{"id":19929,"library":"eslint-plugin-scanjs-rules","title":"eslint-plugin-scanjs-rules","description":"ESLint plugin providing supplemental security rules inspired by Mozilla's ScanJS, version 0.2.1. Last updated in 2016 with no active release cadence. Provides additional rules not found in core ESLint for detecting dangerous patterns (e.g., innerHTML, eval-like usage, constructors with HTML strings). Use with eslint-config-scanjs for full ScanJS parity. Note: unmaintained, may not work with modern ESLint versions (tested up to ESLint 3).","status":"abandoned","version":"0.2.1","language":"javascript","source_language":"en","source_url":"https://github.com/mozfreddyb/eslint-plugin-scanjs-rules","tags":["javascript","eslint","eslint-plugin","eslintplugin","lint","security","scanjs"],"install":[{"cmd":"npm install eslint-plugin-scanjs-rules","lang":"bash","label":"npm"},{"cmd":"yarn add eslint-plugin-scanjs-rules","lang":"bash","label":"yarn"},{"cmd":"pnpm add eslint-plugin-scanjs-rules","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"ESLint plugins are typically used via plugins array in config, not direct import. If imported, use default export.","wrong":"const plugin = require('eslint-plugin-scanjs-rules');","symbol":"rules (plugin object)","correct":"import plugin from 'eslint-plugin-scanjs-rules';"},{"note":"CommonJS require works but ESM is preferred for modern ESLint.","wrong":"const config = require('eslint-plugin-scanjs-rules').configs.recommended;","symbol":"configs.recommended","correct":"import scanjs from 'eslint-plugin-scanjs-rules'; const config = scanjs.configs.recommended;"},{"note":"Rules are only accessible via plugin object, not direct file path.","wrong":"const rule = require('eslint-plugin-scanjs-rules/rules/no-eval');","symbol":"Individual rule (e.g., 'no-eval')","correct":"import plugin from 'eslint-plugin-scanjs-rules'; const rule = plugin.rules['no-eval'];"}],"quickstart":{"code":"// .eslintrc.js\nmodule.exports = {\n  plugins: ['eslint-plugin-scanjs-rules'],\n  extends: ['plugin:eslint-plugin-scanjs-rules/recommended'],\n  rules: {\n    'scanjs-rules/no-eval': 'error',\n    'scanjs-rules/no-document-write': 'warn'\n  }\n};","lang":"javascript","description":"Shows how to configure ESLint to use scanjs-rules plugin and enable recommended rules plus custom overrides."},"warnings":[{"fix":"Consider using eslint-plugin-security or @microsoft/eslint-plugin-sdl instead.","message":"Plugin was last updated in 2016; may not work with ESLint >= 4 due to plugin API changes.","severity":"gotcha","affected_versions":">=4.0.0"},{"fix":"Use ESLint core 'no-eval' or scanjs-rules 'no-eval' but not both.","message":"Rule 'no-eval' is deprecated in ESLint core; use 'no-eval' from plugin for supplemental checks.","severity":"deprecated","affected_versions":">=0.0.0"},{"fix":"Use 'scanjs-rules/rule-name' in rules object.","message":"Rule names in config use 'scanjs-rules/' prefix; omitting prefix fails.","severity":"breaking","affected_versions":">=0.0.0"},{"fix":"Wrap plugin in custom wrapper or use alternative security linter.","message":"No TypeScript definitions; plugin may not work with @typescript-eslint/parser.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Set env: { browser: true } in ESLint config.","message":"Some rules like 'no-document-write' may conflict with browser globals not present in Node.js environments.","severity":"gotcha","affected_versions":">=0.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Run 'npm install eslint-plugin-scanjs-rules --save-dev'.","cause":"Plugin not installed or path incorrect.","error":"Error: Failed to load plugin 'eslint-plugin-scanjs-rules' declared in '.eslintrc.js': Cannot find module 'eslint-plugin-scanjs-rules'"},{"fix":"Use 'scanjs-rules/no-eval' (with prefix) in rules object, and ensure plugin is in plugins array.","cause":"Rule name typo or missing prefix.","error":"Definition for rule 'scanjs-rules/no-eval' was not found"},{"fix":"Use string for extends: 'plugin:eslint-plugin-scanjs-rules/recommended' (not array) in ESLint <3.","cause":"Incorrect extends format in older ESLint versions.","error":"ESLint configuration in .eslintrc.js is invalid: Unexpected top-level property \"extends\" is an array but should be a string"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}