Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
eslint-plugin-hash-exempt
Advanced tools
ESlint rules to require/verify file hashes for disable directives
This plugin supports exempting a file from linting based on a hash of its contents. This is useful for legacy code, or in cases where you may want to apply conflicting eslint standards to files from a scaffold or generator.
You break it, you buy it.
Once the content of the file changes, the exemption is invalidated. The hash will have to be updated, or the file corrected to current eslint standards. This can allow organizations to progressively update files without forcing a wholesale refactoring.
npm install --save-dev eslint-plugin-hash-exempt
** Note:** If you want to install ESLint globally, then the plugin must also be installed globally.
The rule to verify hashes is on by default. You may add further configuration in your .eslintrc.(yml|json|js):
---
plugins:
- hash-exempt
rules:
hash-exempt/no-hash-mismatch: [error, { hashRequired: true }]
# etc...
hashRequired
: If this is false
, only files that have a directive with hash will be
verified. If it's true
, any files with a directive at the top will require a hash. This is
false
by default.In order to insert hashed eslint directives in your files, run the command hash-exempt
in your
folder.
hash-exempt [--exempt-all] *.js
By default, hash-exempt
will only insert directives into files that are currently failing lint.
--exempt-all
: Insert a hashed eslint directive in all files matching the supplied glob,
regardless of whether or not they contain lint errors.FAQs
ESlint rules to require/verify file hashes for disable directives
The npm package eslint-plugin-hash-exempt receives a total of 0 weekly downloads. As such, eslint-plugin-hash-exempt popularity was classified as not popular.
We found that eslint-plugin-hash-exempt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.