[Feature] Possible Rules

Experience-Monks / adviser

Jam3 quality advisor. Integrates checking for best practices at Jam3

https://jam3.github.io/adviser

MIT License

11 stars 3 forks source link

[Feature] Possible Rules #23

Open iranreyes opened 5 years ago

iranreyes commented 5 years ago

List of rules to add:

[x] Lighthouse
[ ] Webhint

craighillwood commented 5 years ago

@iranreyes I was thinking of a rule that checked that there is only one h1 per page.

njam3 commented 5 years ago

Lighthouse[in-progress]: https://github.com/Jam3/adviser-plugin-lighthouse

iranreyes commented 5 years ago

Idea

Create a plugin called adviser-plugin-privacy and create a rule that scans looking for hardcoded credentials. Before creating this rule I would like to test what GitHub detects out of the box and use the tools to detect the rest.

Rule Specifications

Name: secrets

References

https://github.com/awslabs/git-secrets https://github.com/Yelp/detect-secrets https://www.npmjs.com/package/detect-secrets https://geekflare.com/github-credentials-scanner/ https://securitytrails.com/blog/github-dorks https://github.blog/2018-10-17-behind-the-scenes-of-github-token-scanning/

Notes

Create documentation for the rule within /docs/rules Add metadata to the rule Update the Plugin general README and add the new rule

Another possible rule

Avoid pushing .env files

iranreyes commented 5 years ago

SEO Combo:

Ideas: h1 sitemap.xml robots.txt img alts broken links etc

iranreyes commented 5 years ago

Security combo:

Headers, CSP Extra checkings HTTPS implementation External anchors should use noopnener, noreferrer Run Owasp-zap, wp-scan, skipfish and others

iranreyes commented 5 years ago

Dependencies:

Suspicious dependency (downloads, updated, maintainers, number of open issues, number of stars) (https://duo.com/decipher/hunting-malicious-npm-packages)

iranreyes commented 5 years ago

Config files: Which config files the project should have (.eslintrc, .stylelintrc, etc)

iranreyes commented 5 years ago

Package.json: Required package.json props (private, browserlist, husky, lint-staged, engines, license) Not allowed (license)

iranreyes commented 5 years ago

What is not covered by LightHouse or WebHint but it's in one of the frontend checklists:

https://github.com/thedaviddias/Front-End-Checklist https://github.com/thedaviddias/Front-End-Design-Checklist#front-end-design-checklist\ https://codeburst.io/the-front-end-performance-checklist-speeds-up-your-web-developments-b68e1c7a0276