search

snyk-labs / eslint-plugin-react-security

ESLint plugin with rules for finding security issues in React projects.
18 stars 4 forks source link

I tried adding this rule to my .eslint.js #14

Open morgan-zylotech opened 3 years ago

morgan-zylotech commented 3 years ago

I've imported this ruleset into my application in my package.json file

"eslint-plugin-react-security": "git+ssh://git@github.com:snyk-labs/eslint-plugin-react-security.git",

I've declared the rule in my .eslintrc.js file like:

  plugins: [
    'react',
    'cypress',
    'html',
    'no-unsanitized',
    'react-security',
    'security',
  ],
  rules: {
    // # https://github.com/yannickcr/eslint-plugin-react/tree/master/docs/rules
    'react/no-danger': 'warn',
    'react/no-find-dom-node': 'warn',
    'react/jsx-no-script-url': 'warn',
    'react/jsx-no-target-blank': 'warn',
    'react/jsx-props-no-spreading': 'warn',
    // https://github.com/snyk-labs/eslint-plugin-react-security
    'no-refs': 'warn',
   // https://github.com/mozilla/eslint-plugin-no-unsanitized
    'no-unsanitized/method': 'error',
    'no-unsanitized/property': 'error',
}

as per the file - https://github.com/snyk-labs/eslint-config-react-security/blob/master/index.js

Which leads me to this error when running eslint in the application directory.

1:1 error Definition for rule 'no-refs' was not found

Only when I

change 'no-refs': 'warn', to 'react-security/no-refs': 'warn', does the error go away and the rule properly resolve.

I think this could easily be solved with some documentation.

The reason my this might get some attention is that someone at Synk blogged about it recently - https://snyk.io/blog/10-react-security-best-practices/

lirantal commented 3 years ago

@morgan-zylotech thanks for coming by and proposing the solution here. Would you like to send over the Pull Request with the fix?