Skip to content

google/safety-web

BranchesTags

Repository files navigation

safety-web - ESLint plugin for Trusted Types and CSP compatibility

This is not an officially supported Google product.

This project is under development and is not ready for production yet.

@safety-web/eslint-plugin (aka. safety-web in short) is an ESLint plugin that works on TypeScript and JavaScript projects and surfaces security issues like Trusted Types violations statically. This repository contains several packages. Refer to the package specific READMEs for more information. The eslint-plugin sources live in packages/eslint-plugin/.

Development

This project uses yarn "modern" Berry (Yarn 4) with workspaces, and Node "^20.11.0 || >21.2.0". To install the dependencies for all workspaces:

yarn

Scripts are defined using Wireit. It makes it very it to build all the packages and watch for changes. Just run :

# Build all workspaces. Rebuild the necessary steps if files are updated.
yarn run build --watch

To format the repository:

yarn format

safety-web unit testing

yarn run unit_tests

unit tests + integrations tests

yarn run test

Updating tsetse

The core logic behind this plugin is re-used from tsec. The common directory of tsec is mirrored in packages/eslint-plugin/src/common, as vendored dependency.

Run tsetse_update.sh to pull the latest version of tsetse in:

bash update_tsetse.sh

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

29 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages