eslint-plugin-prototype-pollution
Detects the existence of possible prototype pollution vulnerabilities.
Installation
You'll first need to install ESLint:
# npm
npm i eslint --save-dev
# yarn
yarn add eslint --devNext, install eslint-plugin-prototype-pollution:
# npm
npm install eslint-plugin-prototype-pollution --save-dev
# yarn
yarn add eslint-plugin-prototype-pollution --devUsage
Flat config
For newer eslint versions you can add the following to your js config file (eslint.config.js)
const pluginPrototypePollution = require("eslint-plugin-prototype-pollution");
module.exports = [pluginPrototypePollution.configs.recommended]eslintrc config
For the .eslintrc config files do the following (deprecated and will be removed in the future)
Recommended
Instead of applying rules manually, you can also use our recommended config by adding to the configuration file at the extend section the following:
{
"extends": [
"plugin:prototype-pollution/recommended"
]
}Custom configuration
Add prototype-pollution to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
{
"plugins": [
"prototype-pollution"
]
}Then configure the rules you want to use under the rules section.
{
"rules": {
"prototype-pollution/no-bracket-notation-property-accessor": ["error", "Please add a obj.hasOwn(property) check"],
"prototype-pollution/no-unsafe-object-assign": "off"
}
}Contributing
See CONTRIBUTING.md.
Rules
All rules support a custom error message in the passed options.
💡 Manually fixable by editor suggestions.
| Name | Description | 💡 |
|---|---|---|
| no-bracket-notation-property-accessor | Detect unsafe usage of bracket notation property accessor | |
| no-unsafe-object-assign | Detect unsafe usage of Object.assign | 💡 |
License
MIT
(See LICENSE)