Detect the use of prototype pollution vulnerabilities
npm install eslint-plugin-prototype-pollutionDetects the existence of possible prototype pollution vulnerabilities.
You'll first need to install ESLint:
``shnpm
npm i eslint --save-dev
Next, install
:`sh
npm
npm install eslint-plugin-prototype-pollution --save-devyarn
yarn add eslint-plugin-prototype-pollution --dev
`
Usage
$3
For newer eslint versions you can add the following to your js config file (
)`js
const pluginPrototypePollution = require("eslint-plugin-prototype-pollution");module.exports = [pluginPrototypePollution.configs.recommended]
`$3
For the
config files do the following (deprecated and will be removed in the future)#### Recommended
Instead of applying rules manually, you can also use our recommended config by adding to the configuration file at the extend section the following:
`json
{
"extends": [
"plugin:prototype-pollution/recommended-legacy"
]
}
`#### Custom configuration
Add
to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:`json
{
"plugins": [
"prototype-pollution"
]
}
`
Then configure the rules you want to use under the rules section.
json
{
"rules": {
"prototype-pollution/no-bracket-notation-property-accessor": ["error", "Please add a obj.hasOwn(property) check"],
"prototype-pollution/no-unsafe-object-assign": "off"
}
}
``See CONTRIBUTING.md.
All rules support a custom error message in the passed options.
š” Manually fixable by editor suggestions.
| Name | Description | š” |
| :------------------------------------------------------------------------------------------- | :-------------------------------------------------------- | :- |
| no-bracket-notation-property-accessor | Detect unsafe usage of bracket notation property accessor | |
| no-unsafe-object-assign | Detect unsafe usage of Object.assign | š” |
MIT
(See LICENSE)