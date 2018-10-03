These rules are to supplement the security issues documented by Oliver Arteau at https://github.com/HoLyVieR/prototype-pollution-nsec18 some of the issues have not been resolved by the maintainers.
The main reason for these rules, is because npm audit does not report that certain libraries have known problems:
These rules will atleast tell you if vulnerable features are being utilized
If you want to scan this against your code bases, you can through the following:
npm install eslint-plugin-prototype-pollution-security-rules
.eslintrc
detect-prototype-pollution
"detect-prototype-pollution/detect-merge": 1
Example:
Current rules are: