lint-target-blank

0.1.1 verified Fri May 01 auth: no javascript

A lightweight linting tool for detecting the target="_blank" vulnerability in HTML anchor tags where missing rel="noopener noreferrer" allows the opened page to access the opener's window via window.opener. The package provides a simple API to parse HTML strings and return errors for insecure links. It is at version 0.1.1 with a minimal footprint and no dependencies. Compared to full-fledged HTML validators or linters like ESLint plugins, this is a focused, single-purpose module for quick checks during development or build processes.

Common errors

error TypeError: LintTargetBlank is not a constructor ↓

cause Using ES module import syntax with a CommonJS package.

fix

Use const LintTargetBlank = require('lint-target-blank'); instead of import.

error Cannot read property 'length' of undefined ↓

cause Calling `lint()` without an argument or with undefined.

fix

Always pass a string to the lint method.

Warnings

gotcha The constructor expects an options object; calling `new LintTargetBlank()` without arguments may cause runtime errors if internal code accesses properties. ↓

fix Always pass an empty object `{}` or an options object with configuration.

gotcha The `lint` method returns an array of error objects, not a boolean or count. New users may expect a different return format. ↓

fix Iterate over the returned array to access individual errors.

gotcha The package does not parse real HTML; it uses a regex-based approach that may produce false positives or miss edge cases (e.g., dynamic attributes). ↓

fix Consider using a proper HTML parser (e.g., cheerio) for more accurate linting.

Install

npm install lint-target-blank

yarn add lint-target-blank

pnpm add lint-target-blank

Imports

LintTargetBlank

wrong

import LintTargetBlank from 'lint-target-blank';

correct

const LintTargetBlank = require('lint-target-blank');

Package uses CommonJS require; no ESM exports are provided.

LintTargetBlank instance
wrong
```
const lintTargetBlank = new LintTargetBlank();
```
correct
```
const lintTargetBlank = new LintTargetBlank({});
```
Constructor expects an options object; passing no argument may cause undefined errors.
lint method
wrong
```
const errors = lintTargetBlank.lint(htmlString, callback);
```
correct
```
const errors = lintTargetBlank.lint(htmlString);
```
The lint method is synchronous and returns an array of error objects directly, not via callback.

Quickstart

Shows how to require the module, create an instance, and lint an HTML string for insecure target="_blank" links.

const LintTargetBlank = require('lint-target-blank');
const lintTargetBlank = new LintTargetBlank({});
const html = `
<div>
  <a href="https://example.com" target="_blank">Click</a>
</div>`;
const errors = lintTargetBlank.lint(html);
console.log(errors);
// Output:
// [ { line: 2, column: 16, message: 'Missing rel="noopener noreferrer" on target="_blank" link' } ]