A comprehensive Node.js middleware and API server for code linting and bug detection, built on top of ESLint with enhanced capabilities for identifying potential security vulnerabilities and code quality issues.
- ESLint Integration: Leverages the power and flexibility of ESLint for core linting functionality
- SonarJS Plugin: Includes SonarJS rules for advanced bug detection and code smell identification
- Custom Security Rules: Additional custom rules for detecting:
- Hardcoded credentials and sensitive data
- Potential SQL injection vulnerabilities
- Console statements in production code
- Express Middleware: Easy integration with Express.js applications
- Standalone API Server: Ready-to-use REST API for code analysis
- Batch Processing: Support for analyzing multiple files or code snippets
- Configurable Rules: Flexible rule configuration for different environments
- Comprehensive Testing: Full test suite with Jest
npm installnpm startThe server will start on http://localhost:3000 (or the port specified in the PORT environment variable).
const express = require('express');
const { createLinterMiddleware } = require('./middleware');
const app = express();
// Add the linter middleware
app.use(createLinterMiddleware({
production: process.env.NODE_ENV === 'production',
browser: false
}));
// Use the linter in your routes
app.post('/analyze', async (req, res) => {
const { code } = req.body;
const result = await req.lintCode(code);
res.json(result);
});GET /health
Returns the health status of the API.
POST /lint
Content-Type: application/json
{
"code": "const message = 'Hello, World!'; console.log(message);",
"filename": "example.js"
}
POST /lint/custom
Content-Type: application/json
{
"code": "var x = 1;",
"filename": "example.js",
"options": {
"rules": {
"no-var": "error"
},
"env": {
"browser": true
}
}
}
POST /lint/batch
Content-Type: application/json
{
"codeSnippets": [
{ "code": "const a = 1;", "filename": "file1.js" },
{ "code": "const b = 2;", "filename": "file2.js" }
]
}
POST /lint/files
Content-Type: multipart/form-data
files: [file1.js, file2.js, ...]
GET /rules
Returns a list of all available linting rules with their descriptions and categories.
All linting endpoints return a standardized response format:
{
"success": true,
"summary": {
"totalFiles": 1,
"totalErrors": 2,
"totalWarnings": 1,
"totalIssues": 3
},
"results": [
{
"filePath": "example.js",
"errorCount": 2,
"warningCount": 1,
"issues": [
{
"line": 1,
"column": 7,
"severity": "error",
"message": "'undefinedVar' is not defined.",
"ruleId": "no-undef",
"category": "bug-detection"
}
]
}
]
}Detects console statements that might be left in production code.
Configuration:
{
"custom/no-console-in-production": ["error", { "allow": ["warn", "error"] }]
}Identifies potential hardcoded passwords, API keys, and other sensitive data.
Detects:
- Variables with suspicious names (password, apiKey, secret, etc.)
- Base64-encoded strings that might be credentials
- Object properties containing sensitive data
Identifies potential SQL injection vulnerabilities in string concatenation and template literals.
Detects:
- String concatenation with SQL keywords and variables
- Template literals containing SQL queries with interpolated variables
Rules are automatically categorized into:
- bug-detection: Rules that identify potential bugs and runtime errors
- code-smell: Rules that identify code quality issues and maintainability problems
- style: Rules that enforce coding style and formatting
- security: Custom rules that identify potential security vulnerabilities
const options = {
production: false, // Enable production-specific rules
browser: false, // Enable browser environment
rules: { // Override or add custom rules
"no-console": "warn",
"custom/no-hardcoded-credentials": "error"
}
};PORT: Server port (default: 3000)HOST: Server host (default: 0.0.0.0)NODE_ENV: Environment mode (affects rule strictness)
Run the test suite:
npm testRun tests in watch mode:
npm run test:watchconst express = require('express');
const { createLinterRoute } = require('./middleware');
const app = express();
app.use(express.json());
// Add linting endpoint
app.post('/lint', createLinterRoute({
production: true,
rules: {
'no-console': 'error'
}
}));
app.listen(3000);const CodeLinter = require('./linter');
const linter = new CodeLinter({
baseConfig: {
env: { node: true, browser: true },
rules: {
'no-var': 'error',
'prefer-const': 'warn'
}
}
});
async function analyzeCode(code) {
const result = await linter.lintCode(code);
console.log(`Found ${result.summary.totalIssues} issues`);
return result;
}const { CodeLinter } = require('./middleware');
const fs = require('fs').promises;
async function lintProject(directory) {
const linter = new CodeLinter();
const files = await fs.readdir(directory);
const jsFiles = files.filter(file => file.endsWith('.js'));
const result = await linter.lintFiles(jsFiles.map(file => `${directory}/${file}`));
if (result.summary.totalErrors > 0) {
console.error('Linting failed with errors');
process.exit(1);
}
console.log('Linting passed');
}- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
ISC License
For issues and questions, please create an issue in the repository or contact the development team.