This is not an officially supported Google product.
This project is under development and is not ready for production yet.
eslint-plugin-safety-web (aka. safety-web in short) is an ESLint plugin that
works on TypeScript and JavaScript projects and surfaces security issues like
Trusted Types violations statically. This repository contains several packages.
Refer to the package specific READMEs for more information. The eslint-plugin
sources live in
packages/eslint-plugin-safety-web/.
This project uses yarn "modern" Berry (Yarn 4) with workspaces, and Node
"^20.11.0 || >21.2.0". To install the dependencies for all
workspaces:
yarnThe commands clean, build, lint, test are defined in all workspaces.
This makes it possible to run them in all workspaces:
# Build all workspaces
yarn workspaces foreach --all run build# Build-watch all TypeScript workspaces in parallel
yarn workspaces foreach -Ap run build:watchTo format the repository:
yarn format
# prettier . --writeyarn workspace eslint-plugin-safety-web run testyarn run unit_testsThe core logic behind this plugin is re-used from
tsec. The
common directory of tsec is
mirrored in packages/eslint-plugin-safety-web/src/common, as vendored
dependency.
Run tsetse_update.sh to pull the latest version of tsetse in:
bash update_tsetse.sh