ESLint Interlace

ESLint Interlace

Guide

Getting Started Examples & Showcases Benchmarks Test Coverage Technical Articles

Advanced Topics

ESLint Plugins (Security)

no-bypass-middleware no-debug-mode-production no-hardcoded-connection-string no-hardcoded-credentials no-operator-injection no-select-sensitive-fields no-unbounded-find no-unsafe-populate no-unsafe-query no-unsafe-regex-query no-unsafe-where require-auth-mechanism require-lean-queries require-projection require-schema-validation require-tls-connection

ESLint Plugins (Frameworks)

ESLint Plugins (Architecture)

MongoDB

Home
MongoDB

Rules

All MongoDB rules for NoSQL injection prevention

mongodb-security Rules

Browse all 16 rules for NoSQL injection prevention.

See the sidebar for the complete list of rules.

Known False Negatives

This rule uses pattern-based detection. The following may not be caught:

Dynamic patterns - Runtime-generated code or values
Indirect references - Values passed through multiple variables or functions
External data - Data from APIs, databases, or user input

Overview

MongoDB and Mongoose security rules for NoSQL injection prevention

no-bypass-middleware

Detects Mongoose operations that bypass middleware hooks (pre/post hooks).

On this page

mongodb-security Rules Known False Negatives