1.0.1 • Published 4 months ago
eslint-config-csp v1.0.1
eslint-plugin-csp
An eslint shareable config to catch Content Security Policy violations. It contains rules to stop common CSP violations like:
- Usage of setAttribute('style')
- element.setAttribute('style',...)
- Usage of Implied evals
- setTimeout('doSomethingEvil()', 100);
- Usage of the eval keyword
- const evilCode = eval("doSomethingEvil()")
- Usage of the new Function keyword:
- new Function('function doSomethingEvil(){}');
Installation
You'll first need to install ESLint:
npm i eslint --save-devNext, install eslint-config-csp:
npm install eslint-config-csp --save-devUsage
Add eslint-config-csp to the extends section of your .eslintrc configuration file.:
{
extends:['eslint-config-csp'],
}Eslint Flat Config Usage
import cspConfig from 'eslint-config-csp';
export default [
{
languageOptions:{...}
},
cspConfig,
{...}
]