Developer builds ESLint plugin to auto-catch common TypeORM security and data bugs
A developer frustrated with manually catching recurring TypeORM vulnerabilities during code reviews built an open-source ESLint plugin called eslint-plugin-typeorm-enterprise. The plugin targets dangerous patterns such as raw SQL injection via string interpolation, unsafe QueryBuilder operations without WHERE clauses, writes outside transactions, and missing tenant filters in multi-tenant apps. These issues are described as mechanical and consistent enough to be reliably detected by static analysis on every commit, rather than relying on human reviewers. The plugin ships with ten rules organized into recommended, strict, performance, and multiTenant configs, requires no type setup, and is compatible with ESLint 9 and oxlint. It is available on npm and GitHub, with the author welcoming rule suggestions and false-positive reports from the community.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in