		{
		"name": "@rushstack/eslint-plugin-security",
		"version": "0.4.0",
		"version": "0.5.0",
		"description": "An ESLint plugin providing rules that identify common security vulnerabilities for browser applications, Node.js tools, and Node.js services",
		@@ -21,3 +21,3 @@ "license": "MIT",
		"@rushstack/tree-pattern": "0.2.4",
		"@typescript-eslint/experimental-utils": "~5.30.3"
		"@typescript-eslint/experimental-utils": "~5.38.0"
		},
		@@ -28,4 +28,4 @@ "peerDependencies": {
		"devDependencies": {
		"@rushstack/heft": "0.45.14",
		"@rushstack/heft-node-rig": "1.9.15",
		"@rushstack/heft": "0.47.9",
		"@rushstack/heft-node-rig": "1.10.0",
		"@types/eslint": "8.2.0",
		@@ -35,6 +35,6 @@ "@types/estree": "0.0.50",
		"@types/node": "12.20.24",
		"@typescript-eslint/parser": "~5.30.3",
		"@typescript-eslint/typescript-estree": "~5.30.3",
		"@typescript-eslint/parser": "~5.38.0",
		"@typescript-eslint/typescript-estree": "~5.38.0",
		"eslint": "~8.7.0",
		"typescript": "~4.7.4"
		"typescript": "~4.8.4"
		},
		@@ -45,4 +45,3 @@ "scripts": {
		"_phase:test": "heft test --no-build"
		},
		"readme": "# @rushstack/eslint-plugin-security\n\nThis plugin implements a collection of security rules for ESLint.\n\nOur ambition is to eventually provide a comprehensive set of recommended security rules for:\n- web browser applications\n- Node.js tools\n- Node.js services\n\nIf you would like to request or contribute a new security rule, you are encouraged to\n[create a GitHub issue](https://github.com/microsoft/rushstack/issues) in the\n[Rush Stack](https://rushstack.io/) monorepo where this project is developed.\nThanks!\n\n## `@rushstack/security/no-unsafe-regexp`\n\nRequire regular expressions to be constructed from string constants rather than dynamically\nbuilding strings at runtime.\n\n#### Rule Details\n\nRegular expressions should be constructed from string constants. Dynamically building strings at runtime may\nintroduce security vulnerabilities, performance concerns, and bugs involving incorrect escaping of special characters.\n\n#### Examples\n\nThe following patterns are considered problems when `@rushstack/security/no-unsafe-regexp` is enabled:\n\n```ts\nfunction parseRestResponse(request: ICatalogRequest,\n items: ICatalogItem[]): ICatalogItem[] {\n\n // Security vulnerability: A malicious user could invoke the REST service using a\n // \"searchPattern\" with a complex RegExp that causes a denial of service.\n const regexp: RegExp = new RegExp(request.searchPattern);\n return items.filter(item => regexp.test(item.title));\n}\n```\n\n```ts\nfunction hasExtension(filePath: string, extension: string): boolean {\n // Escaping mistake: If the \"extension\" string contains a special character such as \".\",\n // it will be interpreted as a regular expression operator. Correctly escaping an arbitrary\n // string is a nontrivial problem due to RegExp implementation differences, as well as contextual\n // issues (since which characters are special changes inside RegExp nesting constructs).\n // In most cases, this problem is better solved without regular expressions.\n const regexp: RegExp = new RegExp(`\\.${extension}$`);\n return regexp.test(filePath);\n}\n```\n\nThe following patterns are NOT considered problems:\n\n```ts\nfunction isInteger(s: string): boolean {\n return /[0-9]+/.test(s);\n}\n```\n\n```ts\nfunction isInteger(s: string): boolean {\n return new RegExp('[0-9]+').test(s);\n}\n```\n\n## Links\n\n- [CHANGELOG.md](\n https://github.com/microsoft/rushstack/blob/main/stack/eslint-plugin-security/CHANGELOG.md) - Find\n out what's new in the latest version\n\n`@rushstack/eslint-plugin-security` is part of the [Rush Stack](https://rushstack.io/) family of projects.\n"
		}
		}

lib/no-unsafe-regexp.d.ts.map

Sorry, the diff of this file is not supported yet

lib/no-unsafe-regexp.js.map

Sorry, the diff of this file is not supported yet

lib/no-unsafe-regexp.test.js.map

Sorry, the diff of this file is not supported yet

@rushstack/eslint-plugin-security - npm Package Compare versions

Improved metrics

Worsened metrics

Dependency changes