eslint-plugin-prototype-pollution-security-rules

Detect the use of vulnerable features within some libraries from https://github.com/HoLyVieR/prototype-pollution-nsec18/ that are not yet fixed

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
eslint-plugin-prototype-pollution-security-rules
1401.0.64 years ago4 years agoMinified + gzip package size for eslint-plugin-prototype-pollution-security-rules in KB

Readme

Prototype Pollution Security Rules For ESLint
These rules are to supplement the security issues documented by Oliver Arteau at https://github.com/HoLyVieR/prototype-pollution-nsec18 some of the issues have not been resolved by the maintainers.

NPM

The main reason for these rules, is because npm audit does not report that certain libraries have known problems: NPM

ESLint

These rules will atleast tell you if vulnerable features are being utilized ESLint
Usage
If you want to scan this against your code bases, you can through the following:
  • Install the rule locally or globally such as npm install eslint-plugin-prototype-pollution-security-rules
  • Add the rule to your .eslintrc
* Inside plugins add `detect-prototype-pollution`
* Inside rules add `"detect-prototype-pollution/detect-merge": 1` 
* (full list below)
Example: ESLint Config

Rules

Current rules are:
  • detect-merge-objects - link
  • detect-merge-options - link
  • detect-deep-extend- link