eslint-plugin-anti-trojan-source
JSON →ESLint plugin (v1.1.2) that detects Trojan Source attacks using Unicode bidirectional (bidi) characters in JavaScript/TypeScript code. It provides a single rule `no-bidi` that flags maliciously embedded Unicode control characters that can cause code to appear differently to humans vs compilers. The plugin includes a recommended configuration for easy adoption. Updated as recently as November 2025 but core functionality (single rule) stable since 2021. Inspired similar rule `detect-bidi-characters` in eslint-plugin-security. No dependencies. Actively maintained.
Traffic · last 30 days ↓40% vs prev 7d
total hits 13
actors 5 distinct systems
last hit 2d ago AhrefsBot
top countries 🇺🇸 United States · 🇨🇦 Canada · 🇩🇪 Germany · 🇫🇷 France · MY