Rule proposal: prefer-https

[sindresorhus]

Enforce using HTTPS URLs over HTTP.

Fail

const foo = 'http://sindresorhus.com';

// Hello: http://sindresorhus.com

Pass

const foo = 'https://sindresorhus.com';

// Hello: https://sindresorhus.com

---

Alternative name: prefer-https. Which one do people prefer?

I'm aware this could be partly solved with the string-content rule, but I don't think most people would think of this and it also wouldn't work in comments.

[sindresorhus]

This is now accepted. The rule name should be prefer-https.

[himynameisdave]

I can pick this up!

[JounQin]

Should http://localhost for example be ignored?

[sindresorhus]

Should http://localhost for example be ignored?

Yes, any URL without a TLD should be ignored.

[manovotny]

Is this still desired since string-content can accomplish this now?

[sindresorhus]

Yes, that's addressed in the issue description.

[manovotny]

My apologies @sindresorhus. That's what I get for skimming too quickly. 😞

[manovotny]

FWIW, just in case it helps here, this is the regex I came up with for use with string-content.

(?!(?=.*(localhost|0\.0\.0\.0|127\.0\.0\.1)))^http\:

Demo here on regex101: https://regex101.com/r/ITZChx/1

[sindresorhus]

If anyone wants to work on this, see the initial attempt and feedback in #1084.