6.6.85 • Published 1 year ago

@taktikorg/minus-nam v6.6.85

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

@taktikorg/minus-nam

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @taktikorg/minus-nam

or

yarn add --dev @taktikorg/minus-nam

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@taktikorg/minus-nam');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.

TypeScript support

Type definitions for this package are managed by DefinitelyTyped. Use @types/@taktikorg/minus-nam for type checking.

npm install --save-dev @types/@taktikorg/minus-nam

# OR

yarn add --dev @types/@taktikorg/minus-nam
es2015getintrinsicexpressjsString.prototype.trimfile systemhttpstypesafeoptimistmomentflatelmruntimematchawsworkflowESECMAScript 3URLpredictableES2015environmentsFunction.prototype.nameyupbootstrap csscallbindencryptionfastclonelinuxnodeECMAScript 6styled-componentsfromless compileres-shimsFloat32Arrayincludescolumnseveryexpressionfunctionprocesssetrgbcommand-linedirectorybyteeventshelperfpstslibcontainsflagidlenested cssfastifyredirectreplaypersistentstylingfindnopeArray.prototype.containscallbackstatusdatastructuredynamodbgitignorewritablelibphonenumberArray.prototype.flattencolumnreadablestreamcolorfppasswordcollection.es6qsquotemobilereusebdditeratorservicegroupargvartsymlinkvalidatorSymbol.toStringTagmatchAllfullwidthtouchpropertyec2toolkitStyleSheetdefinecloudsearchflagsvarsextracloudfrontcurlpreprocessorUint16ArraylesscssbrowserlistregexpisprettychinesefindLastInt16ArraymodulesECMAScript 7fast-copygradients css3es7a11ymulti-packageRegExp.prototype.flagsbuffersspawnextendelasticacheargssignedsyntaxerrordomespreehasperformantiterationdeep-copysignalmkdirsdefinePropertydirtypedarrayslastconfigwhichjson-schema-validationhttpperformancezeroimmerInt32Arrayprivate datautilsformswindowsutil.inspecthookformisConcatSpreadablestreamsgetPrototypeOfES8bcrypttoStringTagtextfunctionalsafedependency managerpyyamlcore-jsgradients cssstylemockingObject.fromEntriesUnderscorequeueArrayBufferlettermdeepvalidationserializationvpcECMAScript 2018chaiindotenvtranspileTypedArrayforklivespinnerskeyauthenticationreact-componentebsclientArrayBuffer.prototype.sliceInt8ArrayReactiveExtensionsinstallerstructuredClonemockStreamssymlinksRegExp#flagsprogresscircularexecconsoletoobjectbundlertypeerrorasciiiamcryptcolourcloneObservableWeakSeterrorwgetlockfileecmascriptdropsetPrototypeOfargumentlistenersarraybufferdom-testing-librarylintequalityless mixinssimpledbdataviewcurriedglacierxtermhardlinksfindLastIndextrimRightirqrecursiveyamll10nObject.getPrototypeOfautoscalingglobjapanesereactacornHyBicss variableapolloObject.definePropertytypeserializerfilestylescommandes6sharedvaluetyped arrayeast-asian-widthvalidECMAScript 2017sigtermarraypreserve-symlinkswarningtc39RxJSsymbolsPushECMAScript 5scheme-validationregularcss-in-jsbyteLengthworkspace:*arktypekoreanpackage managerObject.keysbeanstalkinputcompile lessObject.issymbolAsyncIteratorsqsreact posesettingsefficient[[Prototype]]posecolorstrimEndTypeScriptietsgettypeoflessES2019operating-systemshebangtoolsflatMapbrowserinterruptsoptionremovees2016writeenvironmentschemehasOwndeletestarterObject.assigntranspileres2018effect-tsterminaljavascriptECMAScript 2021ES2020objECMAScript 2020ECMAScript 2019negativenegative zerowaitender_.extend@@toStringTagstringreadprotocol-buffersformttyfetchlogvariables in cssjoi-0front-endfast-cloneshimgenericsjsonschemadraggetterminimalstableloggerelbYAMLuploadhas-owncodeses-shim APIObject.valuescomputed-typesdeterministickinesisUint32Arrayqueryjsonendpointcoerciblees8binaries__proto__typesasterisksrobustfigletrouteglobalslogging.gitignoreuninstalleslint-pluginconsttypedmodulecjkjson-schemaweaksetES2021ObservablesforEachassertionglobal objectflattenwalktelephonespecgroupBytoArrayECMAScript 2016indicatordatajson-schema-validatordeepclonetesterbundlingIteratorpolyfilltakeES5invariantes-abstractsetImmediatestatelesssubprocessReactiveXTypeBoxsetterutilitythreeconsumegetoptES2016mapreducevalidatepromisefluxform-validationgraphqlReflect.getPrototypeOfkeysawesomesauceresolvestatecollectionmruselfpopmotionregular expressionrequesttoSortedchromeinternalObjectfullunicodeconcatcryptocallboundconcatMapwaapipinohasOwnPropertyBigInt64ArraybyteOffsetbabelswfloadbalancingstringifierESnextrangeerrorshrinkwrapmoveoutputramdaopensslvisual6to5nativeformattingelectronshellemitsuperagentECMAScript 2022varinspectmakehooksstringifyomitglobal this valuefull-widtherror-handlingasyncpostcsscss nestingreact-testing-libraryprotoRFC-6455npmstyleguideback-endconfigurablefastcopypatchdescriptorautoprefixer3dcertificatesES7less cssio-tsURLSearchParamsfnmatchArray.prototype.flatstreamamazondeep-clonei18nfunctionslocationobjecttransportjwtArray.prototype.findLastenvfixed-widthsesshamcss lesspipeSystem.globalredux-toolkitnamesworkermacosfantasy-landhandlerstoragegatewayhigher-orderclass-validatorescapevaluesslicesyntaxbufferagentpnpm9tostringtagmkdirdescriptorsSymbolcallArray.prototype.filterMicrosoftastutilitiesmatchesajaxJSONimportcloudformationES2022cssintrinsicexit-codeglobalThisprivatequeueMicrotaskWeakMapsequenceBigUint64Arrayenumerablespringquerystringsides3oncejQueryparserarraysrequirenumberreal-timeES3diffmkdirpES2023copypackage.jsonRxhandlerscommanderxhrsuperstructreact-hooksairbnbreducecloudwatchtimeCSSStyleDeclarationinternal slotaccessorlazychannel256createtypanionbootstrap lesstypescripthelperssortedreact animationfunction.lengthdescriptionpicomatchpluginhotsignalseslinkes5bindrulespoint-freeclassnamestraverse
@taktikorg/illo-iure-sint@taktikorg/itaque-nam-eos@taktikorg/nam-esse-animi@taktikorg/iste-ex-tempore@taktikorg/unde-animi-omnis@taktikorg/tempore-veniam-in@taktikorg/ipsa-totam-aperiam@taktikorg/corporis-nihil-odit@taktikorg/maiores-dolores-aut@taktikorg/consectetur-quo-quos@taktikorg/deleniti-qui-dolorem@taktikorg/suscipit-modi-ratione@taktikorg/similique-earum-soluta@taktikorg/velit-nobis-blanditiis@taktikorg/aut-distinctio-repellat@taktikorg/dolor-ratione-quibusdam@taktikorg/fugit-voluptatibus-quod@taktikorg/molestias-fuga-possimus@taktikorg/nisi-reprehenderit-amet@taktikorg/praesentium-neque-ipsam@taktikorg/similique-natus-officia@taktikorg/illum-accusamus-possimus@taktikorg/praesentium-dolorum-quis@taktikorg/quo-reiciendis-quibusdam@taktikorg/recusandae-ratione-veniam@taktikorg/placeat-voluptates-dolorum@taktikorg/voluptatem-pariatur-tenetur@taktikorg/itaque-tempore-exercitationem@taktikorg/harum-reprehenderit-perferendis@taktikorg/necessitatibus-repudiandae-officia
6.6.85

1 year ago

6.6.84

1 year ago

6.6.83

1 year ago

6.5.83

1 year ago

6.5.82

1 year ago

6.5.81

1 year ago

6.5.80

1 year ago

6.5.79

1 year ago

6.5.78

1 year ago

6.5.77

1 year ago

6.5.76

1 year ago

6.5.75

1 year ago

6.5.74

1 year ago

6.5.73

1 year ago

6.5.72

1 year ago

6.4.72

1 year ago

6.3.72

1 year ago

6.3.71

1 year ago

6.3.70

1 year ago

6.3.69

1 year ago

6.3.68

1 year ago

6.3.67

1 year ago

6.3.66

1 year ago

6.3.65

1 year ago

6.2.65

1 year ago

6.2.64

1 year ago

6.2.63

1 year ago

6.2.62

1 year ago

6.2.61

1 year ago

6.2.60

1 year ago

5.2.60

1 year ago

5.2.59

1 year ago

4.2.59

1 year ago

4.2.58

1 year ago

4.2.57

1 year ago

4.2.56

1 year ago

4.2.55

1 year ago

4.2.54

1 year ago

4.2.53

1 year ago

4.2.52

1 year ago

4.2.51

1 year ago

4.2.50

1 year ago

4.2.49

1 year ago

4.2.48

1 year ago

4.2.47

1 year ago

4.2.46

1 year ago

4.2.45

1 year ago

3.2.45

1 year ago

3.2.44

1 year ago

3.2.43

1 year ago

3.2.42

1 year ago

3.2.41

1 year ago

3.2.40

1 year ago

3.2.39

1 year ago

3.2.38

1 year ago

3.2.37

1 year ago

3.2.36

1 year ago

3.2.35

1 year ago

3.2.34

1 year ago

3.2.33

1 year ago

2.2.33

1 year ago

2.2.32

1 year ago

2.2.31

1 year ago

2.2.30

1 year ago

2.2.29

1 year ago

2.2.28

1 year ago

2.2.27

1 year ago

2.2.26

1 year ago

2.2.25

1 year ago

2.2.24

1 year ago

2.2.23

1 year ago

2.2.22

1 year ago

2.1.22

1 year ago

2.1.21

1 year ago

2.1.20

1 year ago

2.1.19

1 year ago

2.1.18

1 year ago

2.1.17

1 year ago

2.1.16

1 year ago

2.1.15

1 year ago

2.1.14

1 year ago

2.1.13

1 year ago

2.1.12

1 year ago

2.1.11

1 year ago

2.1.10

1 year ago

2.1.9

1 year ago

2.1.8

1 year ago

2.1.7

1 year ago

2.1.6

1 year ago

2.1.5

1 year ago

1.1.5

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.1.2

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago