AWS CloudFormation Linter

Found no `super()` in constructorJS-0226 Found reassigning class membersJS-0228 Detected usage of the `any` typeJS-0323 Avoid specifying `children` when using `dangerouslySetInnerHTML`JS-0439 Debugger activation detectedJS-0005 Found the usage of undeclared variablesJS-0125 Avoid insecure HTTP header configuration for nosniffing headerJS-S1001 Avoid insecure HTTP strict transport securityJS-S1002 Avoid insecure dns prefetch control configuration for helmetJS-S1003 Found potentially unsafe deserializationJS-S1000 Usage of an insecure TLS protocol versionJS-S1009 Vulnerable VM code executionJS-S0011 JSON Web Token (JWT) not signed with a cipher algorithmJS-S1008 Potential shell argument injection vulnerabilityJS-S0010 Insecure web security preferences found in ElectronJS-S1015 Certificate validation is disabled in TLS connectionJS-S1017 Insecure express middleware pathJS-S1018 Insecure node integration preferences found in ElectronJS-S1019 Audit: Regex range is too permissiveJS-A1002 Audit: insecure assignment to `innerHTML` propertyJS-S1012 Audit: Unsanitized external input passed to a templating engine is prone to vulnerabilitiesJS-A1005 Detected Unsafe referrer policyJS-S1011 Audit: Avoid exposing server-side errors to clientJS-A1006 `ajv` configuration is vulnerable to DoS attacksJS-S1013 Array index possibly out of boundsJS-S1016 Audit: Unsanitized external input used with Electron's shell module is prone to vulnerabilitiesJS-A1007 Missing target origin in cross-origin communicationJS-S1014 Audit: Found insecure randomness in initialization of sensitive dataJS-A1000 Audit: Storing or accessing files from a publicly accessible directory is vulnerable to information disclosureJS-A1001 Audit: Unsanitized user input supplied to `cat` command is prone to command injectionJS-A1003 Audit: Unsanitized user input passed to server logsJS-A1004 Found code vulnerable to shell command injectionJS-S1010 Found hardcoded credentials in source codeJS-S1021 Strict Contextual Escaping (SCE) is disabled in AngularJSJS-S1022 Audit: Query is potentially vulnerable to SQL injectionJS-A1009 Audit: cookie in HTTP response is vulnerable to session-fixationJS-A1008 Context isolation is disabled in ElectronJS-S1020 Detected insecure whitelisting of URLs in AngularJSJS-S1023 Avoid using promises in places not designed to handle themJS-0336 Found unreachable codeJS-0025 Avoid `target='_blank'` attribute without `rel='noopener noreferrer'`JS-0422 `function` or var declarations in nested blocks is not preferredJS-0016 Detected the assignment to exportsJS-0256 Found undeclared variables in JSXJS-0423 Detected unsupported Node.js built-in APIs on the specified versionJS-0269 Found confusing multiline expressionsJS-0024 Suggest correct usage of shebangJS-0271 Prefer ES5 or ES6 class for returning value in render functionJS-0467 Reassigning function declarationsJS-0015 Global object properties should not be called as functionsJS-0020 Found `for-in` loop iterating over an arrayJS-0329 Avoid using control flow statements in `finally` blocksJS-0026 Detected the use of an `eval()`-like methodJS-0330 Found non-null assertionsJS-0339 Found constant expressions in conditionsJS-0003 Found duplicate keys in object literalsJS-0007 Found empty character classes in regular expressionsJS-0010 Left operand of relational operators should not have negationJS-0019 Avoid using sparse arrays unless necessaryJS-0023 Use `isNaN()` to check for `NaN`JS-0027 `typeof` expressions should be compared against valid stringsJS-0028 `For` loop update clause should move the counter in the correct directionJS-0029 Prefer not using an async function as a Promise executorJS-0031 Found usage of comparison with negative-zero(`-0`)JS-0033 Duplicate conditions in `if-else-if` chainsJS-0034 Unsupported ECMAScript syntaxJS-0268 Assignment to imported bindingsJS-0035 Found empty destructuring patternsJS-0058 Found duplicate class membersJS-0231 Found new operators with the `Symbol` objectJS-0233 Found `this`/`super` before calling `super()` in constructorsJS-0235 Invalid `async`/`await` callJS-0294 Use of a banned type detectedJS-0296 Found `// @ts-<directive>` commentsJS-0295 Unnecessary type assertion of an expressionJS-0349 Prefer usage of `as const` over literal typeJS-0360 Prefer that unbound methods are called with their expected scopeJS-0387 Found assignment of exceptions in catch clausesJS-0011 `Object.prototype` builtins should not be used directlyJS-0021 Found characters which are made with multiple code points in character class syntaxJS-0036 Detected import declarations which import extraneous modulesJS-0257 Found explicit type declarationsJS-0331 Missing key for the propertyJS-0414 Avoid usage of deprecated React methodsJS-0441 Avoid usage of `findDOMNode`JS-0445 Avoid usage of deprecated method `isMounted`JS-0446 Found invalid characters in markupJS-0454 Detected bin files that npm ignoresJS-0264 Detected unsupported ECMAScript built-ins on the specified versionJS-0267 Make process.exit() expressions the same code path as throwJS-0270 Should not have unused variablesJS-0128 Missing `return` statementJS-0030 Detected require() expressions which import extraneous modulesJS-0258 Detected deprecated APIsJS-0272 Duplicate case labels found in switch caseJS-0008 Returning values from settersJS-0037 Fallthrough of `case` statements foundJS-0064 `delete` operator should not be used on variablesJS-0120 Found `require()` expressions which import non-existent modulesJS-0260 Detected aliasing thisJS-0342 Detected the use of require statements except in import statementsJS-0359 Duplicate JSX properties detectedJS-0419 Marked Flow type identifiers as definedJS-0479 Found invalid file annotationJS-0501 Detected using a non-null assertion after an optional chain expressionJS-0338 Avoid weak typesJS-0491 Invalid lifecycle method in classJS-0571 Avoid `target='_blank'` attribute without `rel='noopener noreferrer'`JS-0712 Found assignment operators in conditional expressionsJS-0001 Elements cannot use an invalid ARIA attributeJS-0741 Bad usage of `RegExp#exec` and `String#match`JS-D007 Invalid lifecycle parameter nameJS-D012 Misconfigured CORS in expressJS-D002 Unused return value from `Array`/`Object` prototype methodJS-D008 Audit: Forwarding IP while setting proxies in the HTTP serverJS-D018 Disallows use of posix in regexJS-D014 Found bad matching patternJS-D006 Found weak hashing functionsJS-D003 Audit: Insecure cookieJS-D015 Unsafe permissions set on a fileJS-D017 Audit: Insecure clear text protocolJS-D019 Audit: Allowing dotfiles during static file serving can be sensitiveJS-D020 XML parsing may be vulnerable to XXE attacksJS-D022 Detected the violation of rules of hooksJS-0820 Avoid importing of test support files into non-test codeJS-W1000 Consider using `passhref` attribute with `Link` componentJS-W1020 Found non-existent assignment operatorsJS-W1033 Found usage of href with NuxtLink componentJS-W1034 Found complex boolean returnJS-W1041 Found flawed string comparisonJS-W1040 Found confusing labels inside switchJS-W1036 Found error handling middleware in productionJS-S1024 Found useless assertions in testJS-W1039 Found unhandled promiseJS-0328 Found control characters in regular expressionsJS-0004 Invalid regular expression strings present in RegExp constructorsJS-0017 Found reassigning const variablesJS-0230 Avoid direct mutation of `this.state`JS-0444 Found duplicate arguments in function definitionsJS-0006 Prevent usage of wrong DOM propertyJS-0455 Found redeclared variablesJS-0085 Unnecessary non-null assertionJS-0324 Use ES6 class for React ComponentsJS-0460 Found empty block statementsJS-0009 Detected the declaration of empty interfacesJS-0322 Found multiple spaces in RegexJS-0022 Avoid use of `==` and `!=`JS-0050 `with` statements foundJS-0100 Found Yoda conditionsJS-0104 Prevent shadowing of restricted global objects and identifiersJS-0124 Consider grouping overloaded members togetherJS-0292 Possible insertion of comments as text nodesJS-0418 Detected the use of custom TypeScript modules and namespacesJS-0337 Unused labels foundJS-0094 Use `RegExp#exec` instead of `String#match`JS-0370 Found template literal expression having a non-string typeJS-0378 Operands must both be `number`s or `string`s in addition expressionsJS-0377 Found unnecessary boolean castsJS-0012 Avoid using the return value of `ReactDOM.render`JS-0449 React must be present in scope when using JSXJS-0464 Avoid passing children as propsJS-0438 Prevent using string referencesJS-0451 Require generator functions to contain yieldJS-0247 IIFEs should be wrappedJS-0103 Avoid square-bracket notation when accessing propertiesJS-0049 Invalid definition of `new` and `constructor`JS-0335 Bad usage of triple slash directivesJS-0384 Found octal literalsJS-0081 `render` function should return valueJS-0622 Syntax errorJS-0833 Use `// @ts-expect-error` over `// @ts-ignore`JS-0372 Avoid using lexical declarations in case clausesJS-0054 Avoid `mixed` type annotationsJS-0486 Prefer type annotations in all function parametersJS-0497 Avoid having types in files where annotation is missingJS-0489 Prefer using return type annotations for functionsJS-0499 Prefer explicit role property in HTML tagsJS-0764 Element with aria-activedescendant must be tabbableJS-0740 Invalid ARIA state and/or property valuesJS-0742 Elements with ARIA roles must use a valid, non-abstract ARIA roleJS-0743 Non-visible DOM elements should not contain the `role` and/or `aria-*` propsJS-0744 The autocomplete should be correctJS-0745 Prefer to accompany `onClick` with some elementsJS-0746 Prefer to have content in heading elementsJS-0747 Prefer to have lang prop in elementsJS-0748 Prefer to have a unique title in `<iframe>`JS-0749 Prefer not to use words image, photo in image alt contentJS-0750 Interactive elements should be focusableJS-0751 Missing `<track>` in`<audio>` / `<video>` elementJS-0754 Consider using `onFocus/onBlur` with `onMouseOver/onMouseOut` eventJS-0755 Prefer that no distracting elements are usedJS-0758 Non-interactive elements assigned mouse/keyboard event listenersJS-0760 `tabIndex` declared on a non-interactive elementJS-0762 Prefer that non-interactive, visible elements (such as <div>) that have click handlers use the role attributeJS-0765 Elements with ARIA roles must have all required attributes for that roleJS-0766 Prefer that elements with explicit or implicit roles defined contain only aria-* properties supported by that roleJS-0767 Prefer `tabIndex` value is not greater than zeroJS-0769 Prefer meaningful alternative textJS-0737 Prefer that `autoFocus` prop is not used on elementsJS-0757 `label` tags should have a text label and an associated controlJS-0752 `accessKey` property usedJS-0756 Interactive elements should not be assigned non-interactive rolesJS-0759 Non-interactive elements should not be assigned interactive rolesJS-0761 Prefer `readonly` React propsJS-0498 Prefer that anchors have content and the content is accessible to screen readersJS-0738 Use valid anchorsJS-0739 The `scope` scope should be used only on `<th>` elementsJS-0768 Invalid suffix in `@Directive`JS-0598 Invalid naming of directive outputsJS-0574 Missing Banana-in-a-box template syntaxJS-0577 Missing `PipeTransform` interfaceJS-0595 `@Input` is renamedJS-0585 Missing `sandbox` in iframeJS-D010 Invalid async pipeJS-0578 Invalid `.charAt` comparisonJS-D013 Detected calls to `buffer` with `noAssert` flag setJS-0822 Found duplicate assignmentsJS-W1032 Found unused objectsJS-R1002 Call to Function objectJS-R1003 Invalid custom TypeScript modules declarationJS-0364 Logical operator can be refactored to optional chainJS-W1044 Found redundant literal in a logical expressionJS-W1043 Found trailing undefined in function callJS-W1042 Found redundant return statementJS-W1045 Found control characters in regular expressionJS-W1035 Found control characters in regular expressionJS-W1037 Useless template literal foundJS-R1004 Too many arguments passed to function callJS-W1038 Prefer a consistent naming pattern for type aliasesJS-0509 Invalid variable usageJS-0043 Accessed object properties are restrictedJS-0110 Avoid using `this.state` inside `this.setState()`JS-0435 Deprecation of number (keycode) modifiersJS-0656 Found deprecated `*` existential typeJS-0484 Avoid having unused expressionsJS-0490 Unsafe content security policyJS-D024 Found `key` attribute on `<template v-for>`JS-V001 Invalid lifecycle hooksJS-V006 Found empty lifecycle methodsJS-0604 Avoid the use of `Buffer()` and `Buffer#allocUnsafe()`JS-D025 Found `this` in props default functionsJS-V003 Invalid destructuring of `props`JS-V005 Unsafe argument to `child_process`JS-D023 Avoid using the `Buffer()` constructorJS-D026 Found usage of deprecated `javascript:` URLsJS-0421 Race condition in compound assignmentJS-0040 Avoid using dangerous JSX propertiesJS-0440 Typo in class properties and lifecycle methodsJS-0453 Avoid using an element's index as the `key` propJS-0437 Avoid using `console` in code that runs on browserJS-0002 Missing default values for non-required propertiesJS-0391 Avoid `.bind()` or local functions in JSX propertiesJS-0417 Avoid using `setState` in `componentDidMount`JS-0442 Missing `async` on `Promise` methodsJS-0373 Detected the use of variables before they are definedJS-0357 Restricted global variables being usedJS-0122 Found no return statements in callbacks of array methodsJS-0042 Found unsafe function declarationsJS-0073 Assignment found where both sides are exactly the sameJS-0088 Infinite loop conditionsJS-0092 Detected duplicate class membersJS-0319 Error objects should be used as Promise rejection reasonsJS-0114 Variable used before definitionJS-0129 Found duplicate module importsJS-0232 Detected the use of classes as namespacesJS-0327 Found `parseInt()` and `Number.parseInt()` for number literalsJS-0253 Detected new operators with calls to requireJS-0261 Detected string concatenation with __dirname and __filenameJS-0262 Detected the use of process.exit()JS-0263 Default parameters should be placed after non-default onesJS-0302 Prevent conditionals where the type is always truthy or always falsyJS-0346 Prefer that type arguments will not be used if not requiredJS-0348 Found unused variables in TypeScript codeJS-0356 Use `includes` method over `indexOf` methodJS-0363 Use nullish coalescing operator `??`JS-0365 `Array#sort` must have a compare functionJS-0375 Type annotations should existJS-0386 Avoid using `setState` in `componentWillUpdate`JS-0459 Detected Forbidden elementsJS-0396 Found unnecessary fragmentsJS-0424 Avoid usage of `setState` in `componentDidUpdate`JS-0443 Avoid usage of `shouldComponentUpdate`JS-0448 Avoid using unsafe lifecycle methodsJS-0456 `eval()` should not be usedJS-0060 Value should not be returned in constructorJS-0109 Found useless backreferences in regular expressionsJS-0039 Require error handling in callbacksJS-0254 Ensure Node.js-style error-first callback pattern is followedJS-0255 Detected unused variables and argumentsJS-0355 Found template literal placeholder syntax in regular stringsJS-0038 Unnecessary `return await` function foundJS-0111 Consider using `let` or `const` instead of `var`JS-0239 Non-existent module importedJS-0259 Private members should be marked as `readonly`JS-0368 Detected Forbidden foreign propTypesJS-0397 Prefer to forbid certain propTypesJS-0398 Prevent usage of string literals in JSXJS-0420 Prevent void DOM elements from receiving childrenJS-0474 Found invalid `v-cloak` directivesJS-0630 Deprecation of `.native` modifiersJS-0655 `emits` validator does not always return a boolean valueJS-0660 Should have valid `.sync` modifier on `v-bind` directivesJS-0665 Use `$Exact` to make type spreading safeJS-0508 Computed property should have property dependenciesJS-0813 Prefer having a valid `v-for` directiveJS-0633 Custom modifiers on `v-model` should not used on the componentJS-0662 Should not use JQueryJS-0793 Found invalid `v-model` directivesJS-0636 Deprecation of functional templateJS-0648 Avoid usage of deprecated `$on`, `$off`, `$once` in events apiJS-0646 Avoid using deprecated lifecycle hooksJS-0643 Should not use legacy test waitersJS-0794 Disallow unnecessary `<template>`JS-0691 Avoid overwriting reserved keysJS-0613 Found invalid `v-once` directivesJS-0638 Duplicate conditions in `v-if` / `v-else-if`JS-0609 Found invalid `v-if` directivesJS-0635 Avoid mutation of component propsJS-0611 Parsing errors detected in `<template>`JS-0612 Avoid mutating variables inside computed propertiesJS-0615 Disallow unsupported Vue.js syntax on the specified versionJS-0714 Prefer prop type to be a constructorJS-0621 Always use `key` with `v-for`JS-0623 Deprecation of Object Declaration on `data`JS-0629 Avoid usage of deprecated `$listeners` on `v-on`JS-0644 Found invalid `v-html` directivesJS-0634 Found invalid `v-on` directivesJS-0637 Found invalid `v-pre` directivesJS-0639 Found invalid `v-show` directivesJS-0640 Found invalid `v-slot` directivesJS-0641 Deprecation of `destroyed` and `beforeDestroy` lifecycle hooksJS-0647 Found invalid `v-text` directivesJS-0642 Avoid usage of deprecated `$scopedSlots`JS-0645 Disallow adding an argument to `v-model` used in custom componentJS-0664 Deprecation of `slot-scope` attributeJS-0653 Deprecation of `.sync` modifier on `v-bind` directiveJS-0654 Deprecation of `Vue.config.keyCodes`JS-0657 Should not use `this._super`JS-0782 Found Ember's debug functions in wrong orderJS-0790 Should not use side effectsJS-0804 Use interpolation expressions instead of the `v-html` attributeJS-0693 Detected non-null assertion in locations that may be confusingJS-0318 Avoid having duplicate attributesJS-0610 Deprecation of `is` attribute on HTML elementsJS-0649 Deprecation of inline-template attributeJS-0650 Require control the display of the content inside `<transition>`JS-0659 Found duplicate properties in `Object` annotationsJS-0483 Avoid typos when naming methods defined on the scope objectJS-0513 Prefer to use `$window` instead of `window`JS-0569 Found `this` keyword outside of classesJS-B002 Prevent assigning modules to variablesJS-0515 Use of controllers is discouragedJS-0525 Avoid usage of deprecated `$http` methods `success()` and `error()`JS-0532 Avoid using angular properties prefixed with `$$`JS-0516 Found empty controllersJS-0524 Found impure pipesJS-0575 Use one component per fileJS-0517 Deprecated directive replace propertyJS-0531 Unittest `inject` functions should only consist of assignments from injected values to describe block variablesJS-0546 Use `angular.forEach` instead of native `Array.prototype.forEach`JS-0556 Prefer to use `angular.isString` instead of `typeof` comparisonsJS-0568 Check for common misspellings of `$on(‘destroy’, …)` for angularJS-0570 Prefer `Session.equals` in conditionsJS-0732 Found `key` of `<template v-for>` on childJS-V002 Unused expressions foundJS-B003 Invalid `ref` as operandJS-V004 Invalid `watch` functionJS-V007 Invalid calls after `await`JS-V014 Detected wrapping of angular.element objects with jQuery or $JS-0561 Avoid direct use of `this` in controllersJS-0519 `<a>` tag used without a `Link` componentJS-W1014 Avoid using `process.server`, `process.client` and `process.browser` in client side hooksJS-E1000 Avoid using `window/document` in `created/beforeCreate` hooksJS-E1001 `next/document` import detected outside of `pages/_document.js`JS-E1002 `next/head` import detected in `pages/_document.js`JS-E1003 Avoid using `this` in `asyncData` and `fetch` hooksJS-W1011 Avoid using `setTimeout/setInterval` in `asyncData/fetch`JS-W1012 Avoid using deprecated or outdated librariesJS-S1005 Use of deprecated `context` methods detectedJS-W1008 Disable `X-POWERED-BY` HTTP headerJS-S1004 Found import declaration with no export nameJS-E1007 Found mutable exportsJS-E1009 Found unresolved module being referenced in import statementsJS-E1010 Use of comma or logical OR operators in switch casesJS-W1030 Use `head` property in component as a functionJS-W1013 Properties of `$slots` should be used as a functionJS-0658 Use of deprecated `$cookieStore`JS-0530 Comparisons found where both the sides are exactly the sameJS-0089 Forbid certain props on DOM NodesJS-0395 Found `$FlowFixMe` commentsJS-0485 Avoid having repeated named exports or default exportsJS-E1004 Void operators foundJS-0098 Found short variable nameJS-C1002 Prefer not to declare variables in global scopeJS-0067 Prefer not to extend native typesJS-0061 Validation of JSX maximum depthJS-0415 Found unused expressionsJS-0093 Use `for-of` loop for arrayJS-0361 Local variable name shadows variable in outer scopeJS-0123 Usage of comma operators should be avoidedJS-0090 Consider using arrow functions for callbacksJS-0241 Detected the `delete` operator with computed key expressionsJS-0320 Getter without a setter pair in objectsJS-0041 Use shorthand property syntax for object literalsJS-0240 Prefer the usage of regular expression literals over the `RegExp` constructorJS-0115 Detected the use of `alert`, `confirm` and `prompt`JS-0052 `arguments.caller` or `arguments.callee` should not be usedJS-0053 Unnecessary calls to `.bind()`JS-0062 Found leading or trailing decimal points in numeric literalsJS-0065 The use of the `__iterator__` property is not preferredJS-0070 Found labeled statementsJS-0071 Found some unnecessary nested blocksJS-0072 Found `new` operators with the `String`, `Number` and `Boolean` ObjectsJS-0080 Usage of octal escape sequences in string literals is not preferredJS-0082 Assignment operators should not be used in return statementsJS-0086 Inconsistent use of the radix argument when using `parseInt()`JS-0101 Prefer var declarations be placed at the top of their scopeJS-0102 Class methods should utilize `this`JS-0105 Prefer grouped accessor pairs in object literals and classesJS-0107 `async function` should have `await` expressionJS-0116 Prefer adding `u` flag in regular expressionsJS-0117 Found `undefined` as an IdentifierJS-0127 Module imported is not necessaryJS-0234 Found unnecessary computed property keys in object literalsJS-0236 Found unnecessary constructorsJS-0237 Found redundant naming for modulesJS-0238 Require rest parameters instead of argumentsJS-0244 Require template literals instead of string concatenationJS-0246 Use sorted import declarations within modulesJS-0249 Require symbol descriptionJS-0250 Detected usage of void type outside of generic or return typesJS-0333 Detected throwing literals as exceptionsJS-0343 Detected a namespace qualifier is unnecessaryJS-0347 Found interfaces with call signaturesJS-0362 Use type parameter when calling `Array#reduce`JS-0369 Exhaustiveness checking in switch with union typeJS-0383 Unnecessary calls to `.call()` and `.apply()` foundJS-0095 Unnecessary `catch` clauses foundJS-0112 Use `const` declarations for variables that are never reassignedJS-0242 Detected generic Array constructorsJS-0316 `.toString()` is only called on objects which provide useful information when stringifiedJS-0317 Found unused expressions in TypeScript codeJS-0354 Prefer using self closing instead of closing tag for components having no childrenJS-0468 Avoid using `this` in stateless functional componentsJS-0452 Definitions for unused `propTypes` detectedJS-0457 Definitions for unused states detectedJS-0458 Prefer state initialization styleJS-0471 Ensure `style` attribute is an `Object`JS-0473 Either all code paths should have explicit returns, or none of themJS-0045 Found shorthand type coercionsJS-0066 Unnecessary concatenation of literals or template literals foundJS-0096 `eval()`-like methods should not be usedJS-0068 Use `String#startsWith` and `String#endsWith`JS-0371 Invalid `async` keywordJS-0376 Detected unnecessary constructorsJS-0358 Found magic numbersJS-0074 Prefer consistent naming for boolean propsJS-0389 No default cases in switch statementsJS-0047 Prefer that `for-in` loops should include an `if` statementJS-0051 Found unnecessary `else` blocksJS-0056 Found empty functionsJS-0057 Unnecessary labelsJS-0063 The usage of `javascript:` urls is not recommendedJS-0087 Found warning comments in codeJS-0099 Usage of `strict` mode against recommended approachJS-0118 Initialization in variable declarations against recommended approachJS-0119 Variables should not be initialized to `undefined`JS-0126 Require spread operators instead of .apply()JS-0245 Consider using dot notationJS-0303 Detected unnecessary equality comparisons against boolean literalsJS-0345 Bad function overloadingJS-0388 Prefer boolean attributes notation in JSXJS-0400 Prefer shorthand form for react fragmentsJS-0410 Consider Using `PascalCase` for user-defined JSX componentsJS-0426 Avoid using spreading operator for JSX propsJS-0428 Found invalid `v-bind` directiveJS-0628 Prefer having synchronous computed propertiesJS-0607 Found invalid `v-else-if` directivesJS-0631 Should have valid `v-is` directivesJS-0661 Should have order of component top-level elementsJS-0690 Should have inheritAttrs to be set to false when using v-bind=`$attrs`JS-0703 Disallow the `<template>` `<script>` `<style>` block to be emptyJS-0704 Disallow using components that are not registered inside templatesJS-0713 The usage of `__proto__` property is not recommendedJS-0084 Disallow to pass multiple arguments to scoped slotsJS-0692 Should not use Arrow functionsJS-0774 Should not use `.on()`JS-0800 Migrate `ember-data` to `@ember-data`JS-0818 Incorrect computed macrosJS-0789 Avoid using `this.attrs` to denote propertiesJS-0776 Deprecation of `scope` attributeJS-0651 Use valid `lang` value on `html` attributeJS-0753 Duplication of field names is not allowedJS-0608 Should not use ObserversJS-0798 Don't use constructs or configuration that use the restricted resolver in testsJS-0803 Don't use Ember's `function` prototypeJS-0784 Disallow variable declarations from shadowing variables declared in the outer scopeJS-0679 Should not use `pauseTest()` in testsJS-0801 Found usage of deprecated `get/getProperties` on Ember ObjectsJS-0786 Disallow specific attributeJS-0709 Require emits option with name triggered by `$emit()`JS-0688 Should not use `getWithDefault`JS-0785 Missing `_super` in `init` lifecycle hooksJS-0815 Don't use import paths from `ember-cli-shims`JS-0799 Throwing literals as exceptions is not recommendedJS-0091 Default parameters should be defined at the lastJS-0106 Prefer Ember test helpersJS-0811 Props are not `read-only`JS-0461 Prefer having type alias for all union and intersection typesJS-0493 Avoid the usage of primitive constructor typesJS-0488 Prefer using exact object typesJS-0494 Require inexact object typesJS-0496 Use `v-bind:is` in `<component>` elementsJS-0620 Prefer using `kebab-case` for custom event namesJS-0605 Prefer function as component's `data` propertyJS-0614 Found mustaches in `<textarea>`JS-0617 Found unused registered components in templatesJS-0618 Avoid using `v-if` on the same element as `v-for`JS-0619 Found invalid `v-else` directivesJS-0632 Disallow unnecessary route `path` optionJS-0809 Invalid use of test waitersJS-0792 Prefer each component to be in its own fileJS-0680 Require type definitions in propsJS-0683 Prefer default value for propsJS-0682 Disallow specific component optionJS-0708 Should not use `component#sendAction`JS-0771 Don’t use jQuery without the Ember Run LoopJS-0772 Should not use assignment on untracked propertyJS-0775 Should not use `attrs` in ember hooksJS-0777 Should not use controller in routesJS-0779 Avoid using `@each` in deeply nested computed propertyJS-0780 `Ember.testing` not allowed in modules scopeJS-0783 Incorrect calls with inline anonymous functionsJS-0788 Invalid Dependent KeysJS-0791 Should not use mixinsJS-0795 Do not use global `$` or `jQuery`JS-0787 Should not use `setupOnerror` in `before`/`beforeEach`JS-0797 Should use `async/await`JS-0805 No importing of test filesJS-0806 Use `module` instead of `moduleFor`JS-0807 Should not use Volatile Computed PropertiesJS-0810 Should use computed macrosJS-0812 Always return a value from a computed property functionJS-0814 Use `render`/`clearRender` instead of `this.render`/`this.clearRender`JS-0808 Should use snake case for dynamic route segmentsJS-0816 Indexers must be declared with key nameJS-0495 Avoid using arrow functions to define watcherJS-0606 Deprecation of `slot` attributeJS-0652 Disallow specific argument in `v-bind`JS-0710 Should not use arrays and Objects as default propertiesJS-0819 Prefer having a consistent component name patternJS-0538 Require and specify a prefix for all controller namesJS-0535 Require and specify a prefix for all value namesJS-0543 Specify a consistent function style for componentsJS-0547 Inconsistent order of module dependenciesJS-0548 Use `angular.isDefined` and `angular.isUndefined` instead of other undefined checksJS-0554 Found `ViewEncapsulation.None`JS-0593 Missing component selectorJS-0592 Require DI parameters to be sorted alphabeticallyJS-0544 Prefer using the `$log` service instead of the console methodsJS-0559 Found unused dependency injection parametersJS-0522 Avoid using deprecated template lifecycle callback assignmentsJS-0728 Found DI of specified servicesJS-0528 Invalid restrict option for directiveJS-0523 Prefer using `angular.isNumber` instead of `typeof` comparisonsJS-0566 Prefer the use of `===` and `!==` over `==` and `!=`JS-V009 Use reference modules with the getter syntaxJS-0514 Use `angular.element` instead of `$` or `jQuery`JS-0553 Use `$document` instead of `document`JS-0555 Specify consistent use of `$scope.digest()` or `$scope.apply()`JS-0552 Cyclomatic complexity is more than allowed for the templateJS-0590 Ensure `controllerAs` syntax in routes or statesJS-0518 Avoid assignments to `$scope` in controllersJS-0520 Found complex run functionsJS-0527 Prefer having a prefix for all component namesJS-0533 Specify a prefix for all constant namesJS-0534 Prefer having a prefix for all directive namesJS-0536 Prefer having a prefix for all factory namesJS-0537 Prefer having a prefix for all filter namesJS-0539 Prefer having a prefix for all module namesJS-0540 Require and specify a prefix for all provider namesJS-0541 Require and specify a prefix for all service namesJS-0542 use `factory()` instead of `service()`JS-0549 Require all DI parameters to be located in their own lineJS-0550 Specify one of '$http', '$resource', 'Restangular'JS-0551 Use `$interval` instead of `setInterval`JS-0557 Consider using `ofangular.fromJson` and `angular.toJson`JS-0558 `angular.mock` method can be used directlyJS-0560 Prefer using `$timeout` instead of `setTimeout`JS-0562 Prefer to use `angular.isArray` instead of `typeof` comparisonsJS-0563 Prefer to use `angular.isFunction` instead of `typeof` comparisonsJS-0565 Prefer to use `angular.isObject` instead of `typeof` comparisonsJS-0567 `@Attribute` decorator should not be usedJS-0572 Prevent explicit calls to lifecycle methodsJS-0573 Missing `ChangeDetectionStrategy.OnPush` for angular codebaseJS-0576 Missing `providedIn` propertyJS-0579 Disallows usage of forwardRefJS-0583 Disallowed prefix for input namesJS-0584 Missing `@Pipe` decoratorJS-0594 Prefer using `Meteor.defer` over `Meteor.setTimeout`JS-0729 Should have check on all arguments of methods and publish functionsJS-0726 Should not use global `$()` JqueryJS-0734 Prevent DOM lookup in template `onCreated` callbackJS-0735 Require template literals instead of string concatenationJS-V011 Require a consistent DI syntaxJS-0545 Prefer to use `angular.isDate` instead of `typeof` comparisonsJS-0564 Prefer to use dot notation whenever possibleJS-V008 Avoid use of inline HTML templatesJS-0526 Missing `readonly` for `@Output`JS-0588 Should not use template `parentData()`JS-0736 Should not use global `Session`JS-0727 Found anonymous functionsJS-D004 Avoid using multiline stringsJS-C1000 Documentation comments not found for functions and classesJS-D1001 Avoid using on commonjs in `nuxt.config.js`JS-W1007 Duplicate `polyfills` from `Polyfill.io`JS-P1002 Found disabled `EXPECT-CT` HeaderJS-S1006 Found invalid css selector in test helpersJS-W1004 Consider using `preconnect` with Google FontsJS-W1010 Avoid using the `<img>` tagJS-W1015 Synchronous script loading detectedJS-W1017 Avoid using `<title>` with `Head` from `next/document`JS-W1018 Avoid adding stylesheet manuallyJS-W1021 Multiple `<Head>` detected in `pages/document.js`JS-W1023 Bad collection size comparisonJS-W1031 Avoid using `settled()` after `ember-test-helpers`JS-P1000 Found empty glimmer component classesJS-P1001 Found deprecated function `tryInvoke()`JS-W1001 Found duplicate routing pathsJS-W1002 Found deprecated Ember string prototype extensive methodsJS-W1003 Avoid using `currentRouteName()` test helperJS-W1005 Using `fetch()` without importing moduleJS-W1006 Found unsafe method `htmlSafe()`JS-S1007 Found unnecessarily complex import statementJS-C1001 Use shorthand promise methodsJS-C1004 Found multiple import of the same pathJS-R1000 Intersection or union definition have duplicate typesJS-T1000 Use default imports for only default exportsJS-W1028 Found usage of deprecated nameJS-W1029 Avoid using wildcard importsJS-C1003 Found usage of exported name as property of default importJS-P1003 Self import detectedJS-R1001 Optional property in interface has an 'undefined' typeJS-T1001 Function with cyclomatic complexity higher than thresholdJS-R1005 Require a name property in Vue componentsJS-0720 Disallow the use of reserved names in component definitionsJS-0707 Disallow unused propertiesJS-0715 Disallow unnecessary `v-bind` directivesJS-0717 Prefer not to use labels that share a name with a variableJS-0121 Should not use `needs` to load other controllersJS-0770 Detected empty functionsJS-0321 Prefer event handler naming conventions in JSXJS-0411 Prefer the use of `$ReadOnlyArray` instead of `Array`JS-0487 Found unnecessary escape charactersJS-0097 Inconsistent font-display for Google FontsJS-W1009 Found division operators explicitly at the beginning of regular expressionsJS-0055 Require `$on` and `$watch` deregistration callbacks to be saved in a variableJS-0529 Disallow unnecessary mustache interpolationsJS-0716 Assignments to native objects or read-only global variables is not preferredJS-0077

JS-S1015

Insecure web security preferences found in ElectronJS-S1015

Critical

Security

a03, cwe-79, 2021, sans-top-25, owasp-top-10

Setting webSecurity property to false, or allowRunningInsecureContent to true in an Electron renderer process like BrowserWindow or BrowserView disables crucial security features. By default, the webSecurity property is always true and the allowRunningInsecureContent property is always false.

Disabling webSecurity will disable the same-origin policy, and set allowRunningInsecureContent to true. This can lead to execution of insecure code from different domains.

Electron has a security feature that prevents websites loaded over HTTPS from running scripts, CSS, or plugins from insecure (HTTP) sources. However, this protection can be disabled by setting the property allowRunningInsecureContent to true. Loading content over HTTPS provides authenticity and integrity of resources as well as encryption of the traffic.

Bad Practice

const { BrowserWindow } = require('electron')
const mainWindow = new BrowserWindow({
  webPreferences: {
    webSecurity: false, // `webSecurity` should not be set to false
    allowRunningInsecureContent: true // `allowRunningInsecureContent` should not be set to true
  }
})

Recommended

const { BrowserWindow } = require('electron')
const mainWindow = new BrowserWindow({
  // alternatively: Do not set these properties in the preferences object, as they're configured correctly by default.
  webPreferences: {
    webSecurity: true,
    allowRunningInsecureContent: false
  }
})

References