24 cryptography rules. Weak algorithms. Secure random. Key management.
Quick Install
npm install --save-dev eslint-plugin-crypto
Flat Config
// eslint.config.js
import crypto from 'eslint-plugin-crypto';
export default [crypto.configs.recommended];
Run ESLint
npx eslint .
You'll see output like:
src/hash.ts
15:27 error π CWE-328 CVSS:7.5 | Weak hash algorithm: MD5
Fix: Use crypto.createHash('sha256')
src/token.ts
28:22 error π CWE-338 | Math.random() used for security
Fix: Use crypto.randomBytes(32).toString('hex')
Rule Overview
| Category | Rules | Examples |
|---|---|---|
| Hash Algorithms | 3 | MD5, SHA1, weak hash |
| Random Generation | 3 | Math.random(), predictable salt |
| Symmetric Encryption | 6 | ECB mode, static IV, weak cipher |
| Key Management | 4 | Hardcoded keys, weak key derivation |
| Timing Attacks | 1 | Unsafe string comparison |
| Key Length | 2 | Short keys, insufficient entropy |
Quick Wins
Before
// β Weak hash
crypto.createHash('md5').update(data);
// β Predictable random
const token = Math.random().toString(36);
// β ECB mode
crypto.createCipheriv('aes-256-ecb', key, null);
After
// β
Strong hash
crypto.createHash('sha256').update(data);
// β
Secure random
const token = crypto.randomBytes(32).toString('hex');
// β
GCM mode
crypto.createCipheriv('aes-256-gcm', key, iv);
Available Presets
// Security-focused configuration
crypto.configs.recommended;
// All rules enabled
crypto.configs.all;
Quick Reference
# Install
npm install --save-dev eslint-plugin-crypto
# Config (eslint.config.js)
import crypto from 'eslint-plugin-crypto';
export default [crypto.configs.recommended];
# Run
npx eslint .
π¦ npm: eslint-plugin-crypto
π Full Rule List
π grep -r "md5" in your codebase!
Top comments (0)