eslint-plugin-security-node

ESLint plugin containing Node.js security rules

This plugin will help to identify potential threats and prevent attacks.

Installation

``sh
npm install --save-dev eslint-plugin-security-node
`

Usage

Add the following configuration to your `.eslintrc` file:

`
"plugins": [
"security-node"
],
"extends": [
"plugin:security-node/recommended"
]
`

Developer guide

* Use GitHub pull requests
* Check the .eslintrc file to see the ESLint setup

Tests

Type the following to test all the rules:
`sh
$ npm test
`

Type the following to test a particular rule:
`sh
$ ./node_modules/.bin/mocha tests/lib/rules/rule_name
`

Rules

$3

For details check the documentation file non-literal-reg-expr

$3

For details check the documentation file detect-absence-of-name-option-in-exrpress-session

$3

For details check the documentation file detect-buffer-unsafe-allocation

$3

For details check the documentation file detect-child-process

$3

For details check the documentation file detect-crlf

$3

For more information check the documentation file detect-dangerous-redirects

$3

For more information check the documentation file detect-eval-with-expr

$3

For more information check the documentation file detect-html-injection

$3

For more information check the documentation file detect-insecure-randomness

$3

For more information check the documentation file detect-non-literal-require-calls

$3

For more information check the documentation file detect-nosql-injection

$3

For more information check the documentation file detect-option-multiplestatements-in-mysql

$3

For more information check the documentation file detect-option-rejectunauthorized-in-nodejs-httpsrequest

$3

For more information check the documentation file detect-option-unsafe-in-serialize-javascript-npm-package

$3

For more information check the documentation file detect-possible-timing-attacks

$3

For more information check the documentation file detect-runinthiscontext-method-in-nodes-vm.

$3

For more information check the documentation file detect-security-missconfiguration-cookie

$3

For more information check the documentation file detect-sql-injection

$3

For more information check the documentation file disable-ssl-across-node-server

$3

For more information check the documentation file detect-improper-exception-handling

$3

For more information check the documentation file detect-unhandled-async-errors

$3

For more information check the documentation file detect-unhandled-event-errors

$3

All notable changes to this project will be documented in this file. Dates are displayed in UTC.

Generated by auto-changelog.

#### 1.1.3

- fix: potential error in isTryCatchStatement #63
- updated Readme with changelog 0520676
- test: update test 922ded3

#### 1.1.2

- Bump diff and mocha #74
- Bump debug and mocha #73
- Bump growl and mocha #72
- Bump minimatch from 3.0.4 to 3.1.2 #71
- Bump ansi-regex from 3.0.0 to 3.0.1 #70
- Bump minimist, mkdirp and mocha #69
- Bump ajv from 6.10.0 to 6.12.6 #62
- Added release-it script #78
- Request to add new rules #60
- Fix headings #61
- Revisions for new rules #2
- chore: remove node_modules #59
- add new rules #1
- Bump lodash from 4.17.19 to 4.17.21 #58
- Add docs urls to rules #57
- remove remaining references to helmet without nocache #54
- Remove noCache since it has been depricated #53
- Fixed typos and improved grammar #50
- Bump lodash from 4.17.15 to 4.17.19 #49
- Bump acorn from 6.1.1 to 6.4.1 #48
- fix: remove console logs in create functions #46
- Bump lodash from 4.17.11 to 4.17.15 #44
- Bump eslint-utils from 1.3.1 to 1.4.3 #43
- Update Readme.md file #1
- Changed package lock b0f2d6a
- #21 Rule Ready tested 0ca48df
- Deleted some files ce7d04d`