npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

tslint-angular-security

v0.0.5

Published

Angular security rules for TSLint

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

synopsys-sigsynopsys-sig

Keywords

TSLintAngularSecurityTypeScript

Readme

Angular Security Rules for TSLint

These simple linting rules flag points of interest where a security problem may be present in TypeScript Angular code. These rules are to be used with TSLint.

Getting Started

TSLint must be installed locally in the target project. And the project must have tsconfig.json file in the root folder. Install tslint-angular-security from npm.

cd targetproject
npm init -y
npm i tslint typescript
npm i tslint-angular-security
./node_modules/tslint/bin/tslint --init

Configuration

Configure the target project tslint.json file to include the needed rules from the tslint-angular-security package.

{
  "rulesDirectory": [
    "node_modules/tslint-angular-security"
  ],

  "rules": {
    "flag-local-storage-angular-plugin": true,
    "no-bypass-security": true,
    "no-element-reference": true
  }
}

See example configuration in tslint_custom_rules.json.

Running

In the root of the target project run:

./node_modules/.bin/tslint --project tsconfig.json --config tslint.json

Warning: This repository is a work-in-progress. Things may break while we transition this project to open source. This is not an officially supported Synopsys product.

Rules

Rule Name | Description | Vulnerability | CWE :---------- | :------------ | -------------|--- no-bypass-security | Flags all calls of Angular Sanitizer functions: bypassSecurityTrustHtml, bypassSecurityTrustStyle, bypassSecurityTrustScript, bypassSecurityTrustUrl, bypassSecurityTrustResourceUrl. Angular does not apply any sanitization on the passed through these functions. | Validate that the input to these functions is tainted and that the result it written into a template.| CWE-79 no-element-reference | Flags all calls to nativeElement.innerHTML, nativeElement.outerHTML, and nativeElement.querySelector. The nativeElement property of the ElementRef class allows direct access to the DOM element. | Validate that tainted data is assigned in these calls or other element manipulations, which can lead to DOM XSS.| CWE-79 flag-local-storage-angular-plugin | Flags all calls writing data to localStorage or webStorage for plugins @ngx-pwa/local-storage and angular-webstorage-service. | Validate that the data is actually written to localStorage and not sessionStorage, and that the data is sensitive.| CWE-922

Developing

Feel free to update/add new rules in your local version. After you add/update the .ts, compile them using the TypeScript compiler from the root folder:

tsc

The compiled JavaScript files will be in the root directory. Copy them to node_modules\tslint-angular-security in the target project and use them.

Authors

  • Ksenia Peguero, Senior Research Lead @Synopsys

License

This software is released by Synopsys under the MIT license.

Acknowledgments

  • Thanks to Lewis Ardern for inspiration with his security rules for AngularJS https://github.com/LewisArdern/eslint-config-angular-security