ESLint Plugin Literal Blacklist

raw JSON →
1.2.0 verified Sat Apr 25 auth: no javascript

An ESLint micro plugin (v1.2.0) that allows you to define a blacklist of strings (string or regex) or objects with custom messages and ignoreCase option in literal expressions. No recent updates, simple rule set. Differentiators: lightweight, supports regex and custom messages per rule, minimal configuration.

error ESLintError: Failed to load plugin 'literal-blacklist': Cannot find module 'eslint-plugin-literal-blacklist'
cause Plugin not installed or installed as devDependency but not in right place.
fix
Run npm install eslint-plugin-literal-blacklist --save-dev from project root.
error Configuration for rule "literal-blacklist/literal-blacklist" is invalid: Severity should be one of the following: 0 = off, 1 = warn, 2 = error (you passed '"error"').
cause Using numeric severity as a string or vice versa in old ESLint versions.
fix
Use integer severity: [2, ['bad']] or standard ESLint expects either 0/1/2 or 'off'/'warn'/'error'. Some config parsers may be picky. Try: ['error', ['bad']].
error Error: Invalid term in literal-blacklist rule: expected a string or object with term property.
cause Passed something other than string, RegExp, or object.
fix
Ensure each entry in the array is a string, a RegExp, or an object with a 'term' string property.
gotcha Rule applies to all string literals, including in template literals and object property values, but not to comments or identifiers.
fix Be aware that only literal expressions (AST Literal nodes) are checked; template literals with expressions are partially checked.
gotcha The ignoreCase option only works when you provide an object with { term: 'string' } — not with regex or plain strings.
fix Use object form with 'ignoreCase: true' for case-insensitive matching of string terms. Regex already supports case-insensitive flags (/pattern/i).
gotcha Term objects with 'term' property must be strings; if you pass a regex as term it will be converted to string via toString, likely breaking.
fix Use regex directly in the array, not inside an object's term property. Example: [2, [/bad/i]] works.
npm install eslint-plugin-literal-blacklist
yarn add eslint-plugin-literal-blacklist
pnpm add eslint-plugin-literal-blacklist

Shows installation and ESLint rule configuration with string, regex, and object with custom message and ignoreCase.

// Install: npm install eslint-plugin-literal-blacklist --save-dev
// .eslintrc.js
module.exports = {
  plugins: ['literal-blacklist'],
  rules: {
    'literal-blacklist/literal-blacklist': ['error', [
      'badword',
      /^secret_/,
      { term: 'password', message: 'Avoid using password literal', ignoreCase: true }
    ]]
  }
};