eslint-plugin-sdl-2

eslint-plugin-sdl-2

SDL-focused ESLint plugin with modern flat-config presets and TypeScript-first rule implementations.

Installation

npm install --save-dev eslint eslint-plugin-sdl-2

Usage (Flat Config)

import sdl from "eslint-plugin-sdl-2";

export default [...sdl.configs.recommended];

Presets

• sdl.configs.common
• sdl.configs.typescript
• sdl.configs.angular
• sdl.configs.angularjs
• sdl.configs.node
• sdl.configs.react
• sdl.configs.electron
• sdl.configs.required
• sdl.configs.recommended

Rules

• Fix legend:
  • 🔧 = autofixable
  • 💡 = suggestions available
  • — = report only
• Preset key legend:
  • 🟢 — sdl.configs.common
  • 🔷 — sdl.configs.typescript
  • 🅰️ — sdl.configs.angular
  • 🧭 — sdl.configs.angularjs
  • 🟩 — sdl.configs.node
  • ⚛️ — sdl.configs.react
  • ⚡ — sdl.configs.electron
  • ✅ — sdl.configs.required
  • ⭐ — sdl.configs.recommended
• ⚛️ React provides JSX parser context and intentionally has no SDL rule rows in this matrix.

Rule	Fix	Preset key
no-angular-bypass-sanitizer	—	🅰️ ✅ ⭐
no-angular-bypass-security-trust-html	—	🅰️ ✅ ⭐
no-angular-innerhtml-binding	—	🅰️ ✅ ⭐
no-angular-sanitization-trusted-urls	—	🅰️ ✅ ⭐
no-angularjs-bypass-sce	—	🧭 ✅ ⭐
no-angularjs-enable-svg	—	🧭 ✅ ⭐
no-angularjs-ng-bind-html-without-sanitize	—	🧭 ✅ ⭐
no-angularjs-sanitization-whitelist	—	🧭 ✅ ⭐
no-angularjs-sce-resource-url-wildcard	—	🧭 ✅ ⭐
no-child-process-exec	—	🟩 ✅ ⭐
no-child-process-shell-true	—	🟩 ✅ ⭐
no-cookies	—	🟢 ✅ ⭐
no-document-domain	—	🟢 ✅ ⭐
no-document-execcommand-insert-html	—	🟢 ✅ ⭐
no-document-parse-html-unsafe	—	🟢 ✅ ⭐
no-document-write	—	🟢 ✅ ⭐
no-domparser-html-without-sanitization	—	🟢 ✅ ⭐
no-domparser-svg-without-sanitization	—	🟢 ✅ ⭐
no-dynamic-import-unsafe-url	—	🟢 ✅ ⭐
no-electron-allow-running-insecure-content	🔧	⚡ ✅ ⭐
no-electron-dangerous-blink-features	—	⚡ ✅ ⭐
no-electron-disable-context-isolation	🔧	⚡ ✅ ⭐
no-electron-disable-sandbox	🔧	⚡ ✅ ⭐
no-electron-disable-web-security	🔧	⚡ ✅ ⭐
no-electron-enable-remote-module	🔧	⚡ ✅ ⭐
no-electron-enable-webview-tag	🔧	⚡ ✅ ⭐
no-electron-experimental-features	🔧	⚡ ✅ ⭐
no-electron-expose-raw-ipc-renderer	—	⚡ ✅ ⭐
no-electron-insecure-certificate-error-handler	—	⚡ ✅ ⭐
no-electron-insecure-certificate-verify-proc	—	⚡ ✅ ⭐
no-electron-insecure-permission-request-handler	—	⚡ ✅ ⭐
no-electron-node-integration	🔧	⚡ ✅ ⭐
no-electron-permission-check-handler-allow-all	—	⚡ ✅ ⭐
no-electron-unchecked-ipc-sender	—	⚡ ✅ ⭐
no-electron-unrestricted-navigation	—	⚡ ✅ ⭐
no-electron-untrusted-open-external	—	⚡ ✅ ⭐
no-electron-webview-allowpopups	🔧	⚡ ✅ ⭐
no-electron-webview-insecure-webpreferences	—	⚡ ✅ ⭐
no-electron-webview-node-integration	🔧	⚡ ✅ ⭐
no-html-method	—	🟢 ✅ ⭐
no-http-request-to-insecure-protocol	🔧	🟩 ✅ ⭐
no-iframe-srcdoc	—	🟢 ✅ ⭐
no-inner-html	—	🟢 ✅ ⭐
no-insecure-random	—	🟢 ✅ ⭐
no-insecure-tls-agent-options	🔧	🟩 ✅ ⭐
no-insecure-url	🔧	🟢 ✅ ⭐
no-location-javascript-url	—	🟢 ✅ ⭐
no-message-event-without-origin-check	—	🟢 ✅ ⭐
no-msapp-exec-unsafe	—	🟢 ✅ ⭐
no-node-tls-check-server-identity-bypass	—	🟩 ✅ ⭐
no-node-tls-legacy-protocol	—	🟩 ✅ ⭐
no-node-tls-reject-unauthorized-zero	💡	🟩 ✅ ⭐
no-node-tls-security-level-zero	—	🟩 ✅ ⭐
no-node-vm-run-in-context	—	🟩 ✅ ⭐
no-node-vm-source-text-module	—	🟩 ✅ ⭐
no-node-worker-threads-eval	—	🟩 ✅ ⭐
no-nonnull-assertion-on-security-input	—	🔷 ⭐
no-postmessage-star-origin	💡	🟢 ✅ ⭐
no-postmessage-without-origin-allowlist	—	🟢 ✅ ⭐
no-range-create-contextual-fragment	—	🟢 ✅ ⭐
no-script-src-data-url	—	🟢 ✅ ⭐
no-script-text	—	🟢 ✅ ⭐
no-service-worker-unsafe-script-url	—	🟢 ✅ ⭐
no-set-html-unsafe	—	🟢 ✅ ⭐
no-trusted-types-policy-pass-through	—	🔷 ⭐
no-unsafe-alloc	🔧	🟩 ✅ ⭐
no-unsafe-cast-to-trusted-types	—	🔷 ⭐
no-window-open-without-noopener	—	🟢 ✅ ⭐
no-winjs-html-unsafe	—	🟢 ✅ ⭐
no-worker-blob-url	—	🟢 ✅ ⭐
no-worker-data-url	—	🟢 ✅ ⭐

Development

npm install
npm run build
npm run lint:fix:quiet
npm run typecheck
npm run test