eslint-plugin-security
Advanced tools
eslint-plugin-security - npm Package Compare versions
Comparing version 1.7.1 to 2.0.0
| # Changelog | ||
| ## [2.0.0](https://www.github.com/eslint-community/eslint-plugin-security/compare/v1.7.1...v2.0.0) (2023-10-17) | ||
| ### ⚠ BREAKING CHANGES | ||
| * switch the recommended config to flat (#118) | ||
| ### Features | ||
| * switch the recommended config to flat ([#118](https://www.github.com/eslint-community/eslint-plugin-security/issues/118)) ([e20a366](https://www.github.com/eslint-community/eslint-plugin-security/commit/e20a3664c2f638466286ae9a97515722fc98f97c)) | ||
| ### [1.7.1](https://www.github.com/eslint-community/eslint-plugin-security/compare/v1.7.0...v1.7.1) (2023-02-02) | ||
@@ -4,0 +15,0 @@ |
@@ -97,3 +97,3 @@ # The Dangers of Square Bracket Notation | ||
| Edge cases are uncommon, but because they are uncommon the problems with them are not well known, and they frequently go un-noticed during code review. If the code works, these types of problems tend to disappear. If the code works, and the problems are buried in a module nested n-levels deep, it's likely it won't be found until it causes problems, and by then it's too late. A blind require is essentially running untrusted code in your application. Be [aware of what you require.](https://requiresafe.com) | ||
| Edge cases are uncommon, but because they are uncommon the problems with them are not well known, and they frequently go un-noticed during code review. If the code works, these types of problems tend to disappear. If the code works, and the problems are buried in a module nested n-levels deep, it's likely it won't be found until it causes problems, and by then it's too late. A blind require is essentially running untrusted code in your application. Be aware of the code you're requiring. | ||
@@ -100,0 +100,0 @@ ## How do I fix it? |
52
index.js
@@ -7,3 +7,9 @@ /** | ||
| module.exports = { | ||
| const pkg = require('./package.json'); | ||
| const plugin = { | ||
| meta: { | ||
| name: pkg.name, | ||
| version: pkg.version, | ||
| }, | ||
| rules: { | ||
@@ -41,23 +47,27 @@ 'detect-unsafe-regex': require('./rules/detect-unsafe-regex'), | ||
| }, | ||
| configs: { | ||
| recommended: { | ||
| plugins: ['security'], | ||
| rules: { | ||
| 'security/detect-buffer-noassert': 'warn', | ||
| 'security/detect-child-process': 'warn', | ||
| 'security/detect-disable-mustache-escape': 'warn', | ||
| 'security/detect-eval-with-expression': 'warn', | ||
| 'security/detect-new-buffer': 'warn', | ||
| 'security/detect-no-csrf-before-method-override': 'warn', | ||
| 'security/detect-non-literal-fs-filename': 'warn', | ||
| 'security/detect-non-literal-regexp': 'warn', | ||
| 'security/detect-non-literal-require': 'warn', | ||
| 'security/detect-object-injection': 'warn', | ||
| 'security/detect-possible-timing-attacks': 'warn', | ||
| 'security/detect-pseudoRandomBytes': 'warn', | ||
| 'security/detect-unsafe-regex': 'warn', | ||
| 'security/detect-bidi-characters': 'warn', | ||
| }, | ||
| }, | ||
| configs: {}, // was assigned later so we can reference `plugin` | ||
| }; | ||
| const recommended = { | ||
| plugins: { security: plugin }, | ||
| rules: { | ||
| 'security/detect-buffer-noassert': 'warn', | ||
| 'security/detect-child-process': 'warn', | ||
| 'security/detect-disable-mustache-escape': 'warn', | ||
| 'security/detect-eval-with-expression': 'warn', | ||
| 'security/detect-new-buffer': 'warn', | ||
| 'security/detect-no-csrf-before-method-override': 'warn', | ||
| 'security/detect-non-literal-fs-filename': 'warn', | ||
| 'security/detect-non-literal-regexp': 'warn', | ||
| 'security/detect-non-literal-require': 'warn', | ||
| 'security/detect-object-injection': 'warn', | ||
| 'security/detect-possible-timing-attacks': 'warn', | ||
| 'security/detect-pseudoRandomBytes': 'warn', | ||
| 'security/detect-unsafe-regex': 'warn', | ||
| 'security/detect-bidi-characters': 'warn', | ||
| }, | ||
| }; | ||
| Object.assign(plugin.configs, { recommended }); | ||
| module.exports = plugin; |
| { | ||
| "name": "eslint-plugin-security", | ||
| "version": "1.7.1", | ||
| "version": "2.0.0", | ||
| "description": "Security rules for eslint", | ||
@@ -49,8 +49,9 @@ "main": "index.js", | ||
| "devDependencies": { | ||
| "@eslint/js": "^8.51.0", | ||
| "changelog": "1.3.0", | ||
| "eslint": "^8.11.0", | ||
| "eslint": "^8.51.0", | ||
| "eslint-config-nodesecurity": "^1.3.1", | ||
| "eslint-config-prettier": "^8.5.0", | ||
| "eslint-doc-generator": "^1.0.2", | ||
| "eslint-plugin-eslint-plugin": "^5.0.2", | ||
| "eslint-plugin-eslint-plugin": "^5.1.1", | ||
| "lint-staged": "^12.3.7", | ||
@@ -57,0 +58,0 @@ "markdownlint-cli": "^0.32.2", |
@@ -23,8 +23,8 @@ # eslint-plugin-security | ||
| Add the following to your `.eslintrc` file: | ||
| Add the following to your `eslint.config.js` file: | ||
| ```js | ||
| "extends": [ | ||
| "plugin:security/recommended" | ||
| ] | ||
| const pluginSecurity = require('eslint-plugin-security'); | ||
| module.exports = [pluginSecurity.configs.recommended]; | ||
| ``` | ||
@@ -31,0 +31,0 @@ |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.71%
134947
- Lines of code
- increased by2.01%
2332
Worsened metrics
- Dev dependency count
- increased by7.69%
14
No dependency changes