eslint-plugin-security
Advanced tools
Comparing version 1.7.1 to 2.0.0
# Changelog | ||
## [2.0.0](https://www.github.com/eslint-community/eslint-plugin-security/compare/v1.7.1...v2.0.0) (2023-10-17) | ||
### ⚠ BREAKING CHANGES | ||
* switch the recommended config to flat (#118) | ||
### Features | ||
* switch the recommended config to flat ([#118](https://www.github.com/eslint-community/eslint-plugin-security/issues/118)) ([e20a366](https://www.github.com/eslint-community/eslint-plugin-security/commit/e20a3664c2f638466286ae9a97515722fc98f97c)) | ||
### [1.7.1](https://www.github.com/eslint-community/eslint-plugin-security/compare/v1.7.0...v1.7.1) (2023-02-02) | ||
@@ -4,0 +15,0 @@ |
@@ -97,3 +97,3 @@ # The Dangers of Square Bracket Notation | ||
Edge cases are uncommon, but because they are uncommon the problems with them are not well known, and they frequently go un-noticed during code review. If the code works, these types of problems tend to disappear. If the code works, and the problems are buried in a module nested n-levels deep, it's likely it won't be found until it causes problems, and by then it's too late. A blind require is essentially running untrusted code in your application. Be [aware of what you require.](https://requiresafe.com) | ||
Edge cases are uncommon, but because they are uncommon the problems with them are not well known, and they frequently go un-noticed during code review. If the code works, these types of problems tend to disappear. If the code works, and the problems are buried in a module nested n-levels deep, it's likely it won't be found until it causes problems, and by then it's too late. A blind require is essentially running untrusted code in your application. Be aware of the code you're requiring. | ||
@@ -100,0 +100,0 @@ ## How do I fix it? |
52
index.js
@@ -7,3 +7,9 @@ /** | ||
module.exports = { | ||
const pkg = require('./package.json'); | ||
const plugin = { | ||
meta: { | ||
name: pkg.name, | ||
version: pkg.version, | ||
}, | ||
rules: { | ||
@@ -41,23 +47,27 @@ 'detect-unsafe-regex': require('./rules/detect-unsafe-regex'), | ||
}, | ||
configs: { | ||
recommended: { | ||
plugins: ['security'], | ||
rules: { | ||
'security/detect-buffer-noassert': 'warn', | ||
'security/detect-child-process': 'warn', | ||
'security/detect-disable-mustache-escape': 'warn', | ||
'security/detect-eval-with-expression': 'warn', | ||
'security/detect-new-buffer': 'warn', | ||
'security/detect-no-csrf-before-method-override': 'warn', | ||
'security/detect-non-literal-fs-filename': 'warn', | ||
'security/detect-non-literal-regexp': 'warn', | ||
'security/detect-non-literal-require': 'warn', | ||
'security/detect-object-injection': 'warn', | ||
'security/detect-possible-timing-attacks': 'warn', | ||
'security/detect-pseudoRandomBytes': 'warn', | ||
'security/detect-unsafe-regex': 'warn', | ||
'security/detect-bidi-characters': 'warn', | ||
}, | ||
}, | ||
configs: {}, // was assigned later so we can reference `plugin` | ||
}; | ||
const recommended = { | ||
plugins: { security: plugin }, | ||
rules: { | ||
'security/detect-buffer-noassert': 'warn', | ||
'security/detect-child-process': 'warn', | ||
'security/detect-disable-mustache-escape': 'warn', | ||
'security/detect-eval-with-expression': 'warn', | ||
'security/detect-new-buffer': 'warn', | ||
'security/detect-no-csrf-before-method-override': 'warn', | ||
'security/detect-non-literal-fs-filename': 'warn', | ||
'security/detect-non-literal-regexp': 'warn', | ||
'security/detect-non-literal-require': 'warn', | ||
'security/detect-object-injection': 'warn', | ||
'security/detect-possible-timing-attacks': 'warn', | ||
'security/detect-pseudoRandomBytes': 'warn', | ||
'security/detect-unsafe-regex': 'warn', | ||
'security/detect-bidi-characters': 'warn', | ||
}, | ||
}; | ||
Object.assign(plugin.configs, { recommended }); | ||
module.exports = plugin; |
{ | ||
"name": "eslint-plugin-security", | ||
"version": "1.7.1", | ||
"version": "2.0.0", | ||
"description": "Security rules for eslint", | ||
@@ -49,8 +49,9 @@ "main": "index.js", | ||
"devDependencies": { | ||
"@eslint/js": "^8.51.0", | ||
"changelog": "1.3.0", | ||
"eslint": "^8.11.0", | ||
"eslint": "^8.51.0", | ||
"eslint-config-nodesecurity": "^1.3.1", | ||
"eslint-config-prettier": "^8.5.0", | ||
"eslint-doc-generator": "^1.0.2", | ||
"eslint-plugin-eslint-plugin": "^5.0.2", | ||
"eslint-plugin-eslint-plugin": "^5.1.1", | ||
"lint-staged": "^12.3.7", | ||
@@ -57,0 +58,0 @@ "markdownlint-cli": "^0.32.2", |
@@ -23,8 +23,8 @@ # eslint-plugin-security | ||
Add the following to your `.eslintrc` file: | ||
Add the following to your `eslint.config.js` file: | ||
```js | ||
"extends": [ | ||
"plugin:security/recommended" | ||
] | ||
const pluginSecurity = require('eslint-plugin-security'); | ||
module.exports = [pluginSecurity.configs.recommended]; | ||
``` | ||
@@ -31,0 +31,0 @@ |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
134947
2332
14