6.6.85 • Published 10 months ago

@taktikorg/minus-nam v6.6.85

Weekly downloads
-
License
MIT
Repository
github
Last release
10 months ago

@taktikorg/minus-nam

NPM version

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @taktikorg/minus-nam

or

yarn add --dev @taktikorg/minus-nam

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@taktikorg/minus-nam');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

  • Use GitHub pull requests.
  • Conventions:
  • We use our custom ESLint setup.
  • Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:
npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.\ ✅ Set in the recommended configuration.

Name                                 Description⚠️
detect-bidi-charactersDetects trojan source attacks that employ unicode bidi attacks to inject malicious code.
detect-buffer-noassertDetects calls to "buffer" with "noAssert" flag set.
detect-child-processDetects instances of "child_process" & non-literal "exec()" calls.
detect-disable-mustache-escapeDetects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.
detect-eval-with-expressionDetects "eval(variable)" which can allow an attacker to run arbitrary code inside your process.
detect-new-bufferDetects instances of new Buffer(argument) where argument is any non-literal value.
detect-no-csrf-before-method-overrideDetects Express "csrf" middleware setup before "method-override" middleware.
detect-non-literal-fs-filenameDetects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system.
detect-non-literal-regexpDetects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression.
detect-non-literal-requireDetects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk.
detect-object-injectionDetects "variablekey" as a left- or right-hand assignment operand.
detect-possible-timing-attacksDetects insecure comparisons (==, !=, !== and ===), which check input sequentially.
detect-pseudoRandomBytesDetects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect.
detect-unsafe-regexDetects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop.

TypeScript support

Type definitions for this package are managed by DefinitelyTyped. Use @types/@taktikorg/minus-nam for type checking.

npm install --save-dev @types/@taktikorg/minus-nam

# OR

yarn add --dev @types/@taktikorg/minus-nam
es2015getintrinsicexpressjsString.prototype.trimfile systemhttpstypesafeoptimistmomentflatelmruntimematchawsworkflowESECMAScript 3URLpredictableES2015environmentsFunction.prototype.nameyupbootstrap csscallbindencryptionfastclonelinuxnodeECMAScript 6styled-componentsfromless compileres-shimsFloat32Arrayincludescolumnseveryexpressionfunctionprocesssetrgbcommand-linedirectorybyteeventshelperfpstslibcontainsflagidlenested cssfastifyredirectreplaypersistentstylingfindnopeArray.prototype.containscallbackstatusdatastructuredynamodbgitignorewritablelibphonenumberArray.prototype.flattencolumnreadablestreamcolorfppasswordcollection.es6qsquotemobilereusebdditeratorservicegroupargvartsymlinkvalidatorSymbol.toStringTagmatchAllfullwidthtouchpropertyec2toolkitStyleSheetdefinecloudsearchflagsvarsextracloudfrontcurlpreprocessorUint16ArraylesscssbrowserlistregexpisprettychinesefindLastInt16ArraymodulesECMAScript 7fast-copygradients css3es7a11ymulti-packageRegExp.prototype.flagsbuffersspawnextendelasticacheargssignedsyntaxerrordomespreehasperformantiterationdeep-copysignalmkdirsdefinePropertydirtypedarrayslastconfigwhichjson-schema-validationhttpperformancezeroimmerInt32Arrayprivate datautilsformswindowsutil.inspecthookformisConcatSpreadablestreamsgetPrototypeOfES8bcrypttoStringTagtextfunctionalsafedependency managerpyyamlcore-jsgradients cssstylemockingObject.fromEntriesUnderscorequeueArrayBufferlettermdeepvalidationserializationvpcECMAScript 2018chaiindotenvtranspileTypedArrayforklivespinnerskeyauthenticationreact-componentebsclientArrayBuffer.prototype.sliceInt8ArrayReactiveExtensionsinstallerstructuredClonemockStreamssymlinksRegExp#flagsprogresscircularexecconsoletoobjectbundlertypeerrorasciiiamcryptcolourcloneObservableWeakSeterrorwgetlockfileecmascriptdropsetPrototypeOfargumentlistenersarraybufferdom-testing-librarylintequalityless mixinssimpledbdataviewcurriedglacierxtermhardlinksfindLastIndextrimRightirqrecursiveyamll10nObject.getPrototypeOfautoscalingglobjapanesereactacornHyBicss variableapolloObject.definePropertytypeserializerfilestylescommandes6sharedvaluetyped arrayeast-asian-widthvalidECMAScript 2017sigtermarraypreserve-symlinkswarningtc39RxJSsymbolsPushECMAScript 5scheme-validationregularcss-in-jsbyteLengthworkspace:*arktypekoreanpackage managerObject.keysbeanstalkinputcompile lessObject.issymbolAsyncIteratorsqsreact posesettingsefficient[[Prototype]]posecolorstrimEndTypeScriptietsgettypeoflessES2019operating-systemshebangtoolsflatMapbrowserinterruptsoptionremovees2016writeenvironmentschemehasOwndeletestarterObject.assigntranspileres2018effect-tsterminaljavascriptECMAScript 2021ES2020objECMAScript 2020ECMAScript 2019negativenegative zerowaitender_.extend@@toStringTagstringreadprotocol-buffersformttyfetchlogvariables in cssjoi-0front-endfast-cloneshimgenericsjsonschemadraggetterminimalstableloggerelbYAMLuploadhas-owncodeses-shim APIObject.valuescomputed-typesdeterministickinesisUint32Arrayqueryjsonendpointcoerciblees8binaries__proto__typesasterisksrobustfigletrouteglobalslogging.gitignoreuninstalleslint-pluginconsttypedmodulecjkjson-schemaweaksetES2021ObservablesforEachassertionglobal objectflattenwalktelephonespecgroupBytoArrayECMAScript 2016indicatordatajson-schema-validatordeepclonetesterbundlingIteratorpolyfilltakeES5invariantes-abstractsetImmediatestatelesssubprocessReactiveXTypeBoxsetterutilitythreeconsumegetoptES2016mapreducevalidatepromisefluxform-validationgraphqlReflect.getPrototypeOfkeysawesomesauceresolvestatecollectionmruselfpopmotionregular expressionrequesttoSortedchromeinternalObjectfullunicodeconcatcryptocallboundconcatMapwaapipinohasOwnPropertyBigInt64ArraybyteOffsetbabelswfloadbalancingstringifierESnextrangeerrorshrinkwrapmoveoutputramdaopensslvisual6to5nativeformattingelectronshellemitsuperagentECMAScript 2022varinspectmakehooksstringifyomitglobal this valuefull-widtherror-handlingasyncpostcsscss nestingreact-testing-libraryprotoRFC-6455npmstyleguideback-endconfigurablefastcopypatchdescriptorautoprefixer3dcertificatesES7less cssio-tsURLSearchParamsfnmatchArray.prototype.flatstreamamazondeep-clonei18nfunctionslocationobjecttransportjwtArray.prototype.findLastenvfixed-widthsesshamcss lesspipeSystem.globalredux-toolkitnamesworkermacosfantasy-landhandlerstoragegatewayhigher-orderclass-validatorescapevaluesslicesyntaxbufferagentpnpm9tostringtagmkdirdescriptorsSymbolcallArray.prototype.filterMicrosoftastutilitiesmatchesajaxJSONimportcloudformationES2022cssintrinsicexit-codeglobalThisprivatequeueMicrotaskWeakMapsequenceBigUint64Arrayenumerablespringquerystringsides3oncejQueryparserarraysrequirenumberreal-timeES3diffmkdirpES2023copypackage.jsonRxhandlerscommanderxhrsuperstructreact-hooksairbnbreducecloudwatchtimeCSSStyleDeclarationinternal slotaccessorlazychannel256createtypanionbootstrap lesstypescripthelperssortedreact animationfunction.lengthdescriptionpicomatchpluginhotsignalseslinkes5bindrulespoint-freeclassnamestraverse
@taktikorg/illo-iure-sint@taktikorg/itaque-nam-eos@taktikorg/nam-esse-animi@taktikorg/iste-ex-tempore@taktikorg/unde-animi-omnis@taktikorg/tempore-veniam-in@taktikorg/ipsa-totam-aperiam@taktikorg/corporis-nihil-odit@taktikorg/maiores-dolores-aut@taktikorg/consectetur-quo-quos@taktikorg/deleniti-qui-dolorem@taktikorg/suscipit-modi-ratione@taktikorg/similique-earum-soluta@taktikorg/velit-nobis-blanditiis@taktikorg/aut-distinctio-repellat@taktikorg/dolor-ratione-quibusdam@taktikorg/fugit-voluptatibus-quod@taktikorg/molestias-fuga-possimus@taktikorg/nisi-reprehenderit-amet@taktikorg/praesentium-neque-ipsam@taktikorg/similique-natus-officia@taktikorg/illum-accusamus-possimus@taktikorg/praesentium-dolorum-quis@taktikorg/quo-reiciendis-quibusdam@taktikorg/recusandae-ratione-veniam@taktikorg/placeat-voluptates-dolorum@taktikorg/voluptatem-pariatur-tenetur@taktikorg/itaque-tempore-exercitationem@taktikorg/harum-reprehenderit-perferendis@taktikorg/necessitatibus-repudiandae-officia
6.6.85

10 months ago

6.6.84

10 months ago

6.6.83

10 months ago

6.5.83

10 months ago

6.5.82

10 months ago

6.5.81

11 months ago

6.5.80

11 months ago

6.5.79

11 months ago

6.5.78

11 months ago

6.5.77

11 months ago

6.5.76

11 months ago

6.5.75

11 months ago

6.5.74

11 months ago

6.5.73

11 months ago

6.5.72

11 months ago

6.4.72

11 months ago

6.3.72

11 months ago

6.3.71

11 months ago

6.3.70

11 months ago

6.3.69

11 months ago

6.3.68

11 months ago

6.3.67

11 months ago

6.3.66

11 months ago

6.3.65

11 months ago

6.2.65

11 months ago

6.2.64

11 months ago

6.2.63

11 months ago

6.2.62

11 months ago

6.2.61

11 months ago

6.2.60

11 months ago

5.2.60

11 months ago

5.2.59

11 months ago

4.2.59

11 months ago

4.2.58

11 months ago

4.2.57

11 months ago

4.2.56

12 months ago

4.2.55

12 months ago

4.2.54

12 months ago

4.2.53

12 months ago

4.2.52

12 months ago

4.2.51

12 months ago

4.2.50

12 months ago

4.2.49

12 months ago

4.2.48

12 months ago

4.2.47

12 months ago

4.2.46

12 months ago

4.2.45

12 months ago

3.2.45

12 months ago

3.2.44

12 months ago

3.2.43

12 months ago

3.2.42

12 months ago

3.2.41

12 months ago

3.2.40

12 months ago

3.2.39

12 months ago

3.2.38

12 months ago

3.2.37

1 year ago

3.2.36

1 year ago

3.2.35

1 year ago

3.2.34

1 year ago

3.2.33

1 year ago

2.2.33

1 year ago

2.2.32

1 year ago

2.2.31

1 year ago

2.2.30

1 year ago

2.2.29

1 year ago

2.2.28

1 year ago

2.2.27

1 year ago

2.2.26

1 year ago

2.2.25

1 year ago

2.2.24

1 year ago

2.2.23

1 year ago

2.2.22

1 year ago

2.1.22

1 year ago

2.1.21

1 year ago

2.1.20

1 year ago

2.1.19

1 year ago

2.1.18

1 year ago

2.1.17

1 year ago

2.1.16

1 year ago

2.1.15

1 year ago

2.1.14

1 year ago

2.1.13

1 year ago

2.1.12

1 year ago

2.1.11

1 year ago

2.1.10

1 year ago

2.1.9

1 year ago

2.1.8

1 year ago

2.1.7

1 year ago

2.1.6

1 year ago

2.1.5

1 year ago

1.1.5

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.1.2

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago