These rules are to supplement the security issues documented by Oliver Arteau at https://github.com/HoLyVieR/prototype-pollution-nsec18 some of the issues have not been resolved by the maintainers.

NPM

The main reason for these rules, is because npm audit does not report that certain libraries have known problems:

NPM

ESLint

These rules will atleast tell you if vulnerable features are being utilized

ESLint

Usage

If you want to scan this against your code bases, you can through the following:

Install the rule locally or globally such as npm install eslint-plugin-prototype-pollution-security-rules
Add the rule to your .eslintrc
- Inside plugins add detect-prototype-pollution
- Inside rules add "detect-prototype-pollution/detect-merge": 1
- (full list below)

Example:

ESLint Config

Rules

Current rules are:

detect-merge - link and link
detect-merge-objects - link
detect-merge-options - link
detect-deep-extend- link

Keywords

FAQs

What is eslint-plugin-prototype-pollution-security-rules?

Is eslint-plugin-prototype-pollution-security-rules popular?

Is eslint-plugin-prototype-pollution-security-rules well maintained?

Last updated on 03 Oct 2018

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

eslint-plugin-prototype-pollution-security-rules

Prototype Pollution Security Rules For ESLint

NPM

ESLint

Usage

Rules

Keywords

Related posts

The AI Advantage: Reshaping Cybersecurity in the Age of Autonomous Threats

UnitedHealth Group Discloses Protected Health Information Compromised for “Substantial Portion of People in America” in Recent Cyberattack