Installations
npm install eslint-plugin-xssReleases
Unable to fetch releases
Developer
Rantanen
Developer Guide
Module System
CommonJS
Min. Node Version
>=0.10.0
Typescript Support
No
Node Version
17.3.0
NPM Version
8.3.0
Statistics
66 Stars
51 Commits
16 Forks
2 Watching
1 Branches
5 Contributors
Updated on 01 Oct 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
14,945,590
Last day
1%
11,471
Compared to previous day
Last week
2.7%
68,249
Compared to previous week
Last month
4.6%
260,908
Compared to previous month
Last year
9.3%
2,770,846
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
3
eslint-plugin-xss
Tries to detect XSS issues in codebase before they end up in production.
Installation
You'll first need to install ESLint:
$ npm install eslint --save-dev
Next, install eslint-plugin-xss:
$ npm install eslint-plugin-xss --save-dev
Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-xss globally.
Usage
Add xss to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
1{ 2 "plugins": [ 3 "xss" 4 ] 5}
Then configure the rules you want to use under the rules section.
1{ 2 "rules": { 3 "xss/rule-name": 2 4 } 5}
Or:
Enable all rules by adding the following to your .eslintrc configuration file
1{ 2 "extends": [ 3 "plugin:xss/recommended" 4 ] 5}
Supported Rules
- xss/no-mixed-html: Warn about possible XSS issues.
- xss/no-location-href-assign: Warn when trying to modify location.href.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 5/22 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 13 are checked with a SAST tool
Score
3.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More