eslint-plugin-tst-rules
v1.0.5
Published
An ESLint plugin that checks for hardcoded strings
Downloads
7
Readme
eslint-plugin-tst-rules
Overview
eslint-plugin-tst-rules
is an ESLint plugin designed to help you enforce rules against hardcoding sensitive information such as passwords, keys, and other sensitive variables directly in your code. This plugin allows you to specify a list of keywords that, if detected as hardcoded, will trigger a linting error, encouraging the use of environment variables instead.
Installation
You can install the plugin via npm or yarn:
npm install eslint-plugin-tst-rules
yarn add eslint-plugin-tst-rules
Rule Details
This rule checks for hardcoded sensitive information based on the provided keywords. It looks for sensitive information in the following contexts:
- Variable declarations
- Assignment expressions
- Call expressions
- Object properties
.eslintrc.js Configuration
To use the plugin, you need to add tst-rules to the plugins section of your ESLint configuration file. Then, you can enable the hardcoded-forbidden rule and provide specific keywords that you want to detect as hardcoded.
module.exports = {
// Other ESLint configuration...
plugins: [
// Other plugins...
"tst-rules"
],
rules: {
// Other rules...
"tst-rules/hardcoded-forbidden": [
"error",
{
"keywords": ["password", "key", "secret"] // Add your specific keywords here
}
]
}
};
Example
const password = "12345"; // Hardcoding sensitive information like password is not allowed. Use environment variables instead.
const user = { password: '12345' }; // Hardcoding sensitive information like password is not allowed. Use environment variables instead.
const mg = Object.method({ username: env.USERNAME, key: 'test', url: env.URL }); //Hardcoding sensitive information in property 'key' is not allowed. Use environment variables instead.