Interlace ESLint
ESLint Interlace
Cryptography

Overview

Cryptographic security rules for Node.js crypto and Web Crypto API

eslint-plugin-crypto

npm version npm downloads License: MIT codecov

24 specialized rules — LLM-optimized error messages with CWE, OWASP, and CVSS metadata.

When to Use

This plugin is designed for any JavaScript/TypeScript application using cryptographic operations:

EnvironmentExamples
Node.js BackendExpress, Fastify, NestJS, Koa
Browser ApplicationsWeb Crypto API usage
ServerlessAWS Lambda, Vercel Functions, Cloudflare Workers
CLI ToolsNode.js scripts, build tools

Target Vulnerabilities

CategoryThreats
Weak AlgorithmsMD5, SHA1, DES, RC4
Insecure Key ManagementHardcoded keys, weak key lengths
IV/Nonce MisuseStatic IVs, predictable salts
Mode of OperationECB mode, unauthenticated encryption

Covers both Node.js and browser — Works with crypto, node:crypto, and Web Crypto API patterns.

Getting Started

1. Install

npm install --save-dev eslint-plugin-crypto

2. Configure

import crypto from 'eslint-plugin-crypto';

export default [crypto.configs.recommended];

3. Run

npx eslint .

Available Presets

PresetDescription
recommendedBalanced security for most projects
strictMaximum enforcement (all rules as errors)

Rules

Browse all rules with CWE and OWASP references:

Loading rules...

Initializing articles...

Changelog

Release history for eslint-plugin-jwt

Rules

All cryptography rules for secure encryption and hashing

On this page

eslint-plugin-cryptoWhen to UseTarget VulnerabilitiesGetting Started1. Install2. Configure3. RunAvailable PresetsRulesRelated Articles