This plugin implements a collection of security rules for ESLint.
Our ambition is to eventually provide a comprehensive set of recommended security rules for:
- web browser applications
- Node.js tools
- Node.js services
Require regular expressions to be constructed from string constants rather than dynamically building strings at runtime.
Regular expressions should be constructed from string constants. Dynamically building strings at runtime may introduce security vulnerabilities, performance concerns, and bugs involving incorrect escaping of special characters.
The following patterns are considered problems when
@rushstack/security/no-unsafe-regexp is enabled:
The following patterns are NOT considered problems:
- CHANGELOG.md - Find out what's new in the latest version
@rushstack/eslint-plugin-security is part of the Rush Stack family of projects.