SShortSingh.
Back to feed

Developer builds ESLint plugin to auto-catch common TypeORM security and data bugs

0
·1 views

A developer frustrated with manually catching recurring TypeORM vulnerabilities during code reviews built an open-source ESLint plugin called eslint-plugin-typeorm-enterprise. The plugin targets dangerous patterns such as raw SQL injection via string interpolation, unsafe QueryBuilder operations without WHERE clauses, writes outside transactions, and missing tenant filters in multi-tenant apps. These issues are described as mechanical and consistent enough to be reliably detected by static analysis on every commit, rather than relying on human reviewers. The plugin ships with ten rules organized into recommended, strict, performance, and multiTenant configs, requires no type setup, and is compatible with ESLint 9 and oxlint. It is available on npm and GitHub, with the author welcoming rule suggestions and false-positive reports from the community.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer Builds AI Tutor Designed to Guide Coders Without Writing Code for Them

A developer named InferHaven shared a project on DEV Community on July 16 called InferHaven, an AI-powered coding tutor. Unlike conventional AI tools, this tutor is deliberately designed to refuse writing code directly for users. The goal is to promote active learning by guiding students through problem-solving rather than providing ready-made solutions. The project was shared under topics including AI, learning, and coding, and takes approximately five minutes to read.

0
ProgrammingDEV Community ·

Solana Bootcamp Arc 11: How Cross-Program Invocations Enable Composable Programs

Arc 11 of the Solana developer bootcamp covered Days 71–77 of Epoch 3, focusing on Cross-Program Invocations (CPIs), which allow one Solana program to call another within the same transaction. CPIs are central to Solana's composability, as programs like the System Program and Token-2022 each own and enforce rules over specific operations, requiring other programs to invoke them rather than replicate their logic. The arc began with a simple SOL transfer exercise where an Anchor program delegated the actual transfer to the System Program instead of modifying balances directly. A key security principle explored was that CPIs cannot escalate account privileges — writable access and signer authority must already exist in the original transaction. Later sessions extended the model to token minting, introducing Program Derived Addresses as a source of signing authority for inner calls.

0
ProgrammingDEV Community ·

Why AI Agents Get Stuck Repeating or Reversing Actions Instead of Finishing

AI agents operating on multi-step tasks often lack two critical built-in capabilities: knowing when a task is truly complete and recognizing when a current approach has stopped working. This structural gap leads to two common failure modes — retry loops, where an agent repeats the same failed action expecting a different result, and oscillation, where it alternates between states and undoes its own progress. Retry loops stem from misread failures, absent failure memory, and overconfidence in the original plan, while oscillation arises from conflicting objectives, lack of persistent work memory, or inconsistent tool feedback. Oscillation is particularly difficult to detect because no single action repeats — only the broader pattern across multiple steps reveals the problem. Experts suggest that explicitly tracking progress and designing clear exit conditions into agent loops are more effective solutions than simply imposing a blunt turn or timeout limit.

0
ProgrammingDEV Community ·

BIP-110 Soft Fork to Restrict Bitcoin Ordinals Data Faces Near-Certain Failure

BIP-110, a proposed temporary Bitcoin soft fork, aims to cap arbitrary witness data at 42 bytes per input, which would effectively block Ordinals-style inscriptions for one year. The proposal carries an August 2026 activation deadline and relies on the BIP 9 mechanism, requiring 95% of blocks in a 2,016-block window to signal miner support. As of now, miner signaling stands at virtually zero, making the proposal's failure almost inevitable. BIP-110 specifically targets the OP_FALSE OP_IF envelope that Ordinals uses to embed data within tapscript witnesses. Despite its expected failure, the proposal offers developers a practical case study in how Bitcoin soft fork activation and miner signaling mechanics actually function.