New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Are you still working on this? #33
Comments
Same here, are you still working on it? I would like to keep contributing. A "npm audit-code" or something similar would be awesome :) |
@jesusprubio if we don't get an answer back let's fork this and keep it alive somewhere else... |
Sure, but lets give them some days, it's Sunday today :). I have more rules and some ideas implemented locally, like support for rules to check the absence of stuff (instead the presence). |
@jesusprubio of course can't wait to see what you came up with. |
@jesusprubio just got word from the NPM team that our best option is to fork and work on it ourselves. So I'll fork it and invite you, works for you? |
@evilpacket if we send you updates in ESLINT rules for this are you still looking into maintaining and updating it with new rules? I'm building a secured based template for @BedRock4 and want to leverage ESLINT rules to instill security best practices. |
Opened this topic on npm.community: https://npm.community/t/what-are-the-plans-for-eslint-plugin-security/1615 |
Topic was closed 😞. |
Yup I’ll accept pr’s! would be good for some updates to rules. Happy to
give maintainership as well as needed as I can’t always get to things.
…On Wed, Jun 13, 2018 at 5:25 AM Manny Henri ***@***.***> wrote:
@evilpacket <https://github.com/evilpacket> if we send you updates in
ESLINT rules for this are you still looking into maintaining and updating
it with new rules? I'm building a secured based template for @BedRock4
<https://github.com/BedRock4> and want to leverage ESLINT rules to
instill security best practices.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#33 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHEOY-PkA6Wa0Qcp8s5XfshyWQWcZHjks5t8QSfgaJpZM4UhrXL>
.
|
Is there an active fork of this project somewhere? |
@MVrachev, I support a version for TSLint - https://github.com/webschik/tslint-config-security, if you're interested. |
Wow, awesome! Thank you @webschik! I will have a look. |
So is this going to be maintained? If not has anyone found a suitable drop-in replacement? I'd also pony up time for being a maintainer to keep the repo alive and well going forward if there are no suitable replacements. |
I found one replacement - https://github.com/webschik/tslint-config-security. Because TypeScript is a superset of JavaScript TSLint can use its rules upon JavaScript files after configuration. First, you need to install TSLint and configure it. tslint.json:
and if you want to use the --project option on the command line to scan your whole project you can add the following into your tsconfig.json:
The "allowJs" flag is important here. |
I'd like to get some maintenance going on this again. I'm bad at open source and would welcome in some maintainers to assist. I'm on PTO this week and if I get a few hours here or there I plan to follow up on some of the PR's and issues. If you would like to help maintain I'd like to chat. |
I'm down for helping in maintaining this package. |
Let me know how I can help out :) |
@evilpacket Is the contents of blog.liftsecurity.io still available somewhere (or do we have to use archive.org to try and scrape the cached content)? |
@evilpacket are you still looking for maintainers for this repo? |
@UziTech I am looking for maintainers for my repo eslint-plugin-security-node is the package name in npm. |
@gkouziik is that a fork of this package? |
@UziTech No its not a fork, they just have some similar rules |
@gkouziik I would be willing to help maintain it. |
🚧 Is this repo looking for support? |
See #71. |
Very interested in this plugin but is it possible you're not maintaining it anymore since the acquisition? ESLINT in my opinion is probably the best approach to write implement best practices around writing secured code.
If you're not maintaining it anymore would you be open to transfer this project to me? I'd like to keep it alive and update it with other rules.
The text was updated successfully, but these errors were encountered: