2.7.103 • Published 1 year ago

@taktikorg/labore-ad v2.7.103

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

@taktikorg/labore-ad

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @taktikorg/labore-ad

or

yarn add --dev @taktikorg/labore-ad

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@taktikorg/labore-ad');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.

TypeScript support

Type definitions for this package are managed by DefinitelyTyped. Use @types/@taktikorg/labore-ad for type checking.

npm install --save-dev @types/@taktikorg/labore-ad

# OR

yarn add --dev @types/@taktikorg/labore-ad
promisereact-testing-libraryutilsgdpreslint-pluginsharedarraybufferlibphonenumbera11ysyntaxerrorObject.keysES3mkdirperrorwarningenumerabledatereverseiecallboundfolderpositiveSymbolinputsettingsargumentnegativegetintrinsicdebuggerkeyworkflowJSON-Schemafileform-validationaccessibilitysetPrototypeOfschemacensorinstrumentationchromegesturesbyteOffsetUint32Arrayvaluesclassnamesparentscall-bindcolumntimeredactarktypeservicecloudsearchcoveragenopebytermdirobjectvalidgettercore-jssesidentifiersstyleWeakSetcallbindasyncmobilelook-upchannelamazonescapeio-tswafasserttacitES8stylesatomconsumechromiumcheckchildregularnpmrangeerrorrulesObject.valuesMicrosoftES2015localownArray.prototype.filterexecfilenameflagsstreamsArray.prototype.containsglobalsRegExp#flagshelperutilplugincomputed-typesprivate datavarsECMAScript 2023es5requiremovereusees2018postcssfastcopy.envtrimLeft256bddmulti-packageECMAScript 2017chineseECMAScript 2018arraybuffertrimRightviewfastassertionoffsetES2019entriesbrowserslistmodulesspawnbeanstalkes7protobufinternal slotdeep-clonepinobannertrimmatchAllslicerm -rfxtermslotclass-validatordatalockfileBigUint64ArraydescriptorsglobaltesterInt32ArraytoolkitsimpledbinstallerObject.isflatMapuser-streamscloudtrailcallbackbinfast-clonefast-copyrmappruntimeexpressredux-toolkitReactiveExtensionsmetadatatostringtagecmascriptavashrinkwrapworkspace:*propertyregexfnmatchObject.entriesES2023logArrayBuffer#slicejsdiffstringcode pointsexecmapIteratorpropertiesECMAScript 2016agentserverquotedragbindwaitdirectoryloggingJSONcollectionclientshimschemecliemiteffect-tsfunctionsargvtestingfantasy-landfind-upRxarraysweaksetECMAScript 3prototypeES2018typesafebundlerenvironmentECMAScript 5queueMicrotasktssqslookmapreduceArray.prototype.flatMapextraeast-asian-widthes8Int16Arrayequaltouchrobustconsolefsforkestreereact animationes-shimspicomatchsettranspiletrimEndsortedjson-schemacommandcoerciblees2017deepcopyformsdom-testing-librarycss-in-jsspeedroute53YAMLfunctionmocktypescriptsyntaxterminal.gitignorecorenativeframeworkreadablestreamloggershelltypedarraywidthinvarianti18ndeterministiccallpathasteriskstypedinstallmakecolorspackage.jsonsearchprocesslistenersajaxcjksource mapWebSocketspinnersdiffmanipulationes-shim APIiteratejsesfindstoragegatewayequalitylocationlastArrayclassnamereworkfront-endfullwidthfigletinjson-schema-validationansiObject.definePropertyemojiFloat64ArraycloudformationshebangcompilerjestjshintglaciercolumnsawesomesauceUint8ClampedArrayautoscalingweakmapwaapifast-deep-cloneRegExp.prototype.flagstextzodfull-widthunicodeECMAScript 6typeerrortoStringTagisConcatSpreadablereadable-0ES6proxytoSortedrm -frhookformanimationefficientec2posechaiframersymbolzxfile systemkarmaebsmockingECMAScript 2020elasticachequeueroutetraversemkdirsletsomeoncebabel-coreisenvjapanesereact-hook-formcopyflattenes2015ramdaTypeBoxreact-hookstaphas-ownrandomESnextstructuredCloneeveryformlinkphonegenericsvaluecloudwatcheslintpluginfixed-widthextendexecutemochaistanbulpatchdefinePropertymergeharmonypackageimportexport_.extendpnpm9uuidmrutelephonevalidatorvalidateapolloenvironmentshttpsString.prototype.matchAllreducel10nserializerWeakMapremoveoptimistfunctionalgroupBycacheserializationparsertoReversedhtmlbinariesfindLastIndexrdsESinternalacorntyped arraynodejscomparewriteArrayBufferObservablestoolsloadingobjsubprocessES5whatwgreact posebrowserlists3superagentlanguagesharedpostcss-pluginstylingObservablehasOwnrestfulimportimmerimmutablespringObject.fromEntriescolourpopmotioncontainstypanionparsevpcdomelb3dUnderscoreperformanttoArrayFunction.prototype.namefinduphaskeysgetutil.inspectSymbol.toStringTagback-endtermutilityespreefeedmkdirdebugdescriptorWebSocketsformattingfetchcurrieddataViewpyyamles6recursivecodesassertsinspectconfigurablewgetStreamsbyteLengthendpointiteratorgroupwhichsuperstructthreejsdomURLSearchParamspolyfilljsxsetImmediateArray.prototype.includesrgbObject.assignlintCSSArrayBuffer.prototype.slicees-abstracttestprogressspinnertypedarraysworkersidetypereduxcollection.es6reversedbabelreactURLcloudfrontminimalastspecFloat32ArrayvisualwalkwalkingeventDispatcherautoprefixerdeepclonetypestransportstringifycall-boundsymlinkssafeshamtakeutilitiessymbolsArray.prototype.flatObjectvarjavascripttransformpushPushPromisefast-deep-copyconfig
2.7.103

1 year ago

2.7.102

1 year ago

2.7.101

1 year ago

2.7.100

1 year ago

2.7.99

1 year ago

2.7.98

1 year ago

2.7.97

1 year ago

2.7.96

1 year ago

2.7.95

1 year ago

2.7.94

1 year ago

2.7.93

1 year ago

2.7.92

1 year ago

2.7.91

1 year ago

2.7.90

1 year ago

2.7.89

1 year ago

2.7.88

1 year ago

2.7.87

1 year ago

2.6.87

1 year ago

2.6.86

1 year ago

2.6.85

1 year ago

2.6.84

1 year ago

2.6.83

1 year ago

2.6.82

1 year ago

2.6.81

1 year ago

2.6.80

1 year ago

2.6.79

1 year ago

2.6.78

1 year ago

2.6.77

1 year ago

2.6.76

1 year ago

2.5.76

1 year ago

2.5.75

1 year ago

2.5.74

1 year ago

2.5.73

1 year ago

2.5.72

1 year ago

2.5.71

1 year ago

2.5.70

1 year ago

2.5.69

1 year ago

2.5.68

1 year ago

2.5.67

1 year ago

2.5.66

1 year ago

2.4.66

1 year ago

2.4.65

1 year ago

2.4.64

1 year ago

2.4.63

1 year ago

2.4.62

1 year ago

2.4.61

1 year ago

2.4.60

1 year ago

2.4.59

1 year ago

2.4.58

1 year ago

2.4.57

1 year ago

2.4.56

1 year ago

2.4.55

1 year ago

2.3.55

1 year ago

2.3.54

1 year ago

2.3.53

1 year ago

2.3.52

1 year ago

2.2.52

1 year ago

2.1.52

1 year ago

2.1.51

1 year ago

2.0.51

1 year ago

2.0.50

1 year ago

2.0.49

1 year ago

2.0.48

1 year ago

2.0.47

1 year ago

2.0.46

1 year ago

2.0.45

1 year ago

2.0.44

1 year ago

2.0.43

1 year ago

2.0.42

1 year ago

2.0.41

1 year ago

2.0.40

1 year ago

2.0.39

1 year ago

2.0.38

1 year ago

2.0.37

1 year ago

2.0.36

1 year ago

2.0.35

1 year ago

2.0.34

1 year ago

2.0.33

1 year ago

2.0.32

1 year ago

2.0.31

1 year ago

2.0.30

1 year ago

2.0.29

1 year ago

2.0.28

1 year ago

2.0.27

1 year ago

2.0.26

1 year ago

2.0.25

1 year ago

2.0.24

1 year ago

2.0.23

1 year ago

2.0.22

1 year ago

2.0.21

1 year ago

2.0.20

1 year ago

2.0.19

1 year ago

2.0.18

1 year ago

2.0.17

1 year ago

2.0.16

1 year ago

2.0.15

1 year ago

2.0.14

1 year ago

2.0.13

1 year ago

2.0.12

1 year ago

2.0.11

1 year ago

2.0.10

1 year ago

2.0.9

1 year ago

2.0.8

1 year ago

2.0.7

1 year ago

2.0.6

1 year ago

2.0.5

1 year ago

2.0.4

1 year ago

2.0.3

1 year ago

1.0.3

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago