Import NextRules
no-extraneous-dependencies
Forbid the use of extraneous packages not listed in package.json
š¼ This rule is enabled in the following configs: recommended, typescript.
š” This rule is automatically fixable by the --fix CLI option.
Forbid the use of extraneous packages not listed in package.json
Rule Details
This rule aims to prevent issues related to extraneous-dependencies.
Options
[
{
"type": "object",
"properties": {
"devDependencies": {
"type": "boolean",
"default": true,
"description": "Allow imports from devDependencies."
},
"optionalDependencies": {
"type": "boolean",
"default": true,
"description": "Allow imports from optionalDependencies."
},
"peerDependencies": {
"type": "boolean",
"default": true,
"description": "Allow imports from peerDependencies."
},
"bundledDependencies": {
"type": "boolean",
"default": true,
"description": "Allow imports from bundledDependencies."
},
"packageJsonPath": {
"type": "string",
"description": "Path to package.json file to use."
},
"packageJson": {
"type": "object",
"description": "Direct package.json content for testing."
},
"resolutionStrategy": {
"type": "string",
"enum": [
"strict",
"workspace",
"monorepo"
],
"default": "strict",
"description": "Dependency resolution strategy: strict (exact match), workspace (allow workspace packages), monorepo (cross-package resolution)."
},
"allowPatterns": {
"type": "array",
"items": {
"type": "string"
},
"description": "Regex patterns for packages to allow even if not in package.json."
},
"ignore": {
"type": "array",
"items": {
"type": "string"
},
"description": "Specific package names to ignore (don't report as missing)."
}
},
"additionalProperties": false
}
]Implementation
OWASP Foundation
- Category: A00:2021 - General Security