Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

eslint-plugin-security-node

Package Overview
Dependencies
Maintainers
1
Versions
20
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eslint-plugin-security-node

Create a security plugin for node.js

  • 1.1.4
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
30K
decreased by-21.64%
Maintainers
1
Weekly downloads
 
Created
Source

eslint-plugin-security-node

ESLint plugin containing Node.js security rules

This plugin will help to identify potential threats and prevent attacks.

Installation

npm install --save-dev eslint-plugin-security-node

Usage

Add the following configuration to your .eslintrc file:

"plugins": [
    "security-node"
],
"extends": [
    "plugin:security-node/recommended"
]

Developer guide

  • Use GitHub pull requests
  • Check the .eslintrc file to see the ESLint setup

Tests

Type the following to test all the rules:

$ npm test

Type the following to test a particular rule:

$ ./node_modules/.bin/mocha tests/lib/rules/rule_name

Rules

detect non literal regular expr

For details check the documentation file non-literal-reg-expr

detect absence of property:name in express-session

For details check the documentation file detect-absence-of-name-option-in-exrpress-session

detect Buffer unsafe allocation

For details check the documentation file detect-buffer-unsafe-allocation

detect exec of child_process with non-Literal argument

For details check the documentation file detect-child-process

detect crlf attack

For details check the documentation file detect-crlf

detect dangerous redirects

For more information check the documentation file detect-dangerous-redirects

detect-eval-with-expr

For more information check the documentation file detect-eval-with-expr

detect-html-injection

For more information check the documentation file detect-html-injection

detect-insecure-randomness

For more information check the documentation file detect-insecure-randomness

detect-non-literal-require-calls

For more information check the documentation file detect-non-literal-require-calls

detect-nosql-injection

For more information check the documentation file detect-nosql-injection

detect-option-multiplestatements-in-mysql

For more information check the documentation file detect-option-multiplestatements-in-mysql

detect-option-rejectunauthorized-in-nodejs-httpsrequest

For more information check the documentation file detect-option-rejectunauthorized-in-nodejs-httpsrequest

detect-option-unsafe-in-serialize-javascript-npm-package

For more information check the documentation file detect-option-unsafe-in-serialize-javascript-npm-package

detect-possible-timing-attacks

For more information check the documentation file detect-possible-timing-attacks

detect-runinthiscontext-method-in-nodes-vm

For more information check the documentation file detect-runinthiscontext-method-in-nodes-vm.

detect-security-missconfiguration-cookie

For more information check the documentation file detect-security-missconfiguration-cookie

detect-sql-injection

For more information check the documentation file detect-sql-injection

disable-ssl-across-node-server

For more information check the documentation file disable-ssl-across-node-server

detect-improper-exception-handling

For more information check the documentation file detect-improper-exception-handling

detect-unhandled-async-errors

For more information check the documentation file detect-unhandled-async-errors

detect-unhandled-event-errors

For more information check the documentation file detect-unhandled-event-errors

Changelog

All notable changes to this project will be documented in this file. Dates are displayed in UTC.

Generated by auto-changelog.

1.1.3
  • fix: potential error in isTryCatchStatement #63
  • updated Readme with changelog 0520676
  • test: update test 922ded3
1.1.2
  • Bump diff and mocha #74
  • Bump debug and mocha #73
  • Bump growl and mocha #72
  • Bump minimatch from 3.0.4 to 3.1.2 #71
  • Bump ansi-regex from 3.0.0 to 3.0.1 #70
  • Bump minimist, mkdirp and mocha #69
  • Bump ajv from 6.10.0 to 6.12.6 #62
  • Added release-it script #78
  • Request to add new rules #60
  • Fix headings #61
  • Revisions for new rules #2
  • chore: remove node_modules #59
  • add new rules #1
  • Bump lodash from 4.17.19 to 4.17.21 #58
  • Add docs urls to rules #57
  • remove remaining references to helmet without nocache #54
  • Remove noCache since it has been depricated #53
  • Fixed typos and improved grammar #50
  • Bump lodash from 4.17.15 to 4.17.19 #49
  • Bump acorn from 6.1.1 to 6.4.1 #48
  • fix: remove console logs in create functions #46
  • Bump lodash from 4.17.11 to 4.17.15 #44
  • Bump eslint-utils from 1.3.1 to 1.4.3 #43
  • Update Readme.md file #1
  • Changed package lock b0f2d6a
  • #21 Rule Ready tested 0ca48df
  • Deleted some files ce7d04d

Keywords

FAQs

Package last updated on 03 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm

Security News

Research

Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm

The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.

By Kush Pandya  -  Dec 11, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc