2.7.103 • Published 10 months ago

@taktikorg/labore-ad v2.7.103

Weekly downloads
-
License
MIT
Repository
github
Last release
10 months ago

@taktikorg/labore-ad

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @taktikorg/labore-ad

or

yarn add --dev @taktikorg/labore-ad

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@taktikorg/labore-ad');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.

TypeScript support

Type definitions for this package are managed by DefinitelyTyped. Use @types/@taktikorg/labore-ad for type checking.

npm install --save-dev @types/@taktikorg/labore-ad

# OR

yarn add --dev @types/@taktikorg/labore-ad
promisereact-testing-libraryutilsgdpreslint-pluginsharedarraybufferlibphonenumbera11ysyntaxerrorObject.keysES3mkdirperrorwarningenumerabledatereverseiecallboundfolderpositiveSymbolinputsettingsargumentnegativegetintrinsicdebuggerkeyworkflowJSON-Schemafileform-validationaccessibilitysetPrototypeOfschemacensorinstrumentationchromegesturesbyteOffsetUint32Arrayvaluesclassnamesparentscall-bindcolumntimeredactarktypeservicecloudsearchcoveragenopebytermdirobjectvalidgettercore-jssesidentifiersstyleWeakSetcallbindasyncmobilelook-upchannelamazonescapeio-tswafasserttacitES8stylesatomconsumechromiumcheckchildregularnpmrangeerrorrulesObject.valuesMicrosoftES2015localownArray.prototype.filterexecfilenameflagsstreamsArray.prototype.containsglobalsRegExp#flagshelperutilplugincomputed-typesprivate datavarsECMAScript 2023es5requiremovereusees2018postcssfastcopy.envtrimLeft256bddmulti-packageECMAScript 2017chineseECMAScript 2018arraybuffertrimRightviewfastassertionoffsetES2019entriesbrowserslistmodulesspawnbeanstalkes7protobufinternal slotdeep-clonepinobannertrimmatchAllslicerm -rfxtermslotclass-validatordatalockfileBigUint64ArraydescriptorsglobaltesterInt32ArraytoolkitsimpledbinstallerObject.isflatMapuser-streamscloudtrailcallbackbinfast-clonefast-copyrmappruntimeexpressredux-toolkitReactiveExtensionsmetadatatostringtagecmascriptavashrinkwrapworkspace:*propertyregexfnmatchObject.entriesES2023logArrayBuffer#slicejsdiffstringcode pointsexecmapIteratorpropertiesECMAScript 2016agentserverquotedragbindwaitdirectoryloggingJSONcollectionclientshimschemecliemiteffect-tsfunctionsargvtestingfantasy-landfind-upRxarraysweaksetECMAScript 3prototypeES2018typesafebundlerenvironmentECMAScript 5queueMicrotasktssqslookmapreduceArray.prototype.flatMapextraeast-asian-widthes8Int16Arrayequaltouchrobustconsolefsforkestreereact animationes-shimspicomatchsettranspiletrimEndsortedjson-schemacommandcoerciblees2017deepcopyformsdom-testing-librarycss-in-jsspeedroute53YAMLfunctionmocktypescriptsyntaxterminal.gitignorecorenativeframeworkreadablestreamloggershelltypedarraywidthinvarianti18ndeterministiccallpathasteriskstypedinstallmakecolorspackage.jsonsearchprocesslistenersajaxcjksource mapWebSocketspinnersdiffmanipulationes-shim APIiteratejsesfindstoragegatewayequalitylocationlastArrayclassnamereworkfront-endfullwidthfigletinjson-schema-validationansiObject.definePropertyemojiFloat64ArraycloudformationshebangcompilerjestjshintglaciercolumnsawesomesauceUint8ClampedArrayautoscalingweakmapwaapifast-deep-cloneRegExp.prototype.flagstextzodfull-widthunicodeECMAScript 6typeerrortoStringTagisConcatSpreadablereadable-0ES6proxytoSortedrm -frhookformanimationefficientec2posechaiframersymbolzxfile systemkarmaebsmockingECMAScript 2020elasticachequeueroutetraversemkdirsletsomeoncebabel-coreisenvjapanesereact-hook-formcopyflattenes2015ramdaTypeBoxreact-hookstaphas-ownrandomESnextstructuredCloneeveryformlinkphonegenericsvaluecloudwatcheslintpluginfixed-widthextendexecutemochaistanbulpatchdefinePropertymergeharmonypackageimportexport_.extendpnpm9uuidmrutelephonevalidatorvalidateapolloenvironmentshttpsString.prototype.matchAllreducel10nserializerWeakMapremoveoptimistfunctionalgroupBycacheserializationparsertoReversedhtmlbinariesfindLastIndexrdsESinternalacorntyped arraynodejscomparewriteArrayBufferObservablestoolsloadingobjsubprocessES5whatwgreact posebrowserlists3superagentlanguagesharedpostcss-pluginstylingObservablehasOwnrestfulimportimmerimmutablespringObject.fromEntriescolourpopmotioncontainstypanionparsevpcdomelb3dUnderscoreperformanttoArrayFunction.prototype.namefinduphaskeysgetutil.inspectSymbol.toStringTagback-endtermutilityespreefeedmkdirdebugdescriptorWebSocketsformattingfetchcurrieddataViewpyyamles6recursivecodesassertsinspectconfigurablewgetStreamsbyteLengthendpointiteratorgroupwhichsuperstructthreejsdomURLSearchParamspolyfilljsxsetImmediateArray.prototype.includesrgbObject.assignlintCSSArrayBuffer.prototype.slicees-abstracttestprogressspinnertypedarraysworkersidetypereduxcollection.es6reversedbabelreactURLcloudfrontminimalastspecFloat32ArrayvisualwalkwalkingeventDispatcherautoprefixerdeepclonetypestransportstringifycall-boundsymlinkssafeshamtakeutilitiessymbolsArray.prototype.flatObjectvarjavascripttransformpushPushPromisefast-deep-copyconfig
2.7.103

10 months ago

2.7.102

10 months ago

2.7.101

10 months ago

2.7.100

10 months ago

2.7.99

10 months ago

2.7.98

10 months ago

2.7.97

10 months ago

2.7.96

10 months ago

2.7.95

10 months ago

2.7.94

11 months ago

2.7.93

11 months ago

2.7.92

11 months ago

2.7.91

11 months ago

2.7.90

11 months ago

2.7.89

11 months ago

2.7.88

11 months ago

2.7.87

11 months ago

2.6.87

11 months ago

2.6.86

11 months ago

2.6.85

11 months ago

2.6.84

11 months ago

2.6.83

11 months ago

2.6.82

11 months ago

2.6.81

11 months ago

2.6.80

11 months ago

2.6.79

11 months ago

2.6.78

11 months ago

2.6.77

11 months ago

2.6.76

11 months ago

2.5.76

11 months ago

2.5.75

11 months ago

2.5.74

11 months ago

2.5.73

11 months ago

2.5.72

11 months ago

2.5.71

11 months ago

2.5.70

11 months ago

2.5.69

11 months ago

2.5.68

11 months ago

2.5.67

11 months ago

2.5.66

12 months ago

2.4.66

12 months ago

2.4.65

12 months ago

2.4.64

12 months ago

2.4.63

12 months ago

2.4.62

12 months ago

2.4.61

12 months ago

2.4.60

12 months ago

2.4.59

12 months ago

2.4.58

12 months ago

2.4.57

12 months ago

2.4.56

12 months ago

2.4.55

12 months ago

2.3.55

12 months ago

2.3.54

12 months ago

2.3.53

12 months ago

2.3.52

12 months ago

2.2.52

12 months ago

2.1.52

12 months ago

2.1.51

12 months ago

2.0.51

1 year ago

2.0.50

1 year ago

2.0.49

1 year ago

2.0.48

1 year ago

2.0.47

1 year ago

2.0.46

1 year ago

2.0.45

1 year ago

2.0.44

1 year ago

2.0.43

1 year ago

2.0.42

1 year ago

2.0.41

1 year ago

2.0.40

1 year ago

2.0.39

1 year ago

2.0.38

1 year ago

2.0.37

1 year ago

2.0.36

1 year ago

2.0.35

1 year ago

2.0.34

1 year ago

2.0.33

1 year ago

2.0.32

1 year ago

2.0.31

1 year ago

2.0.30

1 year ago

2.0.29

1 year ago

2.0.28

1 year ago

2.0.27

1 year ago

2.0.26

1 year ago

2.0.25

1 year ago

2.0.24

1 year ago

2.0.23

1 year ago

2.0.22

1 year ago

2.0.21

1 year ago

2.0.20

1 year ago

2.0.19

1 year ago

2.0.18

1 year ago

2.0.17

1 year ago

2.0.16

1 year ago

2.0.15

1 year ago

2.0.14

1 year ago

2.0.13

1 year ago

2.0.12

1 year ago

2.0.11

1 year ago

2.0.10

1 year ago

2.0.9

1 year ago

2.0.8

1 year ago

2.0.7

1 year ago

2.0.6

1 year ago

2.0.5

1 year ago

2.0.4

1 year ago

2.0.3

1 year ago

1.0.3

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago