eslint-plugin-jam3

0.2.3 verified Sat Apr 25 auth: no javascript maintenance

An ESLint plugin for React applications focusing on security best practices, particularly around XSS prevention. Current stable version 0.2.3, last updated October 2019. Maintained by Jam3. Differentiators: provides rules for enforcing sanitizers with dangerouslySetInnerHTML and window.location access, and forbidding specific methods to reduce XSS vulnerabilities. Suitable for projects needing baseline security linting for React code.

Common errors

error ESLint: Cannot find module 'eslint-plugin-jam3' ↓

cause Plugin not installed or ESLint cannot resolve it due to global/local mismatch.

fix

Install locally: npm install eslint-plugin-jam3 --save-dev. Run ESLint from project root.

error Configuration for rule "jam3/no-sanitizer-with-danger" is invalid: Value "error" is invalid. ↓

cause Rule severity must be an integer (2) or one of 'off'/'warn'/'error' per ESLint version.

fix

Use 2 or 'error'. E.g., "jam3/no-sanitizer-with-danger": 2

error ESLint: Rule 'jam3/no-sanitizer-window-location' was not found. ↓

cause Plugin not correctly loaded in plugins array or rule name typo.

fix

Add 'jam3' to plugins array: "plugins": ["jam3"]

Warnings

gotcha Rules may not be automatically available if ESLint is installed globally but the plugin is local. ↓

fix Ensure both ESLint and the plugin are installed globally, or use npx to resolve locally.

deprecated The package has not been updated since October 2019 and may not support newer ESLint versions or React features. ↓

fix Consider migrating to more actively maintained alternatives like eslint-plugin-react or eslint-plugin-security.

breaking Plugin requires ESLint version compatible with its peer dependency (likely ESLint 4.x–6.x). ↓

fix If using ESLint 7+, this plugin may not work. Check for compatibility or use a fork.

Install

npm install eslint-plugin-jam3

yarn add eslint-plugin-jam3

pnpm add eslint-plugin-jam3

Imports

Plugin object
wrong
```
Using full name 'eslint-plugin-jam3' in plugins array without prefix
```
correct
```
plugins: ['jam3'] in .eslintrc
```
ESLint automatically resolves plugins with the 'eslint-plugin-' prefix, so only 'jam3' is needed.
Rule configuration
wrong
```
rules: { 'no-sanitizer-with-danger': 'error' }
```
correct
```
rules: { 'jam3/no-sanitizer-with-danger': 'error' }
```
Rules must be prefixed with the plugin name ('jam3/') when configured in .eslintrc.
Require (CJS) in Node.js
wrong
```
const plugin = require('jam3');
```
correct
```
const plugin = require('eslint-plugin-jam3');
```
When using programmatic API in Node.js, the full package name is required.

Quickstart

Installation and configuration of eslint-plugin-jam3 with example rules for XSS prevention.

// Install eslint and the plugin
npm install eslint eslint-plugin-jam3 --save-dev

// .eslintrc.json
{
  "plugins": ["jam3"],
  "rules": {
    "jam3/no-sanitizer-with-danger": "error",
    "jam3/no-sanitizer-window-location": "error",
    "jam3/forbid-methods": ["error", { "methods": ["innerHTML", "outerHTML"] }]
  }
}

// Run ESLint
npx eslint yourfile.jsx