This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

📦 eslint-plugin-security

Security rules for eslint

Author

Node Security Project

License

Apache-2.0

Unpacked Size

136.83 KB

Packed Size

33.25 KB

Last Activity

2 months ago

Wkly Downloads

322K

Unpacked Size

136.83 KB

Packed Size

33.25 KB

License

Apache-2.0

Author

Node Security Project

Last Activity

2 months ago

Dependencies Overview

Dependencies (1)

safe-regex ^2.1.1

Peer Dependencies (0)

There are not dependencies

Dev Dependencies (14)

Versions Overview

Last Version

3.0.1

Last Version Released

over 1 year ago

N. of Versions

Security Overview

Vulnerabilities

Last Version with Vulnerabilities

N/A

Vulnerabilities Tracker

Historycal data about package vulnerabilities across all the stable versions

Vulnerabilites Summary

The npm package `eslint-plugin-security` versions 1.0.0 through 3.0.1 inclusive, have no reported security vulnerabilities according to the provided data.

Complete Security Overview

Popularity Overview

GH Stars

2.3K

GH Forks

106

GH Watchers

Downloads History

Historycal data about package downloads in the last 18 months

Repository Overview

Default Branch

main

Is Archived?

Is Disabled?

Is Fork?

Is Locked?

Security Policy Enabled?

YES

Latest Commits

Last 10 commits in the repository

ci: trusted publishing (#180)

唯然

2 months ago

ci(ci): add node 24 to test matrix (#176)

Frazer Smith

7 months ago

ci: migrate to manifest config (#173)

Frazer Smith

9 months ago

chore(.eslint-doc-generatorrc): add missing `'use strict'` directive (#170)

Frazer Smith

10 months ago

chore(package): explicitly declare js module type (#171)

Frazer Smith

10 months ago

ci: update github actions (#172)

Frazer Smith

10 months ago

fix: generate provenance statement for release (#168)

Michaël De Boey

about 1 year ago

chore: release 3.0.1 (#164) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

over 1 year ago

chore(deps-dev): bump braces from 3.0.2 to 3.0.3 (#165) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

over 1 year ago

chore: release 3.0.1 (#162) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

over 1 year ago

Top Contributors

The top contributors considering the last 100 commits & PRs

nzakas

aladdin-add

github-actions[bot]

Fdawgs

ota-meshi

Open PRs (2)

Currently active PR in the repository

feat: migrate to TypeScript and ESM

aryaemami59

16 days ago

chore(deps): bump serialize-javascript and mocha

dependabot

10 months ago

Open Issues (11)

Currently active PR in the repository

Improve detect-non-literal-fs-filename

thernstig

about 1 month ago

release-please failing on latest commit

aladdin-add

2 months ago

Add TypeScript without dependency on @types/eslint-plugin-security

thernstig

3 months ago

New Rule: disallow unicode confusable identifiers

mhofman

almost 3 years ago

New Rule: Detect invisible characters

nzakas

almost 3 years ago

Deprecate detect-buffer-noassert

nzakas

over 3 years ago

Help wanted: Issue and PR Review

nzakas

over 3 years ago

Is this a timing attack?

jimisaacs

about 4 years ago

Better unsafe regex detector

davisjam

over 7 years ago

Several issues with using this plugin

rossPatton

about 8 years ago

Open Discussions (0)

Currently open discussions in the repository

There are not discussions to display

Package Summary

eslint-plugin-security is an ESLint plugin that identifies potential security vulnerabilities in JavaScript and TypeScript code. It analyzes code for unsafe practices like regular expressions vulnerable to ReDoS attacks, disabling TLS verification, and the use of dangerous functions. By integrating this plugin into your ESLint configuration, you can proactively detect and address security issues during development, improving the overall security posture of your npm packages and applications. The plugin helps developers write more secure code by highlighting potential risks early in the development lifecycle.

Security Overview

Vulnerabilities

Last Version with Vulnerabilities

N/A

Vulnerabilities Tracker

Historycal data about package vulnerabilities across all the stable versions

Vulnerabilites Summary

The npm package `eslint-plugin-security` versions 1.0.0 through 3.0.1 inclusive, have no reported security vulnerabilities according to the provided data.

Complete Security Overview

📦 eslint-plugin-security

Dependencies Overview

Dependencies (1)

Peer Dependencies (0)

Dev Dependencies (14)

Versions Overview

Repository Overview

Latest Commits

Top Contributors

Open PRs (2)

Open Issues (11)

Open Discussions (0)

📦 eslint-plugin-security

Dependencies Overview

Dependencies (1)

Peer Dependencies (0)

Dev Dependencies (14)

Versions Overview

Security Overview

Vulnerabilities Tracker

Vulnerabilites Summary

Popularity Overview

Downloads History

Repository Overview

Latest Commits

Top Contributors

Open PRs (2)

Open Issues (11)

Open Discussions (0)

Package Summary

Release Frequency

Security Overview

Vulnerabilities Tracker

Vulnerabilites Summary

Popularity Overview

Downloads History