eslint-plugin-anti-trojan-source
Advanced tools
Readme
ESLint plugin to detect and prevent Trojan Source attacks from entering your codebase
ESLint plugin to detect and stop Trojan Source attacks from entering your codebase.
If you're unaware of what Trojan Source attacks are, or how unicode characters injected into a codebase could be used in malicious ways, refer to the README of the anti-trojan-source source code repository.
This ESLint plugin is based on the library and command-line tool anti-trojan-source.
👋 Jan 2023 Update:
This plugin inspired work to create an anti-trojan rule detect-bidi-characters in eslint-plugin-security and if you're already using that security plugin then it is advised to turn on that rule.
npm install --save-dev eslint-plugin-anti-trojan-source
Once you've installed this plugin, add it to your eslint configuration as follows.
This plugin exports a recommended configuration.
To enable this configuration, extend it in the configuration for your project.
{
"extends": ["eslint:recommended", "plugin:anti-trojan-source/recommended"]
}
First, you need to define it as a plugin:
Note: ESLint plugins can have their eslint-plugin prefix omitted when they are specified.
{
"plugins": ["anti-trojan-source"]
}
Then, add an ESLint rule that halts if it finds a Trojan Source attack:
"rules": {
"anti-trojan-source/no-bidi": "error"
}
Following is a complete example of configuration if you are defining ESLint configuration in your package.json file:
"eslintConfig": {
"plugins": [
"anti-trojan-source"
],
"rules": {
"anti-trojan-source/no-bidi": "error"
}
}
The following is an example output when the plugin finds a Trojan Source attack in your codebase:
/Users/lirantal/projects/repos/@gigsboat/cli/index.js
1:1 error Detected potential trojan source attack with unicode bidi introduced in this comment: ' } if (isAdmin) begin admins only ' anti-trojan-source/no-bidi
1:1 error Detected potential trojan source attack with unicode bidi introduced in this comment: ' end admin only { ' anti-trojan-source/no-bidi
/Users/lirantal/projects/repos/@gigsboat/cli/lib/helper.js
2:1 error Detected potential trojan source attack with unicode bidi introduced in this code: '"user // Check if admin "' anti-trojan-source/no-bidi
eslint-plugin-anti-trojan-source © Liran Tal, Released under the Apache-2.0 License.
FAQs
ESLint plugin to detect and stop Trojan Source attacks
The npm package eslint-plugin-anti-trojan-source receives a total of 22,050 weekly downloads. As such, eslint-plugin-anti-trojan-source popularity was classified as popular.
We found that eslint-plugin-anti-trojan-source demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.