Detects the existence of possible prototype pollution vulnerabilities.
You'll first need to install ESLint:
# npm
npm i eslint --save-dev
# yarn
yarn add eslint --devNext, install eslint-plugin-prototype-pollution:
# npm
npm install eslint-plugin-prototype-pollution --save-dev
# yarn
yarn add eslint-plugin-prototype-pollution --devFor newer eslint versions you can add the following to your js config file (eslint.config.js)
const pluginPrototypePollution = require("eslint-plugin-prototype-pollution");
module.exports = [pluginPrototypePollution.configs.recommended]For the .eslintrc config files do the following (deprecated and will be removed in the future)
Instead of applying rules manually, you can also use our recommended config by adding to the configuration file at the extend section the following:
{
"extends": [
"plugin:prototype-pollution/recommended-legacy"
]
}Add prototype-pollution to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
{
"plugins": [
"prototype-pollution"
]
}Then configure the rules you want to use under the rules section.
{
"rules": {
"prototype-pollution/no-bracket-notation-property-accessor": ["error", "Please add a obj.hasOwn(property) check"],
"prototype-pollution/no-unsafe-object-assign": "off"
}
}See CONTRIBUTING.md.
All rules support a custom error message in the passed options.
💡 Manually fixable by editor suggestions.
| Name | Description | 💡 |
|---|---|---|
| no-bracket-notation-property-accessor | Detect unsafe usage of bracket notation property accessor | |
| no-unsafe-object-assign | Detect unsafe usage of Object.assign | 💡 |
MIT
(See LICENSE)