In an effort to improve eslint-plugin-next, I am looking to introduce additional ESLint rules. Below are some proposed rules to get started. Please feel free to add any ideas or suggestions in the comments!
Proposed Rules
- no-insecure-randomness
Description: Prevents the use of insecure randomness methods, such as Math.random(), for applications where cryptographic security is required (e.g., token generation, unique identifiers in secure contexts).
Example Violation: Using Math.random() in code where unpredictable, secure random values are needed.
Suggested Fix: Encourage the use of crypto.randomUUID() or other secure randomness libraries (e.g., crypto.randomBytes() in Node.js) instead of Math.random().
Feedback and Suggestions
I'd love to hear from you! If you have additional ideas for ESLint rules that would help improve security or code quality, please share them below 😃
In an effort to improve eslint-plugin-next, I am looking to introduce additional ESLint rules. Below are some proposed rules to get started. Please feel free to add any ideas or suggestions in the comments!
Proposed Rules
Description: Prevents the use of insecure randomness methods, such as Math.random(), for applications where cryptographic security is required (e.g., token generation, unique identifiers in secure contexts).
Example Violation: Using Math.random() in code where unpredictable, secure random values are needed.
Suggested Fix: Encourage the use of crypto.randomUUID() or other secure randomness libraries (e.g., crypto.randomBytes() in Node.js) instead of Math.random().
Feedback and Suggestions
I'd love to hear from you! If you have additional ideas for ESLint rules that would help improve security or code quality, please share them below 😃