ESLint plugin containing Node.js security rules
This plugin will help to identify potential threats and prevent attacks.
npm install --save-dev eslint-plugin-security-node
Add the following configuration to your .eslintrc
file:
"plugins": [
"security-node"
],
"extends": [
"plugin:security-node/recommended"
]
Type the following to test all the rules:
$ npm test
Type the following to test a particular rule:
$ ./node_modules/.bin/mocha tests/lib/rules/rule_name
detect non literal regular expr
For details check the documentation file non-literal-reg-expr
detect absence of property:name in express-session
For details check the documentation file detect-absence-of-name-option-in-exrpress-session
detect Buffer unsafe allocation
For details check the documentation file detect-buffer-unsafe-allocation
detect exec of child_process with non-Literal argument
For details check the documentation file detect-child-process
detect crlf attack
For details check the documentation file detect-crlf
detect dangerous redirects
For more information check the documentation file detect-dangerous-redirects
detect-eval-with-expr
For more information check the documentation file detect-eval-with-expr
detect-html-injection
For more information check the documentation file detect-html-injection
detect-insecure-randomness
For more information check the documentation file detect-insecure-randomness
detect-non-literal-require-calls
For more information check the documentation file detect-non-literal-require-calls
detect-nosql-injection
For more information check the documentation file detect-nosql-injection
detect-option-multiplestatements-in-mysql
For more information check the documentation file detect-option-multiplestatements-in-mysql
detect-option-rejectunauthorized-in-nodejs-httpsrequest
For more information check the documentation file detect-option-rejectunauthorized-in-nodejs-httpsrequest
detect-option-unsafe-in-serialize-javascript-npm-package
For more information check the documentation file detect-option-unsafe-in-serialize-javascript-npm-package
detect-possible-timing-attacks
For more information check the documentation file detect-possible-timing-attacks
detect-runinthiscontext-method-in-nodes-vm
For more information check the documentation file detect-runinthiscontext-method-in-nodes-vm.
detect-security-missconfiguration-cookie
For more information check the documentation file detect-security-missconfiguration-cookie
detect-sql-injection
For more information check the documentation file detect-sql-injection
disable-ssl-across-node-server
For more information check the documentation file disable-ssl-across-node-server
detect-improper-exception-handling
For more information check the documentation file detect-improper-exception-handling
detect-unhandled-async-errors
For more information check the documentation file detect-unhandled-async-errors
detect-unhandled-event-errors
For more information check the documentation file detect-unhandled-event-errors
All notable changes to this project will be documented in this file. Dates are displayed in UTC.
Generated by auto-changelog
.
#63
0520676
922ded3
#74
#73
#72
#71
#70
#69
#62
#78
#60
#61
#2
#59
#1
#58
#57
#54
#53
#50
#49
#48
#46
#44
#43
#1
b0f2d6a
0ca48df
ce7d04d