eslint-plugin-security
eslint-plugin-security copied to clipboard
eslint-community
ESLint rules for Node Security
### What version of eslint-plugin-security are you using? 3.0.0 ### ESLint Environment Node version: npm version: Local ESLint version: Global ESLint version: Operating System: ### What parser are you using?...
Bumps [semantic-release](https://github.com/semantic-release/semantic-release) from 19.0.2 to 19.0.3. Release notes Sourced from semantic-release's releases. v19.0.3 19.0.3 (2022-06-09) Bug Fixes log-repo: use the original form of the repo url to remove the need...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [qs](https://github.com/ljharb/qs) from 6.3.2 to 6.3.3. Changelog Sourced from qs's changelog. 6.3.3 [Fix] parse: ignore __proto__ keys (#428) [Fix] fix for an impossible situation: when the formatter is called with...
Bumps [npm](https://github.com/npm/cli) from 8.7.0 to 8.19.4. Changelog Sourced from npm's changelog. 8.19.4 (2023-02-14) Documentation dd51f34 #6155 don't redirect "npm config' to itself (#6155) (@ivanosevitch) Dependencies cfab523 #6166 [email protected] (#6166) 8.19.3...
Bumps [jsonpointer](https://github.com/janl/node-jsonpointer) and [is-my-json-valid](https://github.com/mafintosh/is-my-json-valid). These dependencies needed to be updated together. Updates `jsonpointer` from 4.0.1 to 5.0.1 Release notes Sourced from jsonpointer's releases. Version 5.0.1 Changelog Fix incorrect typings for...
Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together. Updates `json-schema` from 0.2.3 to 0.4.0 Commits f6f6a3b Use a little more robust method of checking instances ef60987 Update...
Hi all, I'm a systems/security researcher at Virginia Tech and have been studying the incidence of vulnerable regexes in the wild. This plugin's [unsafe regex detector](https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-unsafe-regex.js) relies on [safe-regex](https://github.com/substack/safe-regex), which...
Is there any way that we can work towards a more helpful/relevant report of Object injection sinks? I can't think of a relevant security use case where Object injection would...
### Rule details Compute the Unicode skeleton of declared identifiers and disallow if similar to an identifier already in scope ### Related CVE CVE-2021-42694 ### Example code ```js const loremIpsum...
