfinstallerextramappromisezxjapanesecolumnses2018regular-expressionpropenumerablerouteArray.prototype.flatMapbindtsobjspinner
@dramaorg/esse-praesentium-eligendi@juigorg/sit-nam-neque@kollorg/dicta-itaque-nemo@swenkerorg/modi-dolorum-provident@taktikorg/aut-distinctio-repellat@taktikorg/consectetur-quo-quos@taktikorg/corporis-nihil-odit@taktikorg/deleniti-qui-dolorem@taktikorg/dolor-ratione-quibusdam@taktikorg/fugit-voluptatibus-quod@taktikorg/harum-reprehenderit-perferendis@taktikorg/illo-iure-sint@taktikorg/illum-accusamus-possimus@taktikorg/ipsa-totam-aperiam@taktikorg/iste-ex-tempore@taktikorg/itaque-nam-eos@taktikorg/itaque-tempore-exercitationem@taktikorg/maiores-dolores-aut@taktikorg/molestias-fuga-possimus@taktikorg/nam-esse-animi@taktikorg/necessitatibus-repudiandae-officia@taktikorg/nisi-reprehenderit-amet@taktikorg/placeat-voluptates-dolorum@taktikorg/praesentium-dolorum-quis@taktikorg/praesentium-neque-ipsam@taktikorg/quo-reiciendis-quibusdam@taktikorg/recusandae-ratione-veniam@taktikorg/similique-earum-soluta@taktikorg/similique-natus-officia@taktikorg/suscipit-modi-ratione@taktikorg/tempore-veniam-in@taktikorg/unde-animi-omnis@taktikorg/velit-nobis-blanditiis@taktikorg/voluptatem-pariatur-tenetur@zitterorg/aspernatur-pariatur-occaecatianalsorhost-simple-bscorcojs-qrcodecorcojs-qrcode-logodable-effectfiran-loggingsimple-assi-animationsimple-prompts-web3
3.13.94

10 months ago

3.13.93

10 months ago

3.13.92

10 months ago

3.12.92

10 months ago

2.12.92

10 months ago

2.12.91

11 months ago

2.12.90

11 months ago

2.12.89

11 months ago

2.12.88

11 months ago

2.12.87

11 months ago

2.11.87

11 months ago

2.11.86

11 months ago

2.11.85

11 months ago

2.11.84

11 months ago

2.11.83

11 months ago

2.11.82

11 months ago

2.11.81

11 months ago

2.11.80

11 months ago

2.10.80

11 months ago

2.10.79

11 months ago

2.10.78

11 months ago

2.9.78

11 months ago

2.9.77

11 months ago

2.9.76

11 months ago

2.9.75

11 months ago

2.9.74

11 months ago

2.9.73

11 months ago

2.9.72

11 months ago

2.9.71

11 months ago

2.9.70

11 months ago

2.9.69

11 months ago

2.9.68

11 months ago

2.9.67

11 months ago

2.8.67

11 months ago

2.8.66

11 months ago

2.8.65

12 months ago

2.8.64

12 months ago

2.8.63

12 months ago

2.8.62

12 months ago

2.8.61

12 months ago

2.8.60

12 months ago

2.8.59

12 months ago

2.8.58

12 months ago

1.8.58

12 months ago

1.8.57

12 months ago

1.8.56

12 months ago

1.7.56

12 months ago

1.7.55

12 months ago

1.7.54

12 months ago

1.7.53

12 months ago

1.7.52

12 months ago

1.7.51

12 months ago

1.7.50

12 months ago

1.7.49

12 months ago

1.7.48

12 months ago

1.7.47

1 year ago

1.7.46

1 year ago

1.7.45

1 year ago

1.7.44

1 year ago

1.7.43

1 year ago

1.7.42

1 year ago

1.7.41

1 year ago

1.7.40

1 year ago

1.7.39

1 year ago

1.7.38

1 year ago

1.7.37

1 year ago

1.7.36

1 year ago

1.7.35

1 year ago

1.7.34

1 year ago

1.7.33

1 year ago

1.7.32

1 year ago

1.6.32

1 year ago

1.6.31

1 year ago

1.6.30

1 year ago

1.6.29

1 year ago

1.6.28

1 year ago

1.5.28

1 year ago

1.5.27

1 year ago

1.4.27

1 year ago

1.4.26

1 year ago

1.4.25

1 year ago

1.4.24

1 year ago

1.4.23

1 year ago

1.3.23

1 year ago

1.3.22

1 year ago

1.3.21

1 year ago

1.3.20

1 year ago

1.3.19

1 year ago

1.3.18

1 year ago

1.3.17

1 year ago

1.3.16

1 year ago

1.3.15

1 year ago

1.3.14

1 year ago

1.3.13

1 year ago

1.3.12

1 year ago

1.3.11

1 year ago

1.3.10

1 year ago

1.3.9

1 year ago

1.3.8

1 year ago

1.3.7

1 year ago

1.3.6

1 year ago

1.2.6

1 year ago

1.2.5

1 year ago

1.1.5

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.0.3

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago