PrivJs Safe - ESLint plugin
This is an ESLint plugin to detect vulnerable imports/packages. This is developed by the team at PrivJs Safe.
Use PrivJs Safe to secure your organization from malicious open-source packages.
Installation
Run the following command to install this plugin:
npm config set @privjs:registry https://r.privjs.com
npm install @privjs/eslint-plugin-safe
Usage
Add the following to .eslintrc
plugins: ['@privjs/safe'],
rules: {
'@privjs/safe/vulnerabilities-scan': [2],
}
How it works
PrivJs Safe database is parsed to identify relevant vulnerabilities. This database is compiled into a json file - which acts as the source of truth for this plugin. The JSON file needs to be updated regularly as new vulnerabilities are found. Hence, this package frequent updates.
Tasks
- Detect vulnerable packages in ES6 imports
- Detect vulnerable functions in ES6 imports
- Detect vulnerable packages when imported as Default in ES6 imports
- Detect vulnerabilities while using
require
syntax - Detect vulnerable functions while using
require
syntax
License
Commercial license
If you want to use this plugin @privjs/eslint-plugin-safe to develop commercial projects, applications or to use it in an organization, the Commercial license is required. With this license, your source code can be kept proprietary. Read more about the commercial license
Open source license
If you are creating an open source application under a license compatible with the GNU GPL license v3, you may use this project under the terms of the GPLv3.
Support
If you have any questions, suggestions, feedback, please reach out to contact@privjs.com.