An ESLint plugin that checks for hardcoded strings
npm install eslint-plugin-tst-ruleseslint-plugin-tst-rules is an ESLint plugin designed to help you enforce rules against hardcoding sensitive information such as passwords, keys, and other sensitive variables directly in your code. This plugin allows you to specify a list of keywords that, if detected as hardcoded, will trigger a linting error, encouraging the use of environment variables instead.
You can install the plugin via npm or yarn:
``sh`
npm install eslint-plugin-tst-rules
`sh`
yarn add eslint-plugin-tst-rules
This rule checks for hardcoded sensitive information based on the provided keywords. It looks for sensitive information in the following contexts:
- Variable declarations
- Assignment expressions
- Call expressions
- Object properties
To use the plugin, you need to add tst-rules to the plugins section of your ESLint configuration file. Then, you can enable the hardcoded-forbidden rule and provide specific keywords that you want to detect as hardcoded.
`sh`
module.exports = {
// Other ESLint configuration...
plugins: [
// Other plugins...
"tst-rules"
],
rules: {
// Other rules...
"tst-rules/hardcoded-forbidden": [
"error",
{
"keywords": ["password", "key", "secret"] // Add your specific keywords here
}
]
}
};
`sh`
const password = "12345"; // Hardcoding sensitive information like password is not allowed. Use environment variables instead.
`sh`
const user = { password: '12345' }; // Hardcoding sensitive information like password is not allowed. Use environment variables instead.
`sh``
const mg = Object.method({ username: env.USERNAME, key: 'test', url: env.URL }); //Hardcoding sensitive information in property 'key' is not allowed. Use environment variables instead.