Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

eslint-plugin-anti-trojan-source

Package Overview
Dependencies
Maintainers
1
Versions
9
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eslint-plugin-anti-trojan-source

ESLint plugin to detect and stop Trojan Source attacks

  • 1.0.5
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
30K
increased by12.86%
Maintainers
1
Weekly downloads
 
Created
Source

eslint-plugin-anti-trojan-source

Detect trojan source attacks that employ unicode bidi attacks to inject malicious code

npm version license downloads build Known Vulnerabilities Responsible Disclosure Policy

About

ESLint plugin to detect and stop Trojan Source attacks from entering your codebase.

If you're unaware of what Trojan Source attacks are, or how unicode characters injected into a codebase could be used in malicious ways, refer to the README of the anti-trojan-source source code repository.

This ESLint plugin is based on the library and command-line tool anti-trojan-source.

Install

npm install --save-dev eslint-plugin-anti-trojan-source

Usage example

Once you've installed this plugin, add it to your eslint configuration as follows. First, you need to define it as a plugin:

Note: ESLint plugins can have their eslint-plugin prefix omitted when they are specified.

{
  "plugins": ["anti-trojan-source"]
}

Then, add an ESLint rule that halts if it finds a Trojan Source attack:

"rules": {
    "anti-trojan-source/no-bidi": "error"
}

Following is a complete example of configuration if you are defining ESLint configuration in your package.json file:

"eslintConfig": {
    "plugins": [
        "anti-trojan-source"
    ],
    "rules": {
        "anti-trojan-source/no-bidi": "error"
    }
}

Example output

The following is an example output when the plugin finds a Trojan Source attack in your codebase:

/Users/lirantal/projects/repos/@gigsboat/cli/index.js
  1:1  error  Detected potential trojan source attack with unicode bidi introduced in this comment: '‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only '  anti-trojan-source/no-bidi
  1:1  error  Detected potential trojan source attack with unicode bidi introduced in this comment: ' end admin only ‮ { ⁦'                    anti-trojan-source/no-bidi

/Users/lirantal/projects/repos/@gigsboat/cli/lib/helper.js
  2:1  error  Detected potential trojan source attack with unicode bidi introduced in this code: '"user‮ ⁦// Check if admin⁩ ⁦"'  anti-trojan-source/no-bidi

Author

eslint-plugin-anti-trojan-source © Liran Tal, Released under the Apache-2.0 License.

Keywords

FAQs

Package last updated on 06 Nov 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc