You-Dont-Need-Lodash-Underscore
eslint-plugin-no-unsanitized
You-Dont-Need-Lodash-Underscore | eslint-plugin-no-unsanitized | |
---|---|---|
25 | 2 | |
18,437 | 216 | |
0.4% | 0.9% | |
6.2 | 4.6 | |
21 days ago | 12 days ago | |
JavaScript | JavaScript | |
MIT License | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
You-Dont-Need-Lodash-Underscore
- What are some of the best libraries you cannot work without?
-
[AskJS] I love new javascript frameworks and libraries. What are some cool ones?
These are all really outdated tips. Moment is deprecated and it is recommended to use dayJs or date-fns. Lodash is discouraged because it has a huge bundle size and nowadays you will find native functions which do most of the things people have used lodash before. https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore
-
No Lodash
https://github.com/you-dont-need/You-Dont-Need-Lodash-Unders... seems to be a more readable alternative to this website.
- An NPM package that you love and a package that you hate
-
Migrate jQuery to VanillaJS - UpgradeJS.com
Adjacently useful is https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore
-
What are your favorite, must-have packages when you're creating a project?
I never used lodash but I found this. Might interest you.
- How to Use Lodash in Svelte?
- Help! I removed unused node modules packages and I optimized the imports but the bundle size does not changed
-
I once tried not to use date-fns
In one of my team's Pull Requests I noticed date-fns being added as dependency for our components library for one usage: transform a timestamp to "MM/yy" string, as it represented a debit card's expiration date. Inspired by You don't (may not) need lodash/underscore, I thought to myself - can't we just implement a 2-digit month and 2-digit year formatting? It looks simple, right?
-
Lodash
Yes and no. We did but are converting to in-house code since most Lodash functions are already available as native JS and/or @babel/preset-env + core-js@latest (see: You don't need Lodash).
eslint-plugin-no-unsanitized
-
Escaping user input is ridonkulously hard
Prevent any uses of setting innerHTML or similar functions e.g. via an eslint plugin.
-
HTML Sanitizer API
Great point!
It wanted to edit the comment to change (1) to (server/client) but I passed my edit timeout.
I would include your (5) within (1). `textContent` and other DOM methods like `setAttribute` are effectively secure output-escaping on the client.
Your (5a) is an excellent extra measure. In this area, I'd also add security-focused linting for (1) and (5)–e.g. for (5), to ensure secure DOM methods are used, I use Mozilla's `eslint-plugin-no-unsanitized`[0] plugin for all my personal & work projects.
[0] https://github.com/mozilla/eslint-plugin-no-unsanitized/
What are some alternatives?
just - A library of dependency-free JavaScript utilities that do just one thing.
java-html-sanitizer - Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
eslint-plugin-import - ESLint plugin with rules that help validate proper imports. [Moved to: https://github.com/import-js/eslint-plugin-import]
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
ramda - :ram: Practical functional Javascript
content - The content behind MDN Web Docs
eslint-plugin-svelte3 - An ESLint plugin for Svelte v3 components.
XO - ❤️ JavaScript/TypeScript linter (ESLint wrapper) with great defaults
babel-plugin-lodash - Modular Lodash builds without the hassle.
bluemonday - bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
stdlib - ✨ Standard library for JavaScript and Node.js. ✨
eslint-plugin-react-native - React Native plugin for ESLint