ESLint Plugin: No HTTP Links

0.0.3 · maintenance · verified Wed Apr 22

The `eslint-plugin-no-http` package provides an ESLint rule specifically designed to prevent the use of insecure `http://` links in source code, enforcing the adoption of `https://` for better security and best practices. Its current stable version is `0.0.3`. Given the very low version number, it likely operates on a slow release cadence, receiving updates primarily for critical bug fixes or compatibility with newer ESLint versions rather than frequent feature additions. This plugin differentiates itself by its singular, focused purpose: identifying and flagging all instances of `http://` within strings, comments, or other relevant code contexts. It offers a straightforward, lightweight solution for teams looking to enforce HTTPS by default without integrating a broader, more complex set of security linting rules.

Common errors

```
ESLint: Cannot read config file: .eslintrc.js
```
cause ESLint is unable to find or parse the configuration file, possibly due to a syntax error or incorrect path.

fix Verify the `.eslintrc` file (e.g., `.eslintrc.json`, `.eslintrc.js`) exists in the project root or specified path, and its syntax is correct.
```
ESLint: Failed to load plugin 'no-http'. The plugin 'eslint-plugin-no-http' was not found.
```
cause The `eslint-plugin-no-http` package has not been installed or is not accessible in the project's `node_modules`.

fix Run `npm install eslint-plugin-no-http --save-dev` or `yarn add eslint-plugin-no-http --dev` to install the plugin.
```
ESLint: Definition for rule 'no-http/no-http' was not found.
```
cause The `no-http` plugin is listed in the `plugins` array, but the specific rule `no-http/no-http` is not correctly referenced or the plugin itself failed to load its rules.

fix Ensure `"no-http"` is in the `plugins` array and `"no-http/no-http"` is correctly spelled and configured under the `rules` section.

Warnings

gotcha This plugin is in a very early development stage (v0.0.3). While functional, it might not cover all edge cases or have extensive community support. Users should test thoroughly.
Fix: Review the plugin's source code and issues for known limitations or contribute to its development.
gotcha Ensure ESLint is installed as a `devDependency` in your project. This plugin cannot function without a compatible ESLint installation.
Fix: Run `npm install eslint --save-dev` or `yarn add eslint --dev` to install ESLint.

Install

npm install eslint-plugin-no-http npm
yarn add eslint-plugin-no-http yarn
pnpm add eslint-plugin-no-http pnpm

Imports

plugins
wrong:
```
import 'eslint-plugin-no-http'
```
correct:
```
{ "plugins": ["no-http"] }
```
ESLint plugins are configured in `.eslintrc` files, not directly imported into application code.
rules
wrong:
```
"no-http": "error"
```
correct:
```
{ "rules": { "no-http/no-http": "error" } }
```
Rules must be prefixed with the plugin name `no-http/` when configured in `.eslintrc`.

Quickstart

This ESLint configuration enables the `no-http` plugin and sets the `no-http/no-http` rule to a warning, flagging any insecure HTTP links.

{
  "env": {
    "browser": true,
    "node": true,
    "es2021": true
  },
  "extends": [
    "eslint:recommended"
  ],
  "parserOptions": {
    "ecmaVersion": "latest",
    "sourceType": "module"
  },
  "plugins": [
    "no-http"
  ],
  "rules": {
    "no-http/no-http": "warn"
  }
}

view raw JSON →