[{"data":1,"prerenderedAt":2148},["ShallowReactive",2],{"navigation":3,"article-getting-started-with-eslint-plugin-express-security":170,"$fDfH7qgPb22Ku4P-L0VXxP9mppoVJHH5opE038Cyzotw":1624},[4],{"title":5,"path":6,"stem":7,"children":8,"page":169},"Articles","\u002Farticles","articles",[9,13,17,21,25,29,33,37,41,45,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,107,111,115,119,123,126,130,134,138,141,145,149,153,157,161,165],{"title":10,"path":11,"stem":12},"The OWASP LLM Protocol: 100% Automated Coverage for Vercel AI","\u002Farticles\u002F100-owasp-llm-top-10-coverage-for-vercel-ai-sdk","articles\u002F100-owasp-llm-top-10-coverage-for-vercel-ai-sdk",{"title":14,"path":15,"stem":16},"Vulnerability Case Study: Prompt Injection in Vercel AI Agents","\u002Farticles\u002F3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo","articles\u002F3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo",{"title":18,"path":19,"stem":20},"Aggregate Benchmarks Lie. Here's What 700 AI Functions Look Like by Security Domain.","\u002Farticles\u002Faggregate-benchmarks-lie-heres-what-700-ai-functions-look-like-by-security-domain","articles\u002Faggregate-benchmarks-lie-heres-what-700-ai-functions-look-like-by-security-domain",{"title":22,"path":23,"stem":24},"I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability.","\u002Farticles\u002Fbenchmark-17-eslint-security-plugins-compared","articles\u002Fbenchmark-17-eslint-security-plugins-compared",{"title":26,"path":27,"stem":28},"Microsoft's ESLint Security Plugin Catches 10% of Vulnerabilities. Here's What It Misses.","\u002Farticles\u002Fbenchmark-microsoft-sdl-vs-interlace","articles\u002Fbenchmark-microsoft-sdl-vs-interlace",{"title":30,"path":31,"stem":32},"SonarJS Has 269 Rules. It Still Misses 65% of Security Vulnerabilities.","\u002Farticles\u002Fbenchmark-sonarjs-vs-interlace","articles\u002Fbenchmark-sonarjs-vs-interlace",{"title":34,"path":35,"stem":36},"Post-Mortem: The Connection Leak Outage (And the Static Analysis Standard)","\u002Farticles\u002Fdatabase-connection-leak-production-outage","articles\u002Fdatabase-connection-leak-production-outage",{"title":38,"path":39,"stem":40},"Engineering the 100x Speedup: A Static Analysis Performance Report","\u002Farticles\u002Feslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster","articles\u002Feslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster",{"title":42,"path":43,"stem":44},"eslint-plugin-security Is Unmaintained. Here's What Nobody Tells You.","\u002Farticles\u002Feslint-plugin-security-abandoned","articles\u002Feslint-plugin-security-abandoned",{"title":42,"path":46,"stem":47},"\u002Farticles\u002Feslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h","articles\u002Feslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h",{"title":49,"path":50,"stem":51},"Benchmark: False Negatives & False Positives in ESLint Security Plugins","\u002Farticles\u002Feslint-security-fn-fp-benchmark","articles\u002Feslint-security-fn-fp-benchmark",{"title":53,"path":54,"stem":55},"Frontend Protection: The Browser Static Analysis Standard","\u002Farticles\u002Fgetting-started-eslint-plugin-browser-security","articles\u002Fgetting-started-eslint-plugin-browser-security",{"title":57,"path":58,"stem":59},"Zero-Trust Auth: The JWT Static Analysis Standard","\u002Farticles\u002Fgetting-started-eslint-plugin-jwt","articles\u002Fgetting-started-eslint-plugin-jwt",{"title":61,"path":62,"stem":63},"Architectural Security: The NestJS Static Analysis Standard","\u002Farticles\u002Fgetting-started-eslint-plugin-nestjs-security","articles\u002Fgetting-started-eslint-plugin-nestjs-security",{"title":65,"path":66,"stem":67},"Runtime Security at Scale: The Node.js Static Analysis Standard","\u002Farticles\u002Fgetting-started-eslint-plugin-node-security","articles\u002Fgetting-started-eslint-plugin-node-security",{"title":69,"path":70,"stem":71},"Hardening the Data Layer: The node-postgres Static Analysis Standard","\u002Farticles\u002Fgetting-started-eslint-plugin-pg","articles\u002Fgetting-started-eslint-plugin-pg",{"title":73,"path":74,"stem":75},"Automated Compliance: The Secure Coding Static Analysis Standard","\u002Farticles\u002Fgetting-started-eslint-plugin-secure-coding","articles\u002Fgetting-started-eslint-plugin-secure-coding",{"title":77,"path":78,"stem":79},"Hardening AI Agents: The Vercel AI Static Analysis Standard","\u002Farticles\u002Fgetting-started-eslint-plugin-vercel-ai-security","articles\u002Fgetting-started-eslint-plugin-vercel-ai-security",{"title":81,"path":82,"stem":83},"Securing Middleware: The Express.js Static Analysis Standard","\u002Farticles\u002Fgetting-started-with-eslint-plugin-express-security","articles\u002Fgetting-started-with-eslint-plugin-express-security",{"title":85,"path":86,"stem":87},"Performance at Scale: The Static Analysis Standard for 100x Faster Linting","\u002Farticles\u002Fgetting-started-with-eslint-plugin-import-next","articles\u002Fgetting-started-with-eslint-plugin-import-next",{"title":89,"path":90,"stem":91},"Serverless Security: The AWS Lambda Static Analysis Standard","\u002Farticles\u002Fgetting-started-with-eslint-plugin-lambda-security","articles\u002Fgetting-started-with-eslint-plugin-lambda-security",{"title":93,"path":94,"stem":95},"The Secret Management Standard: Automating AI Agent Protection","\u002Farticles\u002Fhardcoded-secrets-ai-agents-autofix","articles\u002Fhardcoded-secrets-ai-agents-autofix",{"title":97,"path":98,"stem":99},"I Let Claude Write 80 Functions. 65-75% Had Security Vulnerabilities.","\u002Farticles\u002Fi-let-claude-write-60-functions-65-75-had-security-vulnerabilities","articles\u002Fi-let-claude-write-60-functions-65-75-had-security-vulnerabilities",{"title":101,"path":102,"stem":103},"The OWASP Compliance Protocol: Mapping 247 Static Analysis Rules","\u002Farticles\u002Fmapping-your-codebase-to-owasp-top-10-with-247-eslint-rules","articles\u002Fmapping-your-codebase-to-owasp-top-10-with-247-eslint-rules",{"title":26,"path":105,"stem":106},"\u002Farticles\u002Fmicrosofts-eslint-security-plugin-catches-10-of-vulnerabilities-heres-what-it-misses","articles\u002Fmicrosofts-eslint-security-plugin-catches-10-of-vulnerabilities-heres-what-it-misses",{"title":108,"path":109,"stem":110},"The Performance Protocol: Solving PostgreSQL N+1 Loops via Static Analysis","\u002Farticles\u002Fn-plus-1-insert-loop-api-performance","articles\u002Fn-plus-1-insert-loop-api-performance",{"title":112,"path":113,"stem":114},"Exploit Analysis: PostgreSQL COPY FROM Filesystem Access","\u002Farticles\u002Fpostgresql-copy-from-exploit-filesystem-access","articles\u002Fpostgresql-copy-from-exploit-filesystem-access",{"title":116,"path":117,"stem":118},"Exploit Analysis: search_path Hijacking (The Hidden PostgreSQL Attack)","\u002Farticles\u002Fsearchpath-hijacking-postgresql-attack","articles\u002Fsearchpath-hijacking-postgresql-attack",{"title":120,"path":121,"stem":122},"The AI Security Protocol: Hardening Vercel AI SDK Agents","\u002Farticles\u002Fsecuring-ai-agents-in-the-vercel-ai-sdk","articles\u002Fsecuring-ai-agents-in-the-vercel-ai-sdk",{"title":30,"path":124,"stem":125},"\u002Farticles\u002Fsonarjs-has-269-rules-it-still-misses-65-of-security-vulnerabilities-3jh","articles\u002Fsonarjs-has-269-rules-it-still-misses-65-of-security-vulnerabilities-3jh",{"title":127,"path":128,"stem":129},"Hardening the Data Layer: The node-postgres Engineering Standard","\u002Farticles\u002Fsql-injection-node-postgres-pattern","articles\u002Fsql-injection-node-postgres-pattern",{"title":131,"path":132,"stem":133},"The 30-Minute Security Audit: A Static Analysis Protocol for Onboarding","\u002Farticles\u002Fthe-30-minute-security-audit-onboarding-a-new-codebase","articles\u002Fthe-30-minute-security-audit-onboarding-a-new-codebase",{"title":135,"path":136,"stem":137},"The AI Hydra Problem: Fix One AI Bug, Get Two More","\u002Farticles\u002Fthe-ai-hydra-problem","articles\u002Fthe-ai-hydra-problem",{"title":135,"path":139,"stem":140},"\u002Farticles\u002Fthe-ai-hydra-problem-fix-one-ai-bug-get-two-more","articles\u002Fthe-ai-hydra-problem-fix-one-ai-bug-get-two-more",{"title":142,"path":143,"stem":144},"Exploit Analysis: The JWT Algorithm 'none' Attack (And the Guard)","\u002Farticles\u002Fthe-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g","articles\u002Fthe-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g",{"title":146,"path":147,"stem":148},"The Security Engineering Blueprint: A JavaScript Master Document","\u002Farticles\u002Fthe-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn","articles\u002Fthe-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn",{"title":150,"path":151,"stem":152},"Post-Mortem: Race Conditions in PostgreSQL Pools (And the Guard)","\u002Farticles\u002Ftransaction-race-conditions-begin-on-pool","articles\u002Ftransaction-race-conditions-begin-on-pool",{"title":154,"path":155,"stem":156},"Your Vercel AI SDK App Has a Prompt Injection Vulnerability","\u002Farticles\u002Fvercel-ai-sdk-prompt-injection-vulnerability","articles\u002Fvercel-ai-sdk-prompt-injection-vulnerability",{"title":158,"path":159,"stem":160},"We Ranked 5 AI Models by Security. The Leaderboard Is Wrong.","\u002Farticles\u002Fwe-ranked-5-ai-models-by-security-the-leaderboard-is-wrong","articles\u002Fwe-ranked-5-ai-models-by-security-the-leaderboard-is-wrong",{"title":162,"path":163,"stem":164},"Post-Mortem: Why ESLint Performance Failed (And the 100x Fix)","\u002Farticles\u002Fwhy-eslint-plugin-import-slow-fix","articles\u002Fwhy-eslint-plugin-import-slow-fix",{"title":166,"path":167,"stem":168},"Benchmark Report: Why Most Security Linters Miss 80% of Vulnerabilities","\u002Farticles\u002Fyour-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof","articles\u002Fyour-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof",false,{"id":171,"title":81,"author":172,"body":177,"canonical_url":1605,"comments":1606,"cover_image":1607,"description":1608,"devto_id":1609,"devto_url":1610,"edited_at":1611,"extension":1612,"featured":169,"meta":1613,"navigation":290,"path":82,"published":290,"published_at":1614,"reactions":1606,"reading_time_minutes":287,"seo":1615,"series":1616,"slug":1617,"social_image":1607,"stem":83,"tags":1618,"views":1606,"__hash__":1623},"articles\u002Farticles\u002Fgetting-started-with-eslint-plugin-express-security.md",{"name":173,"username":174,"avatar":175,"twitter":176},"Ofri Peretz","ofri-peretz","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=640,height=640,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3669992%2F50a1f256-472c-48a1-85e8-149459647ea7.png","ofriperetzdev",{"type":178,"value":179,"toc":1591},"minimark",[180,187,205,210,240,244,316,320,532,536,552,555,766,770,775,919,923,1056,1060,1248,1252,1435,1439,1516,1519,1533,1542,1544,1550,1558,1561,1563,1569,1587],[181,182,183],"p",{},[184,185,186],"strong",{},"Middleware is where security usually fails. Here is the professional engineering standard for Express.js platform security, using automated static analysis to audit every route and middleware layer.",[188,189,190],"blockquote",{},[181,191,192,193,196,197,204],{},"This plugin is for ",[184,194,195],{},"Node.js teams"," building web applications with ",[198,199,203],"a",{"href":200,"rel":201},"https:\u002F\u002Fexpressjs.com\u002F",[202],"nofollow","Express.js",".",[206,207,209],"h2",{"id":208},"quick-install","Quick Install",[211,212,217],"pre",{"className":213,"code":214,"language":215,"meta":216,"style":216},"language-bash shiki shiki-themes material-theme-lighter github-light github-dark","npm install --save-dev eslint-plugin-express-security\n","bash","",[218,219,220],"code",{"__ignoreMap":216},[221,222,225,229,233,237],"span",{"class":223,"line":224},"line",1,[221,226,228],{"class":227},"sbgvK","npm",[221,230,232],{"class":231},"s_sjI"," install",[221,234,236],{"class":235},"stzsN"," --save-dev",[221,238,239],{"class":231}," eslint-plugin-express-security\n",[206,241,243],{"id":242},"flat-config","Flat Config",[211,245,249],{"className":246,"code":247,"language":248,"meta":216,"style":216},"language-javascript shiki shiki-themes material-theme-lighter github-light github-dark","\u002F\u002F eslint.config.js\nimport expressSecurity from \"eslint-plugin-express-security\";\n\nexport default [expressSecurity.configs.recommended];\n","javascript",[218,250,251,257,285,292],{"__ignoreMap":216},[221,252,253],{"class":223,"line":224},[221,254,256],{"class":255},"sutJx","\u002F\u002F eslint.config.js\n",[221,258,260,264,268,271,275,278,281],{"class":223,"line":259},2,[221,261,263],{"class":262},"sVHd0","import",[221,265,267],{"class":266},"su5hD"," expressSecurity ",[221,269,270],{"class":262},"from",[221,272,274],{"class":273},"sjJ54"," \"",[221,276,277],{"class":231},"eslint-plugin-express-security",[221,279,280],{"class":273},"\"",[221,282,284],{"class":283},"sP7_E",";\n",[221,286,288],{"class":223,"line":287},3,[221,289,291],{"emptyLinePlaceholder":290},true,"\n",[221,293,295,298,301,304,306,309,311,314],{"class":223,"line":294},4,[221,296,297],{"class":262},"export",[221,299,300],{"class":262}," default",[221,302,303],{"class":266}," [expressSecurity",[221,305,204],{"class":283},[221,307,308],{"class":266},"configs",[221,310,204],{"class":283},[221,312,313],{"class":266},"recommended]",[221,315,284],{"class":283},[206,317,319],{"id":318},"rule-overview","Rule Overview",[321,322,323,339],"table",{},[324,325,326],"thead",{},[327,328,329,333,336],"tr",{},[330,331,332],"th",{},"Rule",[330,334,335],{},"CWE",[330,337,338],{},"What it catches",[340,341,342,364,385,406,427,448,469,490,511],"tbody",{},[327,343,344,354,361],{},[345,346,347],"td",{},[198,348,351],{"href":349,"rel":350},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Frequire-helmet",[202],[218,352,353],{},"require-helmet",[345,355,356],{},[198,357,360],{"href":358,"rel":359},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F693.html",[202],"CWE-693",[345,362,363],{},"Missing security headers",[327,365,366,375,382],{},[345,367,368],{},[198,369,372],{"href":370,"rel":371},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Fno-cors-credentials-wildcard",[202],[218,373,374],{},"no-cors-credentials-wildcard",[345,376,377],{},[198,378,381],{"href":379,"rel":380},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F346.html",[202],"CWE-346",[345,383,384],{},"CORS * + credentials",[327,386,387,396,403],{},[345,388,389],{},[198,390,393],{"href":391,"rel":392},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Fno-permissive-cors",[202],[218,394,395],{},"no-permissive-cors",[345,397,398],{},[198,399,402],{"href":400,"rel":401},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F942.html",[202],"CWE-942",[345,404,405],{},"Overly permissive CORS",[327,407,408,417,424],{},[345,409,410],{},[198,411,414],{"href":412,"rel":413},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Fno-insecure-cookie-options",[202],[218,415,416],{},"no-insecure-cookie-options",[345,418,419],{},[198,420,423],{"href":421,"rel":422},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F614.html",[202],"CWE-614",[345,425,426],{},"Missing cookie flags",[327,428,429,438,445],{},[345,430,431],{},[198,432,435],{"href":433,"rel":434},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Frequire-csrf-protection",[202],[218,436,437],{},"require-csrf-protection",[345,439,440],{},[198,441,444],{"href":442,"rel":443},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F352.html",[202],"CWE-352",[345,446,447],{},"No CSRF protection",[327,449,450,459,466],{},[345,451,452],{},[198,453,456],{"href":454,"rel":455},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Frequire-rate-limiting",[202],[218,457,458],{},"require-rate-limiting",[345,460,461],{},[198,462,465],{"href":463,"rel":464},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F307.html",[202],"CWE-307",[345,467,468],{},"No rate limiting",[327,470,471,480,487],{},[345,472,473],{},[198,474,477],{"href":475,"rel":476},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Frequire-express-body-parser-limits",[202],[218,478,479],{},"require-express-body-parser-limits",[345,481,482],{},[198,483,486],{"href":484,"rel":485},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F400.html",[202],"CWE-400",[345,488,489],{},"Unlimited body size",[327,491,492,501,508],{},[345,493,494],{},[198,495,498],{"href":496,"rel":497},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Fno-express-unsafe-regex-route",[202],[218,499,500],{},"no-express-unsafe-regex-route",[345,502,503],{},[198,504,507],{"href":505,"rel":506},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F1333.html",[202],"CWE-1333",[345,509,510],{},"ReDoS in routes",[327,512,513,522,529],{},[345,514,515],{},[198,516,519],{"href":517,"rel":518},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fsecurity\u002Fplugin-express-security\u002Frules\u002Fno-graphql-introspection-production",[202],[218,520,521],{},"no-graphql-introspection-production",[345,523,524],{},[198,525,528],{"href":526,"rel":527},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F200.html",[202],"CWE-200",[345,530,531],{},"Schema exposed",[206,533,535],{"id":534},"run-eslint","Run ESLint",[211,537,539],{"className":213,"code":538,"language":215,"meta":216,"style":216},"npx eslint .\n",[218,540,541],{"__ignoreMap":216},[221,542,543,546,549],{"class":223,"line":224},[221,544,545],{"class":227},"npx",[221,547,548],{"class":231}," eslint",[221,550,551],{"class":231}," .\n",[181,553,554],{},"You'll see output like:",[211,556,558],{"className":213,"code":557,"language":215,"meta":216,"style":216},"src\u002Fapp.ts\n  15:1  error  🔒 CWE-693 | Missing Helmet middleware\n               Fix: Add app.use(helmet()) before routes\n\nsrc\u002Froutes\u002Fapi.ts\n  8:1   error  🔒 CWE-346 | CORS with credentials and wildcard origin\n               Fix: Specify explicit origin when using credentials\n\nsrc\u002Fmiddleware\u002Fauth.ts\n  22:3  error  🔒 CWE-614 | Cookie missing secure\u002FhttpOnly flags\n               Fix: Add { secure: true, httpOnly: true, sameSite: 'strict' }\n",[218,559,560,565,592,619,623,629,663,686,691,697,724],{"__ignoreMap":216},[221,561,562],{"class":223,"line":224},[221,563,564],{"class":227},"src\u002Fapp.ts\n",[221,566,567,570,573,576,579,583,586,589],{"class":223,"line":259},[221,568,569],{"class":227},"  15:1",[221,571,572],{"class":231},"  error",[221,574,575],{"class":231},"  🔒",[221,577,578],{"class":231}," CWE-693",[221,580,582],{"class":581},"smGrS"," |",[221,584,585],{"class":227}," Missing",[221,587,588],{"class":231}," Helmet",[221,590,591],{"class":231}," middleware\n",[221,593,594,597,600,603,606,610,613,616],{"class":223,"line":287},[221,595,596],{"class":227},"               Fix:",[221,598,599],{"class":231}," Add",[221,601,602],{"class":231}," app.use",[221,604,605],{"class":283},"(",[221,607,609],{"class":608},"sGLFI","helmet",[221,611,612],{"class":283},"())",[221,614,615],{"class":231}," before",[221,617,618],{"class":231}," routes\n",[221,620,621],{"class":223,"line":294},[221,622,291],{"emptyLinePlaceholder":290},[221,624,626],{"class":223,"line":625},5,[221,627,628],{"class":227},"src\u002Froutes\u002Fapi.ts\n",[221,630,632,635,638,640,643,645,648,651,654,657,660],{"class":223,"line":631},6,[221,633,634],{"class":227},"  8:1",[221,636,637],{"class":231},"   error",[221,639,575],{"class":231},[221,641,642],{"class":231}," CWE-346",[221,644,582],{"class":581},[221,646,647],{"class":227}," CORS",[221,649,650],{"class":231}," with",[221,652,653],{"class":231}," credentials",[221,655,656],{"class":231}," and",[221,658,659],{"class":231}," wildcard",[221,661,662],{"class":231}," origin\n",[221,664,666,668,671,674,677,680,683],{"class":223,"line":665},7,[221,667,596],{"class":227},[221,669,670],{"class":231}," Specify",[221,672,673],{"class":231}," explicit",[221,675,676],{"class":231}," origin",[221,678,679],{"class":231}," when",[221,681,682],{"class":231}," using",[221,684,685],{"class":231}," credentials\n",[221,687,689],{"class":223,"line":688},8,[221,690,291],{"emptyLinePlaceholder":290},[221,692,694],{"class":223,"line":693},9,[221,695,696],{"class":227},"src\u002Fmiddleware\u002Fauth.ts\n",[221,698,700,703,705,707,710,712,715,718,721],{"class":223,"line":699},10,[221,701,702],{"class":227},"  22:3",[221,704,572],{"class":231},[221,706,575],{"class":231},[221,708,709],{"class":231}," CWE-614",[221,711,582],{"class":581},[221,713,714],{"class":227}," Cookie",[221,716,717],{"class":231}," missing",[221,719,720],{"class":231}," secure\u002FhttpOnly",[221,722,723],{"class":231}," flags\n",[221,725,727,729,731,734,737,741,744,747,749,751,754,757,760,763],{"class":223,"line":726},11,[221,728,596],{"class":227},[221,730,599],{"class":231},[221,732,733],{"class":231}," {",[221,735,736],{"class":231}," secure:",[221,738,740],{"class":739},"s39Yj"," true",[221,742,743],{"class":231},",",[221,745,746],{"class":231}," httpOnly:",[221,748,740],{"class":739},[221,750,743],{"class":231},[221,752,753],{"class":231}," sameSite:",[221,755,756],{"class":273}," '",[221,758,759],{"class":231},"strict",[221,761,762],{"class":273},"'",[221,764,765],{"class":231}," }\n",[206,767,769],{"id":768},"quick-wins","Quick Wins",[771,772,774],"h3",{"id":773},"security-headers","Security Headers",[211,776,778],{"className":246,"code":777,"language":248,"meta":216,"style":216},"\u002F\u002F ❌ Missing security headers\nconst app = express();\napp.use(cors());\n\n\u002F\u002F ✅ Safe: Helmet adds security headers\nimport helmet from \"helmet\";\nconst app = express();\napp.use(helmet());\napp.use(cors({ origin: \"https:\u002F\u002Fapp.example.com\" }));\n",[218,779,780,785,806,825,829,834,851,865,881],{"__ignoreMap":216},[221,781,782],{"class":223,"line":224},[221,783,784],{"class":255},"\u002F\u002F ❌ Missing security headers\n",[221,786,787,791,795,798,801,804],{"class":223,"line":259},[221,788,790],{"class":789},"sbsja","const",[221,792,794],{"class":793},"s_hVV"," app",[221,796,797],{"class":581}," =",[221,799,800],{"class":608}," express",[221,802,803],{"class":266},"()",[221,805,284],{"class":283},[221,807,808,811,813,816,818,821,823],{"class":223,"line":287},[221,809,810],{"class":266},"app",[221,812,204],{"class":283},[221,814,815],{"class":608},"use",[221,817,605],{"class":266},[221,819,820],{"class":608},"cors",[221,822,612],{"class":266},[221,824,284],{"class":283},[221,826,827],{"class":223,"line":294},[221,828,291],{"emptyLinePlaceholder":290},[221,830,831],{"class":223,"line":625},[221,832,833],{"class":255},"\u002F\u002F ✅ Safe: Helmet adds security headers\n",[221,835,836,838,841,843,845,847,849],{"class":223,"line":631},[221,837,263],{"class":262},[221,839,840],{"class":266}," helmet ",[221,842,270],{"class":262},[221,844,274],{"class":273},[221,846,609],{"class":231},[221,848,280],{"class":273},[221,850,284],{"class":283},[221,852,853,855,857,859,861,863],{"class":223,"line":665},[221,854,790],{"class":789},[221,856,794],{"class":793},[221,858,797],{"class":581},[221,860,800],{"class":608},[221,862,803],{"class":266},[221,864,284],{"class":283},[221,866,867,869,871,873,875,877,879],{"class":223,"line":688},[221,868,810],{"class":266},[221,870,204],{"class":283},[221,872,815],{"class":608},[221,874,605],{"class":266},[221,876,609],{"class":608},[221,878,612],{"class":266},[221,880,284],{"class":283},[221,882,883,885,887,889,891,893,895,898,901,904,906,909,911,914,917],{"class":223,"line":693},[221,884,810],{"class":266},[221,886,204],{"class":283},[221,888,815],{"class":608},[221,890,605],{"class":266},[221,892,820],{"class":608},[221,894,605],{"class":266},[221,896,897],{"class":283},"{",[221,899,676],{"class":900},"skxfh",[221,902,903],{"class":283},":",[221,905,274],{"class":273},[221,907,908],{"class":231},"https:\u002F\u002Fapp.example.com",[221,910,280],{"class":273},[221,912,913],{"class":283}," }",[221,915,916],{"class":266},"))",[221,918,284],{"class":283},[771,920,922],{"id":921},"cookie-security","Cookie Security",[211,924,926],{"className":246,"code":925,"language":248,"meta":216,"style":216},"\u002F\u002F ❌ Insecure cookie\nres.cookie(\"session\", token);\n\n\u002F\u002F ✅ Safe: All security flags\nres.cookie(\"session\", token, {\n  httpOnly: true,\n  secure: true,\n  sameSite: \"strict\",\n  maxAge: 3600000,\n});\n",[218,927,928,933,959,963,968,994,1007,1018,1033,1046],{"__ignoreMap":216},[221,929,930],{"class":223,"line":224},[221,931,932],{"class":255},"\u002F\u002F ❌ Insecure cookie\n",[221,934,935,938,940,943,945,947,950,952,954,957],{"class":223,"line":259},[221,936,937],{"class":266},"res",[221,939,204],{"class":283},[221,941,942],{"class":608},"cookie",[221,944,605],{"class":266},[221,946,280],{"class":273},[221,948,949],{"class":231},"session",[221,951,280],{"class":273},[221,953,743],{"class":283},[221,955,956],{"class":266}," token)",[221,958,284],{"class":283},[221,960,961],{"class":223,"line":287},[221,962,291],{"emptyLinePlaceholder":290},[221,964,965],{"class":223,"line":294},[221,966,967],{"class":255},"\u002F\u002F ✅ Safe: All security flags\n",[221,969,970,972,974,976,978,980,982,984,986,989,991],{"class":223,"line":625},[221,971,937],{"class":266},[221,973,204],{"class":283},[221,975,942],{"class":608},[221,977,605],{"class":266},[221,979,280],{"class":273},[221,981,949],{"class":231},[221,983,280],{"class":273},[221,985,743],{"class":283},[221,987,988],{"class":266}," token",[221,990,743],{"class":283},[221,992,993],{"class":283}," {\n",[221,995,996,999,1001,1004],{"class":223,"line":631},[221,997,998],{"class":900},"  httpOnly",[221,1000,903],{"class":283},[221,1002,740],{"class":1003},"syTEX",[221,1005,1006],{"class":283},",\n",[221,1008,1009,1012,1014,1016],{"class":223,"line":665},[221,1010,1011],{"class":900},"  secure",[221,1013,903],{"class":283},[221,1015,740],{"class":1003},[221,1017,1006],{"class":283},[221,1019,1020,1023,1025,1027,1029,1031],{"class":223,"line":688},[221,1021,1022],{"class":900},"  sameSite",[221,1024,903],{"class":283},[221,1026,274],{"class":273},[221,1028,759],{"class":231},[221,1030,280],{"class":273},[221,1032,1006],{"class":283},[221,1034,1035,1038,1040,1044],{"class":223,"line":693},[221,1036,1037],{"class":900},"  maxAge",[221,1039,903],{"class":283},[221,1041,1043],{"class":1042},"srdBf"," 3600000",[221,1045,1006],{"class":283},[221,1047,1048,1051,1054],{"class":223,"line":699},[221,1049,1050],{"class":283},"}",[221,1052,1053],{"class":266},")",[221,1055,284],{"class":283},[206,1057,1059],{"id":1058},"custom-configuration","Custom Configuration",[211,1061,1063],{"className":246,"code":1062,"language":248,"meta":216,"style":216},"\u002F\u002F eslint.config.js\nimport expressSecurity from \"eslint-plugin-express-security\";\n\nexport default [\n  expressSecurity.configs.recommended,\n  {\n    rules: {\n      \u002F\u002F Override severity\n      \"express-security\u002Frequire-rate-limiting\": \"warn\",\n\n      \u002F\u002F Configure with options\n      \"express-security\u002Frequire-express-body-parser-limits\": [\n        \"error\",\n        {\n          maxBodySize: \"1mb\",\n        },\n      ],\n    },\n  },\n];\n",[218,1064,1065,1069,1085,1089,1098,1114,1119,1128,1133,1155,1159,1164,1178,1191,1197,1214,1220,1228,1234,1240],{"__ignoreMap":216},[221,1066,1067],{"class":223,"line":224},[221,1068,256],{"class":255},[221,1070,1071,1073,1075,1077,1079,1081,1083],{"class":223,"line":259},[221,1072,263],{"class":262},[221,1074,267],{"class":266},[221,1076,270],{"class":262},[221,1078,274],{"class":273},[221,1080,277],{"class":231},[221,1082,280],{"class":273},[221,1084,284],{"class":283},[221,1086,1087],{"class":223,"line":287},[221,1088,291],{"emptyLinePlaceholder":290},[221,1090,1091,1093,1095],{"class":223,"line":294},[221,1092,297],{"class":262},[221,1094,300],{"class":262},[221,1096,1097],{"class":266}," [\n",[221,1099,1100,1103,1105,1107,1109,1112],{"class":223,"line":625},[221,1101,1102],{"class":266},"  expressSecurity",[221,1104,204],{"class":283},[221,1106,308],{"class":266},[221,1108,204],{"class":283},[221,1110,1111],{"class":266},"recommended",[221,1113,1006],{"class":283},[221,1115,1116],{"class":223,"line":631},[221,1117,1118],{"class":283},"  {\n",[221,1120,1121,1124,1126],{"class":223,"line":665},[221,1122,1123],{"class":900},"    rules",[221,1125,903],{"class":283},[221,1127,993],{"class":283},[221,1129,1130],{"class":223,"line":688},[221,1131,1132],{"class":255},"      \u002F\u002F Override severity\n",[221,1134,1135,1138,1142,1144,1146,1148,1151,1153],{"class":223,"line":693},[221,1136,1137],{"class":273},"      \"",[221,1139,1141],{"class":1140},"sZUrc","express-security\u002Frequire-rate-limiting",[221,1143,280],{"class":273},[221,1145,903],{"class":283},[221,1147,274],{"class":273},[221,1149,1150],{"class":231},"warn",[221,1152,280],{"class":273},[221,1154,1006],{"class":283},[221,1156,1157],{"class":223,"line":699},[221,1158,291],{"emptyLinePlaceholder":290},[221,1160,1161],{"class":223,"line":726},[221,1162,1163],{"class":255},"      \u002F\u002F Configure with options\n",[221,1165,1167,1169,1172,1174,1176],{"class":223,"line":1166},12,[221,1168,1137],{"class":273},[221,1170,1171],{"class":1140},"express-security\u002Frequire-express-body-parser-limits",[221,1173,280],{"class":273},[221,1175,903],{"class":283},[221,1177,1097],{"class":266},[221,1179,1181,1184,1187,1189],{"class":223,"line":1180},13,[221,1182,1183],{"class":273},"        \"",[221,1185,1186],{"class":231},"error",[221,1188,280],{"class":273},[221,1190,1006],{"class":283},[221,1192,1194],{"class":223,"line":1193},14,[221,1195,1196],{"class":283},"        {\n",[221,1198,1200,1203,1205,1207,1210,1212],{"class":223,"line":1199},15,[221,1201,1202],{"class":900},"          maxBodySize",[221,1204,903],{"class":283},[221,1206,274],{"class":273},[221,1208,1209],{"class":231},"1mb",[221,1211,280],{"class":273},[221,1213,1006],{"class":283},[221,1215,1217],{"class":223,"line":1216},16,[221,1218,1219],{"class":283},"        },\n",[221,1221,1223,1226],{"class":223,"line":1222},17,[221,1224,1225],{"class":266},"      ]",[221,1227,1006],{"class":283},[221,1229,1231],{"class":223,"line":1230},18,[221,1232,1233],{"class":283},"    },\n",[221,1235,1237],{"class":223,"line":1236},19,[221,1238,1239],{"class":283},"  },\n",[221,1241,1243,1246],{"class":223,"line":1242},20,[221,1244,1245],{"class":266},"]",[221,1247,284],{"class":283},[206,1249,1251],{"id":1250},"strongly-typed-options-typescript","Strongly-Typed Options (TypeScript)",[211,1253,1257],{"className":1254,"code":1255,"language":1256,"meta":216,"style":216},"language-typescript shiki shiki-themes material-theme-lighter github-light github-dark","\u002F\u002F eslint.config.ts\nimport expressSecurity, {\n  type RuleOptions,\n} from \"eslint-plugin-express-security\";\n\nconst corsOptions: RuleOptions[\"no-permissive-cors\"] = {\n  allowedOrigins: [\"https:\u002F\u002Fapp.example.com\"],\n};\n\nexport default [\n  expressSecurity.configs.recommended,\n  {\n    rules: {\n      \"express-security\u002Fno-permissive-cors\": [\"error\", corsOptions],\n    },\n  },\n];\n","typescript",[218,1258,1259,1264,1275,1285,1300,1304,1332,1352,1357,1361,1369,1383,1387,1395,1421,1425,1429],{"__ignoreMap":216},[221,1260,1261],{"class":223,"line":224},[221,1262,1263],{"class":255},"\u002F\u002F eslint.config.ts\n",[221,1265,1266,1268,1271,1273],{"class":223,"line":259},[221,1267,263],{"class":262},[221,1269,1270],{"class":266}," expressSecurity",[221,1272,743],{"class":283},[221,1274,993],{"class":283},[221,1276,1277,1280,1283],{"class":223,"line":287},[221,1278,1279],{"class":262},"  type",[221,1281,1282],{"class":266}," RuleOptions",[221,1284,1006],{"class":283},[221,1286,1287,1289,1292,1294,1296,1298],{"class":223,"line":294},[221,1288,1050],{"class":283},[221,1290,1291],{"class":262}," from",[221,1293,274],{"class":273},[221,1295,277],{"class":231},[221,1297,280],{"class":273},[221,1299,284],{"class":283},[221,1301,1302],{"class":223,"line":625},[221,1303,291],{"emptyLinePlaceholder":290},[221,1305,1306,1308,1311,1313,1315,1318,1320,1322,1324,1327,1330],{"class":223,"line":631},[221,1307,790],{"class":789},[221,1309,1310],{"class":793}," corsOptions",[221,1312,903],{"class":581},[221,1314,1282],{"class":227},[221,1316,1317],{"class":266},"[",[221,1319,280],{"class":273},[221,1321,395],{"class":231},[221,1323,280],{"class":273},[221,1325,1326],{"class":266},"] ",[221,1328,1329],{"class":581},"=",[221,1331,993],{"class":283},[221,1333,1334,1337,1339,1342,1344,1346,1348,1350],{"class":223,"line":665},[221,1335,1336],{"class":900},"  allowedOrigins",[221,1338,903],{"class":283},[221,1340,1341],{"class":266}," [",[221,1343,280],{"class":273},[221,1345,908],{"class":231},[221,1347,280],{"class":273},[221,1349,1245],{"class":266},[221,1351,1006],{"class":283},[221,1353,1354],{"class":223,"line":688},[221,1355,1356],{"class":283},"};\n",[221,1358,1359],{"class":223,"line":693},[221,1360,291],{"emptyLinePlaceholder":290},[221,1362,1363,1365,1367],{"class":223,"line":699},[221,1364,297],{"class":262},[221,1366,300],{"class":262},[221,1368,1097],{"class":266},[221,1370,1371,1373,1375,1377,1379,1381],{"class":223,"line":726},[221,1372,1102],{"class":266},[221,1374,204],{"class":283},[221,1376,308],{"class":266},[221,1378,204],{"class":283},[221,1380,1111],{"class":266},[221,1382,1006],{"class":283},[221,1384,1385],{"class":223,"line":1166},[221,1386,1118],{"class":283},[221,1388,1389,1391,1393],{"class":223,"line":1180},[221,1390,1123],{"class":900},[221,1392,903],{"class":283},[221,1394,993],{"class":283},[221,1396,1397,1399,1402,1404,1406,1408,1410,1412,1414,1416,1419],{"class":223,"line":1193},[221,1398,1137],{"class":273},[221,1400,1401],{"class":1140},"express-security\u002Fno-permissive-cors",[221,1403,280],{"class":273},[221,1405,903],{"class":283},[221,1407,1341],{"class":266},[221,1409,280],{"class":273},[221,1411,1186],{"class":231},[221,1413,280],{"class":273},[221,1415,743],{"class":283},[221,1417,1418],{"class":266}," corsOptions]",[221,1420,1006],{"class":283},[221,1422,1423],{"class":223,"line":1199},[221,1424,1233],{"class":283},[221,1426,1427],{"class":223,"line":1216},[221,1428,1239],{"class":283},[221,1430,1431,1433],{"class":223,"line":1222},[221,1432,1245],{"class":266},[221,1434,284],{"class":283},[206,1436,1438],{"id":1437},"quick-reference","Quick Reference",[211,1440,1442],{"className":213,"code":1441,"language":215,"meta":216,"style":216},"# Install\nnpm install --save-dev eslint-plugin-express-security\n\n# Config (eslint.config.js)\nimport expressSecurity from 'eslint-plugin-express-security';\nexport default [expressSecurity.configs.recommended];\n\n# Run\nnpx eslint .\n",[218,1443,1444,1449,1459,1463,1468,1484,1499,1503,1508],{"__ignoreMap":216},[221,1445,1446],{"class":223,"line":224},[221,1447,1448],{"class":255},"# Install\n",[221,1450,1451,1453,1455,1457],{"class":223,"line":259},[221,1452,228],{"class":227},[221,1454,232],{"class":231},[221,1456,236],{"class":235},[221,1458,239],{"class":231},[221,1460,1461],{"class":223,"line":287},[221,1462,291],{"emptyLinePlaceholder":290},[221,1464,1465],{"class":223,"line":294},[221,1466,1467],{"class":255},"# Config (eslint.config.js)\n",[221,1469,1470,1472,1474,1476,1478,1480,1482],{"class":223,"line":625},[221,1471,263],{"class":227},[221,1473,1270],{"class":231},[221,1475,1291],{"class":231},[221,1477,756],{"class":273},[221,1479,277],{"class":231},[221,1481,762],{"class":273},[221,1483,284],{"class":283},[221,1485,1486,1488,1491,1493,1496],{"class":223,"line":631},[221,1487,297],{"class":789},[221,1489,1490],{"class":266}," default ",[221,1492,1317],{"class":283},[221,1494,1495],{"class":266},"expressSecurity.configs.recommended",[221,1497,1498],{"class":283},"];\n",[221,1500,1501],{"class":223,"line":665},[221,1502,291],{"emptyLinePlaceholder":290},[221,1504,1505],{"class":223,"line":688},[221,1506,1507],{"class":255},"# Run\n",[221,1509,1510,1512,1514],{"class":223,"line":693},[221,1511,545],{"class":227},[221,1513,548],{"class":231},[221,1515,551],{"class":231},[1517,1518],"hr",{},[181,1520,1521,1522,1527,1528],{},"📦 ",[198,1523,1526],{"href":1524,"rel":1525},"https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Feslint-plugin-express-security",[202],"npm: eslint-plugin-express-security","\n📖 ",[198,1529,1532],{"href":1530,"rel":1531},"https:\u002F\u002Feslint.interlace.tools\u002Fdocs\u002Fframework\u002Fplugin-express-security\u002Frules",[202],"Full Rule List",[181,1534,1535],{},[184,1536,1537],{},[198,1538,1541],{"href":1539,"rel":1540},"https:\u002F\u002Fgithub.com\u002Fofri-peretz\u002Feslint",[202],"⭐ Star on GitHub",[1517,1543],{},[181,1545,1546,1549],{},[184,1547,1548],{},"The Interlace ESLint Ecosystem","\nInterlace is a high-fidelity suite of static code analyzers designed to automate security, performance, and reliability for the modern Node.js stack. With over 330 rules across 18 specialized plugins, it provides 100% coverage for OWASP Top 10, LLM Security, and Database Hardening.",[206,1551,1553],{"id":1552},"explore-the-full-documentation",[198,1554,1557],{"href":1555,"rel":1556},"https:\u002F\u002Feslint.interlace.tools",[202],"Explore the full Documentation",[181,1559,1560],{},"© 2026 Ofri Peretz. All rights reserved.",[1517,1562],{},[181,1564,1565,1568],{},[184,1566,1567],{},"Build Securely.","\nI'm Ofri Peretz, a Security Engineering Leader and the architect of the Interlace Ecosystem. I build static analysis standards that automate security and performance for Node.js fleets at scale.",[181,1570,1571,1576,1577,1576,1582],{},[198,1572,1575],{"href":1573,"rel":1574},"https:\u002F\u002Fofriperetz.dev",[202],"ofriperetz.dev"," | ",[198,1578,1581],{"href":1579,"rel":1580},"https:\u002F\u002Flinkedin.com\u002Fin\u002Fofri-peretz",[202],"LinkedIn",[198,1583,1586],{"href":1584,"rel":1585},"https:\u002F\u002Fgithub.com\u002Fofri-peretz",[202],"GitHub",[1588,1589,1590],"style",{},"html pre.shiki code .sbgvK, html code.shiki .sbgvK{--shiki-light:#E2931D;--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .s_sjI, html code.shiki .s_sjI{--shiki-light:#91B859;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .stzsN, html code.shiki .stzsN{--shiki-light:#91B859;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sutJx, html code.shiki .sutJx{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#6A737D;--shiki-default-font-style:inherit;--shiki-dark:#6A737D;--shiki-dark-font-style:inherit}html pre.shiki code .sVHd0, html code.shiki .sVHd0{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit}html pre.shiki code .su5hD, html code.shiki .su5hD{--shiki-light:#90A4AE;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .sjJ54, html code.shiki .sjJ54{--shiki-light:#39ADB5;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .sP7_E, html code.shiki .sP7_E{--shiki-light:#39ADB5;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .smGrS, html code.shiki .smGrS{--shiki-light:#39ADB5;--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .sGLFI, html code.shiki .sGLFI{--shiki-light:#6182B8;--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .s39Yj, html code.shiki .s39Yj{--shiki-light:#39ADB5;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sbsja, html code.shiki .sbsja{--shiki-light:#9C3EDA;--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .s_hVV, html code.shiki .s_hVV{--shiki-light:#90A4AE;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .skxfh, html code.shiki .skxfh{--shiki-light:#E53935;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .syTEX, html code.shiki .syTEX{--shiki-light:#FF5370;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .srdBf, html code.shiki .srdBf{--shiki-light:#F76D47;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sZUrc, html code.shiki .sZUrc{--shiki-light:#E53935;--shiki-default:#032F62;--shiki-dark:#9ECBFF}",{"title":216,"searchDepth":259,"depth":259,"links":1592},[1593,1594,1595,1596,1597,1601,1602,1603,1604],{"id":208,"depth":259,"text":209},{"id":242,"depth":259,"text":243},{"id":318,"depth":259,"text":319},{"id":534,"depth":259,"text":535},{"id":768,"depth":259,"text":769,"children":1598},[1599,1600],{"id":773,"depth":287,"text":774},{"id":921,"depth":287,"text":922},{"id":1058,"depth":259,"text":1059},{"id":1250,"depth":259,"text":1251},{"id":1437,"depth":259,"text":1438},{"id":1552,"depth":259,"text":1557},"https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-with-eslint-plugin-express-security",0,"https:\u002F\u002Fofriperetz.dev\u002Fcdn\u002Fblog-cover-image\u002Fgetting-started-with-eslint-plugin-express-security.png","The professional standard for Express.js platform security. Automate protection for Node.js services through static middleware auditing.",3144099,"https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-express-security-2fb8","2026-02-05T05:33:03Z","md",{},"2026-01-02T19:40:18Z",{"title":81,"description":1608},null,"getting-started-with-eslint-plugin-express-security",[1619,1620,1621,1622],"eslint","express","security","node","lI8yYPtpPi_wGoX_OI9H1i6-XN1OPXASYo8F1UQmQjQ",{"articles":1625,"source":2147},[1626,1650,1665,1680,1691,1707,1722,1740,1756,1769,1779,1795,1812,1828,1844,1859,1874,1890,1907,1923,1936,1950,1964,1980,1995,2011,2026,2040,2055,2071,2087,2104,2117,2132],{"type_of":1627,"id":1628,"title":158,"description":1629,"readable_publish_date":1630,"slug":1631,"path":1632,"url":1633,"comments_count":1606,"public_reactions_count":259,"collection_id":1634,"published_timestamp":1635,"language":1636,"subforem_id":224,"positive_reactions_count":259,"cover_image":1637,"social_image":1638,"canonical_url":1639,"created_at":1635,"edited_at":1640,"crossposted_at":1616,"published_at":1635,"last_comment_at":1635,"reading_time_minutes":693,"tag_list":1641,"tags":1645,"user":1646,"page_views_count":1606},"article",3248314,"Claude Opus generates vulnerable JWT code every single time — 7 out of 7 runs, always leaking...","Feb 11","we-ranked-5-ai-models-by-security-the-leaderboard-is-wrong-5a4o","\u002Fofri-peretz\u002Fwe-ranked-5-ai-models-by-security-the-leaderboard-is-wrong-5a4o","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fwe-ranked-5-ai-models-by-security-the-leaderboard-is-wrong-5a4o",35564,"2026-02-11T08:14:59Z","en","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgjifodfaukn49e9y18ux.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgjifodfaukn49e9y18ux.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fwe-ranked-5-ai-models-by-security-the-leaderboard-is-wrong","2026-02-11T08:15:58Z",[1642,1621,1643,1644],"ai","googleai","gemini","ai, security, googleai, gemini",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},3669992,"https:\u002F\u002Fofriperetz.dev?utm_source=devto&utm_medium=profile&utm_campaign=website-field","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=90,height=90,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3669992%2F50a1f256-472c-48a1-85e8-149459647ea7.png",{"type_of":1627,"id":1651,"title":135,"description":1652,"readable_publish_date":1653,"slug":1654,"path":1655,"url":1656,"comments_count":1606,"public_reactions_count":1606,"collection_id":1634,"published_timestamp":1657,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1658,"social_image":1659,"canonical_url":1660,"created_at":1657,"edited_at":1661,"crossposted_at":1616,"published_at":1657,"last_comment_at":1657,"reading_time_minutes":1166,"tag_list":1662,"tags":1663,"user":1664,"page_views_count":1606},3241678,"When AI models fix security vulnerabilities, they sometimes introduce entirely new ones. I tested this across 3 remediation rounds with Claude Opus 4.6 using two approaches — ESLint-guided feedback vs. prompt engineering alone. The results expose a fundamental limit of 'fix it again' workflows.","Feb 8","the-ai-hydra-problem-fix-one-ai-bug-get-two-more-5g1l","\u002Fofri-peretz\u002Fthe-ai-hydra-problem-fix-one-ai-bug-get-two-more-5g1l","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fthe-ai-hydra-problem-fix-one-ai-bug-get-two-more-5g1l","2026-02-08T17:05:28Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-ai-hydra-problem.png%3Fv%3D2","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-ai-hydra-problem.png%3Fv%3D2","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fthe-ai-hydra-problem","2026-02-08T19:23:02Z",[1642,1621,248,1619],"ai, security, javascript, eslint",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1666,"title":26,"description":1667,"readable_publish_date":1653,"slug":1668,"path":1669,"url":1670,"comments_count":1606,"public_reactions_count":224,"collection_id":1616,"published_timestamp":1671,"language":1636,"subforem_id":224,"positive_reactions_count":224,"cover_image":1672,"social_image":1673,"canonical_url":1674,"created_at":1671,"edited_at":1675,"crossposted_at":1616,"published_at":1671,"last_comment_at":1671,"reading_time_minutes":699,"tag_list":1676,"tags":1678,"user":1679,"page_views_count":1606},3240750,"A head-to-head benchmark between @microsoft\u002Feslint-plugin-sdl and the Interlace security ecosystem. Microsoft's SDL standard covers 1 of 14 security categories.","microsofts-eslint-security-plugin-catches-10-of-vulnerabilities-heres-what-it-misses-5gii","\u002Fofri-peretz\u002Fmicrosofts-eslint-security-plugin-catches-10-of-vulnerabilities-heres-what-it-misses-5gii","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fmicrosofts-eslint-security-plugin-catches-10-of-vulnerabilities-heres-what-it-misses-5gii","2026-02-08T03:37:21Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fimages.unsplash.com%2Fphoto-1555949963-aa79dcee981c%3Fw%3D1200%26h%3D630%26fit%3Dcrop","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fimages.unsplash.com%2Fphoto-1555949963-aa79dcee981c%3Fw%3D1200%26h%3D630%26fit%3Dcrop","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fmicrosofts-eslint-security-plugin-catches-10-of-vulnerabilities-heres-what-it-misses","2026-02-08T19:22:51Z",[1621,1619,248,1677],"benchmark","security, eslint, javascript, benchmark",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1681,"title":30,"description":1682,"readable_publish_date":1653,"slug":1683,"path":1684,"url":1685,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":1686,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1672,"social_image":1673,"canonical_url":1687,"created_at":1686,"edited_at":1688,"crossposted_at":1616,"published_at":1686,"last_comment_at":1686,"reading_time_minutes":1166,"tag_list":1689,"tags":1678,"user":1690,"page_views_count":1606},3240739,"A head-to-head benchmark between eslint-plugin-sonarjs and the Interlace security ecosystem. 269 rules vs 201 rules — more isn't better when 65% of vulnerabilities slip through.","sonarjs-has-269-rules-it-still-misses-65-of-security-vulnerabilities-3jh","\u002Fofri-peretz\u002Fsonarjs-has-269-rules-it-still-misses-65-of-security-vulnerabilities-3jh","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fsonarjs-has-269-rules-it-still-misses-65-of-security-vulnerabilities-3jh","2026-02-08T03:31:07Z","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fsonarjs-has-269-rules-it-still-misses-65-of-security-vulnerabilities-3jh","2026-02-08T19:22:57Z",[1621,1619,248,1677],{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1692,"title":42,"description":1693,"readable_publish_date":1694,"slug":1695,"path":1696,"url":1697,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":1698,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1699,"social_image":1700,"canonical_url":1701,"created_at":1702,"edited_at":1703,"crossposted_at":1616,"published_at":1698,"last_comment_at":1698,"reading_time_minutes":688,"tag_list":1704,"tags":1705,"user":1706,"page_views_count":1606},3237157,"eslint-plugin-security has 1.5M weekly downloads but only 13 rules and no meaningful updates since 2020. Learn why it misses 90% of vulnerabilities—including SQL injection, JWT attacks, and AI\u002FLLM security—and what modern ESLint security plugins to use instead.","Feb 6","eslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h","\u002Fofri-peretz\u002Feslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Feslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h","2026-02-06T06:40:05Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Feslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Feslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Feslint-plugin-security-is-unmaintained-heres-what-nobody-tells-you-96h","2026-02-06T06:40:06Z","2026-02-08T19:22:27Z",[1621,1619,248,1622],"security, eslint, javascript, node",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1708,"title":97,"description":1709,"readable_publish_date":1694,"slug":1710,"path":1711,"url":1712,"comments_count":294,"public_reactions_count":294,"collection_id":1634,"published_timestamp":1713,"language":1636,"subforem_id":224,"positive_reactions_count":294,"cover_image":1714,"social_image":1715,"canonical_url":1716,"created_at":1713,"edited_at":1717,"crossposted_at":1616,"published_at":1713,"last_comment_at":1718,"reading_time_minutes":726,"tag_list":1719,"tags":1720,"user":1721,"page_views_count":1606},3236684,"AI coding assistants are incredible—until they introduce security holes. I ran an experiment asking Claude (Haiku 3.5, Sonnet 4.5, Opus 4.5, Opus 4.6) to generate 80 common Node.js functions with zero security context using my Claude Pro subscription. 65-75% had vulnerabilities. Then I tested if static analysis could help the models fix their own mistakes.","i-let-claude-write-60-functions-65-75-had-security-vulnerabilities-414o","\u002Fofri-peretz\u002Fi-let-claude-write-60-functions-65-75-had-security-vulnerabilities-414o","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fi-let-claude-write-60-functions-65-75-had-security-vulnerabilities-414o","2026-02-06T02:51:25Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fi-let-claude-write-60-functions-65-75-had-security-vulnerabilities.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fi-let-claude-write-60-functions-65-75-had-security-vulnerabilities.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fi-let-claude-write-60-functions-65-75-had-security-vulnerabilities","2026-02-08T19:22:48Z","2026-03-31T03:03:34Z",[1642,1621,1619,248],"ai, security, eslint, javascript",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1723,"title":112,"description":1724,"readable_publish_date":1725,"slug":1726,"path":1727,"url":1728,"comments_count":1606,"public_reactions_count":1606,"collection_id":1729,"published_timestamp":1730,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1731,"social_image":1732,"canonical_url":1733,"created_at":1734,"edited_at":1735,"crossposted_at":1616,"published_at":1730,"last_comment_at":1730,"reading_time_minutes":294,"tag_list":1736,"tags":1738,"user":1739,"page_views_count":1606},3144148,"A deep dive into PostgreSQL filesystem exploits. Learn how to engineer static analysis guards to prevent unauthorized database-level file access.","Jan 2","copy-from-exploits-when-postgresql-reads-your-filesystem-127a","\u002Fofri-peretz\u002Fcopy-from-exploits-when-postgresql-reads-your-filesystem-127a","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fcopy-from-exploits-when-postgresql-reads-your-filesystem-127a",35489,"2026-01-02T20:36:38Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fpostgresql-copy-from-exploit-filesystem-access.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fpostgresql-copy-from-exploit-filesystem-access.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fpostgresql-copy-from-exploit-filesystem-access","2026-01-02T20:36:34Z","2026-02-08T19:22:54Z",[1619,1737,1621,1622],"postgres","eslint, postgres, security, node",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1741,"title":108,"description":1742,"readable_publish_date":1725,"slug":1743,"path":1744,"url":1745,"comments_count":287,"public_reactions_count":224,"collection_id":1729,"published_timestamp":1746,"language":1636,"subforem_id":224,"positive_reactions_count":224,"cover_image":1747,"social_image":1748,"canonical_url":1749,"created_at":1746,"edited_at":1750,"crossposted_at":1616,"published_at":1746,"last_comment_at":1751,"reading_time_minutes":287,"tag_list":1752,"tags":1754,"user":1755,"page_views_count":1606},3144119,"Eliminate API performance bottlenecks at the commit level. A case study on detecting and fixing architectural N+1 patterns programmatically.","the-n1-insert-loop-that-slowed-our-api-to-a-crawl-4534","\u002Fofri-peretz\u002Fthe-n1-insert-loop-that-slowed-our-api-to-a-crawl-4534","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fthe-n1-insert-loop-that-slowed-our-api-to-a-crawl-4534","2026-01-02T20:06:27Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fn-plus-1-insert-loop-api-performance.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fn-plus-1-insert-loop-api-performance.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fn-plus-1-insert-loop-api-performance","2026-02-08T19:22:53Z","2026-03-31T03:03:33Z",[1619,1737,1753,1622],"performance","eslint, postgres, performance, node",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1757,"title":116,"description":1758,"readable_publish_date":1725,"slug":1759,"path":1760,"url":1761,"comments_count":1606,"public_reactions_count":1606,"collection_id":1729,"published_timestamp":1762,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1763,"social_image":1764,"canonical_url":1765,"created_at":1762,"edited_at":1766,"crossposted_at":1616,"published_at":1762,"last_comment_at":1762,"reading_time_minutes":259,"tag_list":1767,"tags":1738,"user":1768,"page_views_count":1606},3144104,"Engineering against architectural vulnerabilities. A professional analysis of search_path hijacking and the static analysis standard for prevention.","searchpath-hijacking-the-postgresql-attack-youve-never-heard-of-10co","\u002Fofri-peretz\u002Fsearchpath-hijacking-the-postgresql-attack-youve-never-heard-of-10co","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fsearchpath-hijacking-the-postgresql-attack-youve-never-heard-of-10co","2026-01-02T19:49:31Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F09u14i6uhdwthcrjbygm.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F09u14i6uhdwthcrjbygm.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fsearchpath-hijacking-postgresql-attack","2026-02-08T19:22:55Z",[1619,1737,1621,1622],{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1609,"title":81,"description":1608,"readable_publish_date":1725,"slug":1770,"path":1771,"url":1610,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":1614,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1772,"social_image":1773,"canonical_url":1605,"created_at":1774,"edited_at":1775,"crossposted_at":1616,"published_at":1614,"last_comment_at":1614,"reading_time_minutes":287,"tag_list":1776,"tags":1777,"user":1778,"page_views_count":1606},"getting-started-with-eslint-plugin-express-security-2fb8","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-express-security-2fb8","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-with-eslint-plugin-express-security.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-with-eslint-plugin-express-security.png","2026-01-02T19:40:10Z","2026-02-08T19:22:43Z",[1619,1620,1621,1622],"eslint, express, security, node",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1780,"title":61,"description":1781,"readable_publish_date":1725,"slug":1782,"path":1783,"url":1784,"comments_count":1606,"public_reactions_count":1606,"collection_id":1785,"published_timestamp":1786,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1787,"social_image":1788,"canonical_url":1789,"created_at":1786,"edited_at":1790,"crossposted_at":1616,"published_at":1786,"last_comment_at":1786,"reading_time_minutes":287,"tag_list":1791,"tags":1793,"user":1794,"page_views_count":1606},3144090,"The engineering standard for modern NestJS applications. Detect injection points and architectural flaws automatically using static analysis.","getting-started-with-eslint-plugin-nestjs-security-32ic","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-nestjs-security-32ic","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-nestjs-security-32ic",35491,"2026-01-02T19:28:48Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnhu1ka6yvpqg0bpuypni.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnhu1ka6yvpqg0bpuypni.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-eslint-plugin-nestjs-security","2026-02-08T19:22:34Z",[1619,1792,1621,1622],"nestjs","eslint, nestjs, security, node",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1796,"title":89,"description":1797,"readable_publish_date":1725,"slug":1798,"path":1799,"url":1800,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":1801,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1802,"social_image":1803,"canonical_url":1804,"created_at":1801,"edited_at":1805,"crossposted_at":1616,"published_at":1801,"last_comment_at":1801,"reading_time_minutes":294,"tag_list":1806,"tags":1810,"user":1811,"page_views_count":1606},3144087,"Engineering safety into the serverless stack. Automated static analysis for AWS Lambda to prevent event injection and IAM misconfigurations.","getting-started-with-eslint-plugin-lambda-security-44h8","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-lambda-security-44h8","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-lambda-security-44h8","2026-01-02T19:26:45Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-with-eslint-plugin-lambda-security.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-with-eslint-plugin-lambda-security.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-with-eslint-plugin-lambda-security","2026-02-08T19:22:45Z",[1619,1807,1808,1809],"aws","lambda","serverless","eslint, aws, lambda, serverless",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1813,"title":53,"description":1814,"readable_publish_date":1725,"slug":1815,"path":1816,"url":1817,"comments_count":1606,"public_reactions_count":1606,"collection_id":1785,"published_timestamp":1818,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1819,"social_image":1820,"canonical_url":1821,"created_at":1822,"edited_at":1823,"crossposted_at":1616,"published_at":1818,"last_comment_at":1818,"reading_time_minutes":259,"tag_list":1824,"tags":1826,"user":1827,"page_views_count":1606},3143592,"Protect the frontend host. Use automated static analysis to detect localStorage leaks and XSS sinks in professional JS architectures.","getting-started-with-eslint-plugin-browser-security-3iop","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-browser-security-3iop","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-browser-security-3iop","2026-01-02T15:20:36Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-browser-security.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-browser-security.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-eslint-plugin-browser-security","2026-01-02T15:20:37Z","2026-02-08T19:22:31Z",[1619,248,1621,1825],"browser","eslint, javascript, security, browser",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1829,"title":57,"description":1830,"readable_publish_date":1725,"slug":1831,"path":1832,"url":1833,"comments_count":1606,"public_reactions_count":1606,"collection_id":1785,"published_timestamp":1834,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1835,"social_image":1836,"canonical_url":1837,"created_at":1834,"edited_at":1838,"crossposted_at":1616,"published_at":1834,"last_comment_at":1834,"reading_time_minutes":287,"tag_list":1839,"tags":1842,"user":1843,"page_views_count":1606},3143580,"Automated enforcement for bulletproof authentication. Use static analysis to detect algorithm confusion and weak secrets programmatically.","getting-started-with-eslint-plugin-jwt-4l4p","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-jwt-4l4p","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-jwt-4l4p","2026-01-02T15:17:19Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-jwt.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-jwt.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-eslint-plugin-jwt","2026-02-08T19:22:32Z",[1619,1840,1621,1841],"jwt","authentication","eslint, jwt, security, authentication",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1845,"title":65,"description":1846,"readable_publish_date":1725,"slug":1847,"path":1848,"url":1849,"comments_count":1606,"public_reactions_count":1606,"collection_id":1785,"published_timestamp":1850,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1851,"social_image":1852,"canonical_url":1853,"created_at":1850,"edited_at":1854,"crossposted_at":1616,"published_at":1850,"last_comment_at":1850,"reading_time_minutes":259,"tag_list":1855,"tags":1857,"user":1858,"page_views_count":1606},3143570,"The automated standard for Node.js core security. 31 engineering rules to detect weak crypto and system leaks in CI\u002FCD via static analysis.","getting-started-with-eslint-plugin-crypto-4a8g","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-crypto-4a8g","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-crypto-4a8g","2026-01-02T15:15:04Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-node-security.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-node-security.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-eslint-plugin-node-security","2026-02-08T19:22:36Z",[1619,1622,1621,1856],"cryptography","eslint, node, security, cryptography",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1860,"title":38,"description":1861,"readable_publish_date":1725,"slug":1862,"path":1863,"url":1864,"comments_count":224,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":1865,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1866,"social_image":1867,"canonical_url":1868,"created_at":1865,"edited_at":1869,"crossposted_at":1616,"published_at":1865,"last_comment_at":1870,"reading_time_minutes":294,"tag_list":1871,"tags":1872,"user":1873,"page_views_count":1606},3143536,"A data-driven report on optimizing static analysis at scale. How we engineered a 100x speedup in the industry's most used linter plugin.","eslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster-1afa","\u002Fofri-peretz\u002Feslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster-1afa","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Feslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster-1afa","2026-01-02T14:46:40Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Feslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Feslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Feslint-plugin-import-vs-eslint-plugin-import-next-up-to-100x-faster","2026-02-08T19:22:24Z","2026-02-11T18:59:25Z",[1619,248,1753,1677],"eslint, javascript, performance, benchmark",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1875,"title":85,"description":1876,"readable_publish_date":1725,"slug":1877,"path":1878,"url":1879,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":1880,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1881,"social_image":1882,"canonical_url":1883,"created_at":1880,"edited_at":1884,"crossposted_at":1616,"published_at":1880,"last_comment_at":1880,"reading_time_minutes":259,"tag_list":1885,"tags":1888,"user":1889,"page_views_count":1606},3143529,"Engineering for developer velocity. Use static analysis optimization to reduce CI\u002FCD times by up to 100x while maintaining code quality.","getting-started-with-eslint-plugin-import-next-51e6","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-import-next-51e6","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-import-next-51e6","2026-01-02T14:42:42Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-with-eslint-plugin-import-next.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-with-eslint-plugin-import-next.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-with-eslint-plugin-import-next","2026-02-08T19:22:44Z",[1619,248,1886,1887],"imports","tutorial","eslint, javascript, imports, tutorial",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1891,"title":77,"description":1892,"readable_publish_date":1893,"slug":1894,"path":1895,"url":1896,"comments_count":1606,"public_reactions_count":1606,"collection_id":1897,"published_timestamp":1898,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1899,"social_image":1900,"canonical_url":1901,"created_at":1898,"edited_at":1902,"crossposted_at":1616,"published_at":1898,"last_comment_at":1898,"reading_time_minutes":287,"tag_list":1903,"tags":1905,"user":1906,"page_views_count":1606},3139002,"The first static analysis standard for AI-native applications. Automate protection against prompt injection and unvalidated agent inputs.","Dec 31 '25","getting-started-with-eslint-plugin-vercel-ai-security-5e9g","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-vercel-ai-security-5e9g","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-vercel-ai-security-5e9g",35492,"2025-12-31T21:49:06Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frxxfvuudvh7r4bny4jxn.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frxxfvuudvh7r4bny4jxn.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-eslint-plugin-vercel-ai-security","2026-02-08T19:22:41Z",[1619,1642,1621,1904],"vercel","eslint, ai, security, vercel",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1908,"title":150,"description":1909,"readable_publish_date":1893,"slug":1910,"path":1911,"url":1912,"comments_count":1606,"public_reactions_count":1606,"collection_id":1729,"published_timestamp":1913,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1914,"social_image":1915,"canonical_url":1916,"created_at":1917,"edited_at":1918,"crossposted_at":1616,"published_at":1913,"last_comment_at":1913,"reading_time_minutes":287,"tag_list":1919,"tags":1921,"user":1922,"page_views_count":1606},3138993,"A technical post-mortem on transaction corruption in Node.js. Learn the static analysis standard for safe transaction management on pooled clients.","transaction-race-conditions-why-begin-on-pool-breaks-everything-117h","\u002Fofri-peretz\u002Ftransaction-race-conditions-why-begin-on-pool-breaks-everything-117h","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Ftransaction-race-conditions-why-begin-on-pool-breaks-everything-117h","2025-12-31T21:38:13Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Ftransaction-race-conditions-begin-on-pool.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Ftransaction-race-conditions-begin-on-pool.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Ftransaction-race-conditions-begin-on-pool","2025-12-31T21:38:08Z","2026-02-08T19:23:06Z",[1619,1737,1622,1920],"database","eslint, postgres, node, database",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1924,"title":34,"description":1925,"readable_publish_date":1893,"slug":1926,"path":1927,"url":1928,"comments_count":1606,"public_reactions_count":1606,"collection_id":1729,"published_timestamp":1929,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1930,"social_image":1931,"canonical_url":1932,"created_at":1929,"edited_at":1933,"crossposted_at":1616,"published_at":1929,"last_comment_at":1929,"reading_time_minutes":287,"tag_list":1934,"tags":1921,"user":1935,"page_views_count":1606},3138991,"A technical breakdown of a production outage caused by node-postgres leaks. Learn the static analysis standard we built to prevent it forever.","the-connection-leak-that-took-down-our-production-database-3bal","\u002Fofri-peretz\u002Fthe-connection-leak-that-took-down-our-production-database-3bal","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fthe-connection-leak-that-took-down-our-production-database-3bal","2025-12-31T21:35:53Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fdatabase-connection-leak-production-outage.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fdatabase-connection-leak-production-outage.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fdatabase-connection-leak-production-outage","2026-02-08T19:22:23Z",[1619,1737,1622,1920],{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1937,"title":73,"description":1938,"readable_publish_date":1893,"slug":1939,"path":1940,"url":1941,"comments_count":1606,"public_reactions_count":1606,"collection_id":1785,"published_timestamp":1942,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1943,"social_image":1944,"canonical_url":1945,"created_at":1942,"edited_at":1946,"crossposted_at":1616,"published_at":1942,"last_comment_at":1942,"reading_time_minutes":287,"tag_list":1947,"tags":1948,"user":1949,"page_views_count":1606},3138988,"The core engineering standard for secure software development. Map your entire fleet to OWASP Top 10 with 89 engineering-led static analysis rules.","getting-started-with-eslint-plugin-secure-coding-1eda","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-secure-coding-1eda","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-secure-coding-1eda","2025-12-31T21:31:41Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-secure-coding.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fgetting-started-eslint-plugin-secure-coding.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-eslint-plugin-secure-coding","2026-02-08T19:22:40Z",[1619,1621,248,1887],"eslint, security, javascript, tutorial",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1951,"title":69,"description":1952,"readable_publish_date":1893,"slug":1953,"path":1954,"url":1955,"comments_count":1606,"public_reactions_count":1606,"collection_id":1729,"published_timestamp":1956,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":1957,"social_image":1958,"canonical_url":1959,"created_at":1960,"edited_at":1961,"crossposted_at":1616,"published_at":1956,"last_comment_at":1956,"reading_time_minutes":287,"tag_list":1962,"tags":1921,"user":1963,"page_views_count":1606},3138840,"Eliminate the #1 database vulnerability. An automated static analysis protocol for preventing SQL injection and connection leaks in production.","getting-started-with-eslint-plugin-pg-43pj","\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-pg-43pj","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fgetting-started-with-eslint-plugin-pg-43pj","2025-12-31T18:45:40Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7xvyy2px23d7rolvt8kf.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7xvyy2px23d7rolvt8kf.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fgetting-started-eslint-plugin-pg","2025-12-31T18:45:10Z","2026-02-08T19:22:38Z",[1619,1737,1622,1920],{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1965,"title":101,"description":1966,"readable_publish_date":1893,"slug":1967,"path":1968,"url":1969,"comments_count":1606,"public_reactions_count":224,"collection_id":1616,"published_timestamp":1970,"language":1636,"subforem_id":224,"positive_reactions_count":224,"cover_image":1971,"social_image":1972,"canonical_url":1973,"created_at":1970,"edited_at":1974,"crossposted_at":1616,"published_at":1970,"last_comment_at":1970,"reading_time_minutes":688,"tag_list":1975,"tags":1978,"user":1979,"page_views_count":1606},3138808,"A comprehensive engineering standard for OWASP Top 10 compliance. Map your entire Node.js fleet to security standards using automated static analysis.","mapping-your-codebase-to-owasp-top-10-with-247-eslint-rules-25f0","\u002Fofri-peretz\u002Fmapping-your-codebase-to-owasp-top-10-with-247-eslint-rules-25f0","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fmapping-your-codebase-to-owasp-top-10-with-247-eslint-rules-25f0","2025-12-31T18:15:25Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fmapping-your-codebase-to-owasp-top-10-with-247-eslint-rules.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fmapping-your-codebase-to-owasp-top-10-with-247-eslint-rules.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fmapping-your-codebase-to-owasp-top-10-with-247-eslint-rules","2026-02-08T19:22:50Z",[1619,1621,1976,1977],"owasp","devsecops","eslint, security, owasp, devsecops",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1981,"title":131,"description":1982,"readable_publish_date":1893,"slug":1983,"path":1984,"url":1985,"comments_count":631,"public_reactions_count":1166,"collection_id":1616,"published_timestamp":1986,"language":1636,"subforem_id":224,"positive_reactions_count":1166,"cover_image":1987,"social_image":1988,"canonical_url":1989,"created_at":1990,"edited_at":1991,"crossposted_at":1616,"published_at":1986,"last_comment_at":1718,"reading_time_minutes":287,"tag_list":1992,"tags":1993,"user":1994,"page_views_count":1606},3137550,"A data-driven protocol for assessing a new codebase in under 30 minutes. Use automated static analysis to generate immediate risk heatmaps for CTOs and VPs.","the-30-minute-security-audit-onboarding-a-new-codebase-4f91","\u002Fofri-peretz\u002Fthe-30-minute-security-audit-onboarding-a-new-codebase-4f91","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fthe-30-minute-security-audit-onboarding-a-new-codebase-4f91","2025-12-31T06:31:46Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-30-minute-security-audit-onboarding-a-new-codebase.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-30-minute-security-audit-onboarding-a-new-codebase.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fthe-30-minute-security-audit-onboarding-a-new-codebase","2025-12-31T06:31:41Z","2026-02-08T19:23:00Z",[1619,1621,1622,1977],"eslint, security, node, devsecops",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":1996,"title":146,"description":1997,"readable_publish_date":1893,"slug":1998,"path":1999,"url":2000,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":2001,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2002,"social_image":2003,"canonical_url":2004,"created_at":2005,"edited_at":2006,"crossposted_at":1616,"published_at":2001,"last_comment_at":2001,"reading_time_minutes":294,"tag_list":2007,"tags":2009,"user":2010,"page_views_count":1606},3137519,"The definitive engineering blueprint for high-stakes JavaScript security. 15 core architectural concepts required for senior security engineering roles.","the-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn","\u002Fofri-peretz\u002Fthe-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fthe-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn","2025-12-31T06:10:16Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fthe-security-engineer-interview-cheat-sheet-for-javascript-developers-pgn","2025-12-31T06:10:01Z","2026-02-08T19:23:05Z",[1619,2008,1621,248],"career","eslint, career, security, javascript",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2012,"title":142,"description":2013,"readable_publish_date":1893,"slug":2014,"path":2015,"url":2016,"comments_count":1606,"public_reactions_count":224,"collection_id":1616,"published_timestamp":2017,"language":1636,"subforem_id":224,"positive_reactions_count":224,"cover_image":2018,"social_image":2019,"canonical_url":2020,"created_at":2021,"edited_at":2022,"crossposted_at":1616,"published_at":2017,"last_comment_at":2017,"reading_time_minutes":294,"tag_list":2023,"tags":2024,"user":2025,"page_views_count":1606},3137489,"A technical analysis of the most dangerous auth misconfiguration. How to engineering static analysis guards to eliminate 'none' exploits.","the-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g","\u002Fofri-peretz\u002Fthe-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fthe-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g","2025-12-31T05:53:24Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fthe-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fthe-jwt-algorithm-none-attack-the-vulnerability-in-1-line-of-code-d9g","2025-12-31T05:53:17Z","2026-02-08T19:23:04Z",[1619,1621,1840,1622],"eslint, security, jwt, node",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2027,"title":14,"description":2028,"readable_publish_date":1893,"slug":2029,"path":2030,"url":2031,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":2032,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2033,"social_image":2034,"canonical_url":2035,"created_at":2036,"edited_at":2037,"crossposted_at":1616,"published_at":2032,"last_comment_at":2032,"reading_time_minutes":287,"tag_list":2038,"tags":1905,"user":2039,"page_views_count":1606},3137481,"A strategic analysis of prompt injection in modern AI applications. How we built the static analysis standard to fix it with one line of code.","3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo","\u002Fofri-peretz\u002F3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002F3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo","2025-12-31T05:51:08Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2F3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2F3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002F3-lines-of-code-to-hack-your-vercel-ai-app-and-1-line-to-fix-it-jo","2025-12-31T05:48:57Z","2026-02-08T19:22:16Z",[1619,1642,1621,1904],{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2041,"title":127,"description":2042,"readable_publish_date":1893,"slug":2043,"path":2044,"url":2045,"comments_count":1606,"public_reactions_count":1606,"collection_id":1729,"published_timestamp":2046,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2047,"social_image":2048,"canonical_url":2049,"created_at":2050,"edited_at":2051,"crossposted_at":1616,"published_at":2046,"last_comment_at":2046,"reading_time_minutes":259,"tag_list":2052,"tags":2053,"user":2054,"page_views_count":1606},3137480,"Eliminate the #1 database vulnerability. An automated static analysis protocol for preventing SQL injection in high-scale Node.js environments.","sql-injection-in-node-postgres-the-pattern-everyone-gets-wrong-54mn","\u002Fofri-peretz\u002Fsql-injection-in-node-postgres-the-pattern-everyone-gets-wrong-54mn","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fsql-injection-in-node-postgres-the-pattern-everyone-gets-wrong-54mn","2025-12-31T05:50:50Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fsql-injection-node-postgres-pattern.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fsql-injection-node-postgres-pattern.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fsql-injection-node-postgres-pattern","2025-12-31T05:46:43Z","2026-02-08T19:22:59Z",[1619,1737,1622,1621],"eslint, postgres, node, security",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2056,"title":93,"description":2057,"readable_publish_date":1893,"slug":2058,"path":2059,"url":2060,"comments_count":1606,"public_reactions_count":1606,"collection_id":1897,"published_timestamp":2061,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2062,"social_image":2063,"canonical_url":2064,"created_at":2065,"edited_at":2066,"crossposted_at":1616,"published_at":2061,"last_comment_at":2061,"reading_time_minutes":259,"tag_list":2067,"tags":2069,"user":2070,"page_views_count":1606},3137474,"Hardcoded credentials are a governance failure. Learn the static analysis standard for detecting and auto-fixing secrets in AI-native codebases.","hardcoded-secrets-the-1-vulnerability-ai-agents-can-auto-fix-47cg","\u002Fofri-peretz\u002Fhardcoded-secrets-the-1-vulnerability-ai-agents-can-auto-fix-47cg","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fhardcoded-secrets-the-1-vulnerability-ai-agents-can-auto-fix-47cg","2025-12-31T05:39:36Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fhardcoded-secrets-ai-agents-autofix.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fhardcoded-secrets-ai-agents-autofix.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fhardcoded-secrets-ai-agents-autofix","2025-12-31T05:39:29Z","2026-02-08T19:22:47Z",[1619,248,1621,2068],"devops","eslint, javascript, security, devops",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2072,"title":162,"description":2073,"readable_publish_date":1893,"slug":2074,"path":2075,"url":2076,"comments_count":1606,"public_reactions_count":1606,"collection_id":2077,"published_timestamp":2078,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2079,"social_image":2080,"canonical_url":2081,"created_at":2082,"edited_at":2083,"crossposted_at":1616,"published_at":2078,"last_comment_at":2078,"reading_time_minutes":259,"tag_list":2084,"tags":2085,"user":2086,"page_views_count":1606},3137465,"A technical analysis of performance degradation in large-scale static analysis. The engineering journey from 45s to 0.4s linting times.","why-eslint-plugin-import-takes-45-seconds-and-how-we-fixed-it-2nmh","\u002Fofri-peretz\u002Fwhy-eslint-plugin-import-takes-45-seconds-and-how-we-fixed-it-2nmh","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fwhy-eslint-plugin-import-takes-45-seconds-and-how-we-fixed-it-2nmh",35493,"2025-12-31T05:34:31Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fwhy-eslint-plugin-import-slow-fix.png","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fwhy-eslint-plugin-import-slow-fix.png","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fwhy-eslint-plugin-import-slow-fix","2025-12-31T05:34:20Z","2026-02-08T19:23:08Z",[1619,248,1753,1256],"eslint, javascript, performance, typescript",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2088,"title":166,"description":2089,"readable_publish_date":2090,"slug":2091,"path":2092,"url":2093,"comments_count":1606,"public_reactions_count":1606,"collection_id":2094,"published_timestamp":2095,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2096,"social_image":2097,"canonical_url":2098,"created_at":2095,"edited_at":2099,"crossposted_at":1616,"published_at":2095,"last_comment_at":2095,"reading_time_minutes":631,"tag_list":2100,"tags":2102,"user":2103,"page_views_count":1606},3117602,"A head-to-head performance and detection benchmark. Measurable proof of how deep static analysis identifies vulnerabilities that incumbent tools miss.","Dec 20 '25","your-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof-2lpm","\u002Fofri-peretz\u002Fyour-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof-2lpm","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fyour-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof-2lpm",35568,"2025-12-20T16:25:32Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fyour-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof.jpg","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fyour-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof.jpg","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fyour-eslint-security-plugin-is-missing-80-of-vulnerabilities-i-have-proof","2026-02-08T19:23:10Z",[1619,1621,248,2101],"webdev","eslint, security, javascript, webdev",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2105,"title":120,"description":2106,"readable_publish_date":2090,"slug":2107,"path":2108,"url":2109,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":2110,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2111,"social_image":2112,"canonical_url":2113,"created_at":2110,"edited_at":2114,"crossposted_at":1616,"published_at":2110,"last_comment_at":2110,"reading_time_minutes":287,"tag_list":2115,"tags":1905,"user":2116,"page_views_count":1606},3116469,"The definitive engineering standard for AI-native security. Use automated static analysis to protect agents from LLM-specific vulnerabilities.","securing-ai-agents-in-the-vercel-ai-sdk-485n","\u002Fofri-peretz\u002Fsecuring-ai-agents-in-the-vercel-ai-sdk-485n","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fsecuring-ai-agents-in-the-vercel-ai-sdk-485n","2025-12-20T00:03:08Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fsecuring-ai-agents-in-the-vercel-ai-sdk.jpg","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fsecuring-ai-agents-in-the-vercel-ai-sdk.jpg","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fsecuring-ai-agents-in-the-vercel-ai-sdk","2026-02-08T19:22:56Z",[1619,1642,1621,1904],{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2118,"title":10,"description":2119,"readable_publish_date":2120,"slug":2121,"path":2122,"url":2123,"comments_count":1606,"public_reactions_count":1606,"collection_id":1616,"published_timestamp":2124,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2125,"social_image":2126,"canonical_url":2127,"created_at":2124,"edited_at":2128,"crossposted_at":1616,"published_at":2124,"last_comment_at":2124,"reading_time_minutes":294,"tag_list":2129,"tags":2130,"user":2131,"page_views_count":1606},3114794,"A complete mapping of OWASP LLM Top 10 to static analysis rules. The engineering standard for governance in the Vercel AI ecosystem.","Dec 19 '25","100-owasp-llm-top-10-coverage-for-vercel-ai-sdk-1bom","\u002Fofri-peretz\u002F100-owasp-llm-top-10-coverage-for-vercel-ai-sdk-1bom","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002F100-owasp-llm-top-10-coverage-for-vercel-ai-sdk-1bom","2025-12-19T06:00:22Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2F100-owasp-llm-top-10-coverage-for-vercel-ai-sdk.jpg","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2F100-owasp-llm-top-10-coverage-for-vercel-ai-sdk.jpg","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002F100-owasp-llm-top-10-coverage-for-vercel-ai-sdk","2026-02-08T19:22:15Z",[1619,1642,1621,1976],"eslint, ai, security, owasp",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},{"type_of":1627,"id":2133,"title":154,"description":2134,"readable_publish_date":2120,"slug":2135,"path":2136,"url":2137,"comments_count":1606,"public_reactions_count":1606,"collection_id":1897,"published_timestamp":2138,"language":1636,"subforem_id":224,"positive_reactions_count":1606,"cover_image":2139,"social_image":2140,"canonical_url":2141,"created_at":2142,"edited_at":2143,"crossposted_at":1616,"published_at":2138,"last_comment_at":2138,"reading_time_minutes":259,"tag_list":2144,"tags":2145,"user":2146,"page_views_count":1606},3114770,"Automate the detection and prevention of prompt injection in AI-native SDKs. A measurable protocol for sustaining AI security at scale.","your-vercel-ai-sdk-app-has-a-prompt-injection-vulnerability-4g7p","\u002Fofri-peretz\u002Fyour-vercel-ai-sdk-app-has-a-prompt-injection-vulnerability-4g7p","https:\u002F\u002Fdev.to\u002Fofri-peretz\u002Fyour-vercel-ai-sdk-app-has-a-prompt-injection-vulnerability-4g7p","2025-12-19T05:49:06Z","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=420,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fvercel-ai-sdk-prompt-injection-vulnerability.jpg","https:\u002F\u002Fmedia2.dev.to\u002Fdynamic\u002Fimage\u002Fwidth=1000,height=500,fit=cover,gravity=auto,format=auto\u002Fhttps%3A%2F%2Fofriperetz.dev%2Fcdn%2Fblog-cover-image%2Fvercel-ai-sdk-prompt-injection-vulnerability.jpg","https:\u002F\u002Fofriperetz.dev\u002Farticles\u002Fvercel-ai-sdk-prompt-injection-vulnerability","2025-12-19T05:47:15Z","2026-02-08T19:23:07Z",[1619,1904,1642,1621],"eslint, vercel, ai, security",{"name":173,"username":174,"twitter_username":176,"github_username":174,"user_id":1647,"website_url":1648,"profile_image":175,"profile_image_90":1649},"public-api",1778127489346]