Another common use case for continuous integration is static security checks. These are checks that can be run on your code to find potential security vulnerabilities.
There are many products out there that do this sort of thing. Because we are already using ESLint for linting, we are going to use the eslint-plugin-security to make things easy.
npm install -D eslint-plugin-security @types/eslint-plugin-security
Once that's installed, import the eslint-plugin-security package in your eslint.config.js file. And then add the recommended config, it should look something like this:
import js from "@eslint/js";
import globals from "globals";
import tseslint from "typescript-eslint";
import { defineConfig } from "eslint/config";
import pluginSecurity from "eslint-plugin-security";
export default defineConfig([
{
files: ["**/*.{js,mjs,cjs,ts,mts,cts}"],
plugins: { js },
extends: ["js/recommended"],
},
{
files: ["**/*.{js,mjs,cjs,ts,mts,cts}"],
languageOptions: { globals: globals.node },
},
tseslint.configs.recommended,
pluginSecurity.configs.recommended,
]);
The beauty of using the eslint security plugin is that we can just run npm run lint to check for linting errors and insecure code at the same time! Go ahead and run npm run lint at the root of the project.
You should see a few warnings! That's okay. Don't fix them yet.
Run and submit the CLI tests from the root of your repo.