Shareable config for the strict security rules?

[beaugunderson]

I think it would be nice to have a sharable config that turns on all of the new security rules, so teams can turn off just the ones they don't want and automatically get new ones turned on as they're included (as a way to keep abreast of new best practices)

[duaraghav8]

@beaugunderson if you simply specify"plugins: ["security"] in your soliumrc, then by default ALL non-deprecated rules inside that plugin will be enabled (all security rules are by default specified as error).

Any new rule that we add to the plugin WILL be automatically enabled when the user updates solium (provided that they have the "plugins" property set).

To turn off or change a specific security rule to warning, user needs to separately modify the rule like "security/no-throw": "off".

Is this^ what you wanted to achieve? If yes, then its already covered. If no, could you point out the diff.?

[duaraghav8]

@beaugunderson does the above resolve your issue or did I miss something?

[beaugunderson]

@duaraghav8 i think 'everything on' works for Augur, but not sure if it should be default behavior of specifying the plugin, since some of the rules are more draconian (like no-user-defined-modifiers)

[duaraghav8]

you're right. I think we can write a sharable config solium-config-augur which augur can use since not all the security are desirable to all devs.

How this will work is

• If you just use solium with default settings, it will apply some security rules and turn off some (especially the [Optional] ones)
• If you apply augur sharable config on top, it applies all security rules. Otherwise you can choose to enable whatever rules you like inside soliumrc.json

I can publish this config, but I believe it is better suited for augur to keep it in their organisation?

[duaraghav8]

security plugin is now configured to only enable general purpose rules by default - https://github.com/duaraghav8/solium-plugin-security#list-of-rules
will set up sharable config when need arises