Add recommended rules to plugin config?

[pdehaan]

It may be super-neat if there was a recommended config bundled in the plugin (Ref: eslint-plugin-react).

This would let us do something like:

{
  "extends": [
    "eslint:recommended",
    "plugin:security/recommended"
  ],
  "plugins": [
    "security"
  ]
}

I think it's as easy as adding a configs.recommended.rules object to the index.js:

/**
 * eslint-plugin-security - ESLint plugin for Node Security
 */

'use strict';

module.exports = {
  rules: {
    // ...
  },
  rulesConfig: {
    // ...
  },
  configs: {
    recommended: {
      rules: {
        'security/detect-buffer-noassert': 'warn',
        'security/detect-child-process': 'warn',
        'security/detect-disable-mustache-escape': 'warn',
        'security/detect-eval-with-expression': 'warn',
        'security/detect-new-buffer': 'warn',
        'security/detect-no-csrf-before-method-override': 'warn',
        'security/detect-non-literal-fs-filename': 'warn',
        'security/detect-non-literal-regexp': 'warn',
        'security/detect-non-literal-require': 'warn',
        'security/detect-object-injection': 'warn',
        'security/detect-possible-timing-attacks': 'warn',
        'security/detect-pseudoRandomBytes': 'warn',
        'security/detect-unsafe-regex': 'warn'
      }
    }
  }
};

Individual rules can overridden in the user's .eslintrc file:

{
  "extends": [
    "eslint:recommended",
    "plugin:security/recommended"
  ],
  "plugins": [
    "security"
  ],
  "rules": {
    "security/detect-object-injection": "off"
  }
}

[travi]

is this something that the team is open to? recommended rulesets do greatly simplify plugin inclusion. would you accept a PR with a recommended set that enabled all rules as errors?

[jlamendo]

I believe this was resolved with #10

[travi]

ah, nice. would be great if it were mentioned in the usage section of the readme.