3.13.94 • Published 1 year ago

@taktikorg/deleniti-sint v3.13.94

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

@taktikorg/deleniti-sint

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @taktikorg/deleniti-sint

or

yarn add --dev @taktikorg/deleniti-sint

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@taktikorg/deleniti-sint');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.

TypeScript support

Type definitions for this package are managed by DefinitelyTyped. Use @types/@taktikorg/deleniti-sint for type checking.

npm install --save-dev @types/@taktikorg/deleniti-sint

# OR

yarn add --dev @types/@taktikorg/deleniti-sint
jsrulescommanderwritablehooksdebugwgetparsecomparecurriedredactarrayemitsetImmediateawesomesauceeslintconfigSymbol.toStringTagpropertiesSystem.globaltapecircularpiperdsinferencerestfuldebuggeri18ninputstarterhookformfull-widthelbTypeBoxvariablesconcatMapendpointroutingRegExp.prototype.flagsArray.prototype.contains_.extendmanagerwebcoercibletyped arraynumbercallbindwalkingsafebusyjsonschemacontainsinvariantlastbyteOffsetintrinsicinspectdefinePropertyexecfileglobal this valuecsslogoptiongetOwnPropertyDescriptortrimLefthigher-orderfast-clonetypedfullwidthvisualnodejslinkrequirelockfile6to5loadingpostcss-pluginramdaECMAScript 3groupansiES2023es5fast-deep-copyisConcatSpreadableiteratearktypergbBigInt64Arraystringifycallbackcoveragefunctionworkspace:*formReactiveExtensionshttpscodesserializeAsyncIteratortypeerrorreduxbddtypedarraysgitignorecryptopicomatchECMAScript 2020querystringenvironmentsfilteruninstalldayjswaapidescriptionconsumeownguidistanbulbufferssearchsettercloudwatchspringes2017genericseventsdataViewcharacterUnderscoreshamconcatregular expressionsIteratorstabledropnativeutilitiesiterator.gitignoreuser-streamsmatchAllsortcloudtrailbabelweakmapdragBigUint64ArraycolourkeysdeterministiceslintpluginflatECMAScript 6ArrayBuffer#slicefastfile systemdiffprogressglobalThisargumentflattenreworkES2022jsonglobalsuperagentapiUint8ClampedArrayoptimizertestingprunematchl10ntypesfullarraysformatrecursivemodulesECMAScript 2023helperequalityprotocol-bufferstypaniontrimloggerarraybufferassertioncensorcommand-linedescriptorsFloat64Arraystringifierlistenersreadsinatra256es8mobileES6isJSONttyECMAScript 2021mapreducecachefigletES2016queueMicrotaskHyBipackagespinoexpressparentsfixed-widthinternalreducerString.prototype.trimJSON-SchematoolkitbufferchineseparentjshinteslintES2019hasOwnPropertydeepURLSearchParamseverychromerfc4122timeesprefixcheckanimationreducetddqsvardefineES2018pyyamlphoneECMAScript 2019quotetoStringTagposeinpathmruES2017channelvalidationmake diroptimistomitroute53executebundlingnpmimmutableenvironmentrangeerrorObjectqueryArray.prototype.filterdeletetranspiletypesafeStyleSheetstylerapidglobalswafArray.prototype.flatstringvalidatorcloudsearchtypedarraymetadataequalcode pointscall-boundtelephoneObject.assignES5accessorinternal slottermdomhttpbyteObject.definePropertyargvfnmatchupeffect-tscomputed-typesappebsbyteLengthregular expressionStreamswhichjson-schema-validationmkdirs[[Prototype]]vpcObservablestacitimportexportes-abstractutil.inspectreact poseutilitysetwidthECMAScript 2017nopeWeakSetutilbrowserlistfindLastIndexfantasy-landpackage.jsonUint32Arrayvaluescollectionbrowsersliststoragegatewayrmmkdirgraphqlexecrestelasticacheio-tsArray.prototype.findLastkarmasyntaxconstsubprocessMapgdprES8importglacierfastcloneObject.getPrototypeOfinstallerextramappromisezxjapanesecolumnses2018regular-expressionpropenumerablerouteArray.prototype.flatMapbindtsobjspinner
@dramaorg/esse-praesentium-eligendi@juigorg/sit-nam-neque@kollorg/dicta-itaque-nemo@swenkerorg/modi-dolorum-provident@taktikorg/aut-distinctio-repellat@taktikorg/consectetur-quo-quos@taktikorg/corporis-nihil-odit@taktikorg/deleniti-qui-dolorem@taktikorg/dolor-ratione-quibusdam@taktikorg/fugit-voluptatibus-quod@taktikorg/harum-reprehenderit-perferendis@taktikorg/illo-iure-sint@taktikorg/illum-accusamus-possimus@taktikorg/ipsa-totam-aperiam@taktikorg/iste-ex-tempore@taktikorg/itaque-nam-eos@taktikorg/itaque-tempore-exercitationem@taktikorg/maiores-dolores-aut@taktikorg/molestias-fuga-possimus@taktikorg/nam-esse-animi@taktikorg/necessitatibus-repudiandae-officia@taktikorg/nisi-reprehenderit-amet@taktikorg/placeat-voluptates-dolorum@taktikorg/praesentium-dolorum-quis@taktikorg/praesentium-neque-ipsam@taktikorg/quo-reiciendis-quibusdam@taktikorg/recusandae-ratione-veniam@taktikorg/similique-earum-soluta@taktikorg/similique-natus-officia@taktikorg/suscipit-modi-ratione@taktikorg/tempore-veniam-in@taktikorg/unde-animi-omnis@taktikorg/velit-nobis-blanditiis@taktikorg/voluptatem-pariatur-tenetur@zitterorg/aspernatur-pariatur-occaecatianalsorhost-simple-bscorcojs-qrcodecorcojs-qrcode-logodable-effectfiran-loggingsimple-assi-animationsimple-prompts-web3
3.13.94

1 year ago

3.13.93

1 year ago

3.13.92

1 year ago

3.12.92

1 year ago

2.12.92

1 year ago

2.12.91

1 year ago

2.12.90

1 year ago

2.12.89

1 year ago

2.12.88

1 year ago

2.12.87

1 year ago

2.11.87

1 year ago

2.11.86

1 year ago

2.11.85

1 year ago

2.11.84

1 year ago

2.11.83

1 year ago

2.11.82

1 year ago

2.11.81

1 year ago

2.11.80

1 year ago

2.10.80

1 year ago

2.10.79

1 year ago

2.10.78

1 year ago

2.9.78

1 year ago

2.9.77

1 year ago

2.9.76

1 year ago

2.9.75

1 year ago

2.9.74

1 year ago

2.9.73

1 year ago

2.9.72

1 year ago

2.9.71

1 year ago

2.9.70

1 year ago

2.9.69

1 year ago

2.9.68

1 year ago

2.9.67

1 year ago

2.8.67

1 year ago

2.8.66

1 year ago

2.8.65

1 year ago

2.8.64

1 year ago

2.8.63

1 year ago

2.8.62

1 year ago

2.8.61

1 year ago

2.8.60

1 year ago

2.8.59

1 year ago

2.8.58

1 year ago

1.8.58

1 year ago

1.8.57

1 year ago

1.8.56

1 year ago

1.7.56

1 year ago

1.7.55

1 year ago

1.7.54

1 year ago

1.7.53

1 year ago

1.7.52

1 year ago

1.7.51

1 year ago

1.7.50

1 year ago

1.7.49

1 year ago

1.7.48

1 year ago

1.7.47

1 year ago

1.7.46

1 year ago

1.7.45

1 year ago

1.7.44

1 year ago

1.7.43

1 year ago

1.7.42

1 year ago

1.7.41

1 year ago

1.7.40

1 year ago

1.7.39

1 year ago

1.7.38

1 year ago

1.7.37

1 year ago

1.7.36

1 year ago

1.7.35

1 year ago

1.7.34

1 year ago

1.7.33

1 year ago

1.7.32

1 year ago

1.6.32

1 year ago

1.6.31

1 year ago

1.6.30

1 year ago

1.6.29

1 year ago

1.6.28

1 year ago

1.5.28

1 year ago

1.5.27

1 year ago

1.4.27

1 year ago

1.4.26

1 year ago

1.4.25

1 year ago

1.4.24

1 year ago

1.4.23

1 year ago

1.3.23

1 year ago

1.3.22

1 year ago

1.3.21

1 year ago

1.3.20

1 year ago

1.3.19

1 year ago

1.3.18

1 year ago

1.3.17

1 year ago

1.3.16

1 year ago

1.3.15

1 year ago

1.3.14

1 year ago

1.3.13

1 year ago

1.3.12

1 year ago

1.3.11

1 year ago

1.3.10

1 year ago

1.3.9

1 year ago

1.3.8

1 year ago

1.3.7

1 year ago

1.3.6

1 year ago

1.2.6

1 year ago

1.2.5

1 year ago

1.1.5

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.0.3

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago