Linting rules for safe and secure client code
Extends eslint-plugin-no-unsanitized
, see documentation.
Additional rules:
no-eval
- eval('evil code')no-implied-eval
- same as evalradix
- parseInt('12345', 10) without radixno-debugger
- disallow debugger; in codeno-new-func
- new Function('evil code')
- Install the config:
npm i -D eslint-config-sec
- Add config to the
extends
section on your.eslintrc.js
file:
"extends": [
+ "eslint-config-sec"
]