Interlace ESLint
ESLint Interlace
Secure CodingRules

require-secure-credential-storage

This rule security rule for mobile applications.

Security rule for mobile applications

Rule Details

This rule security rule for mobile applications.

OWASP Mobile Top 10: Mobile
CWE: CWE-522
Severity: error

Examples

❌ Incorrect

// Insecure pattern

✅ Correct

// Secure pattern

When Not To Use It

This rule should be enabled for all mobile and web applications to ensure security best practices.

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Prompt from Variable

Why: Prompt content from variables not traced.

// ❌ NOT DETECTED - Prompt from variable
const prompt = buildPrompt(userInput);
await generateText({ prompt });

Mitigation: Validate all prompt components.

Nested Context

Why: Deep nesting obscures injection.

// ❌ NOT DETECTED - Nested
const messages = [{ role: 'user', content: userInput }];
await chat({ messages });

Mitigation: Validate at all levels.

Custom AI Wrappers

Why: Custom AI clients not recognized.

// ❌ NOT DETECTED - Custom wrapper
myAI.complete(userPrompt);

Mitigation: Apply rule to wrapper implementations.

Further Reading

  • See other mobile security rules in this plugin

Category: Mobile Security
Type: Problem
Recommended: Yes

require-prompt-template-parameterization

Enforce structured prompt templates instead of string interpolation for LLM APIs.

require-secure-defaults

This rule security rule for mobile applications.

On this page

Rule DetailsExamples❌ Incorrect✅ CorrectWhen Not To Use ItKnown False NegativesPrompt from VariableNested ContextCustom AI WrappersFurther ReadingRelated Rules