MCPcopy Index your code
hub / github.com/ShipSecure-Labs/eslint-plugin-next

github.com/ShipSecure-Labs/eslint-plugin-next @v1.0.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.0.2 ↗ · + Follow
18 symbols 30 edges 21 files 0 documented · 0% 63 cross-repo links
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

@shipsecure/eslint-plugin-next

Overview

@shipsecure/eslint-plugin-next is a custom ESLint plugin designed to enhance the security of Next.js applications by identifying potentially insecure patterns in code. This plugin offers a set of rules specifically tailored to prevent common security pitfalls in Next.js, encouraging best practices and securing your app's frontend and backend code.

Features

  • Rules for Secure Code: Detects usage of unsecure URLs, inline scripts, eval, and other potential security vulnerabilities.
  • Recommended Configurations: Provides a recommended set of rules for immediate security improvements.
  • Easy to Integrate: Seamlessly integrates with any Next.js project with simple installation and configuration.

Installation

npm install @shipsecure/eslint-plugin-next --save-dev

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const shipsecureNext = require("@shipsecure/eslint-plugin-next");

module.exports = [shipsecureNext.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ["plugin:@shipsecure/next/recommended-legacy"],
};

Contributing

Contributions are welcome! If you'd like to add new rules, suggest enhancements, or report issues, please open a pull request or issue on our GitHub repository.

Steps to Contribute

  1. Fork the repository.
  2. Create a new branch for your feature (git checkout -b feature-name).
  3. Make your changes and add tests.
  4. Run tests to ensure everything works (npm test).
  5. Push your branch and submit a pull request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Extension points exported contracts — how you extend this code

PluginDocs (Interface)
(no doc)
src/utils/rule.ts

Core symbols most depended-on inside this repo

getNextRuntime
called by 0
src/utils/next-runtime.ts
create
called by 0
src/rules/require-script-integrity.ts
JSXOpeningElement
called by 0
src/rules/require-script-integrity.ts
create
called by 0
src/rules/require-rel-noopener-noreferrer.ts
JSXOpeningElement
called by 0
src/rules/require-rel-noopener-noreferrer.ts
create
called by 0
src/rules/no-eval.ts
CallExpression
called by 0
src/rules/no-eval.ts
create
called by 0
src/rules/no-client-side-secrets.ts

Shape

Function 17
Interface 1

Languages

TypeScript100%

Modules by API surface

src/rules/require-script-integrity.ts2 symbols
src/rules/require-rel-noopener-noreferrer.ts2 symbols
src/rules/no-open-redirects.ts2 symbols
src/rules/no-inline-styles.ts2 symbols
src/rules/no-eval.ts2 symbols
src/rules/no-dangerously-set-inner-html.ts2 symbols
src/rules/no-client-side-secrets.ts2 symbols
src/rules/enforce-https.ts2 symbols
src/utils/rule.ts1 symbols
src/utils/next-runtime.ts1 symbols

For agents

$ claude mcp add eslint-plugin-next \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact