Is there a way to ignore test files for eslint-plugin-security?

Question

With a node.js project, I've added eslint-plugin-security and it is giving a lot of warnings for code in my test/spec files (using mochajs). Since the test code won't be running in production, these don't seem as useful as they do in the project's actual code. (A lot of Generic Object Injection Sink warnings )

Is there a way to have the security plugin ignore certain files other than putting /* eslint-disable */ at the top of every spec file?

Answer 1

There is three way to ignore files or folders:

1. Creating a .eslintignore on your project root folder with the thing you want to ignore:

**/*.js

2. Using eslint cli & the --ignore-path to specify another file where your ignore rules will be located

eslint --ignore-path .jshintignore file.js

3. Using your package.json

{
  "name": "mypackage",
  "version": "0.0.1",
  "eslintConfig": {
      "env": {
          "browser": true,
          "node": true
      }
  },
  "eslintIgnore": ["*.spec.ts", "world.js"]
}

Official Documentation

On my side, I had issue with Intellij IDEA where eslint was checking files in a folder only dedicated to Typescript (+tslint) which was a pain, so I've picked solution 3.

Answer 2

The best way I found to deal with this case is based on this answer. You can override parts of your eslint file in a subfolder. In my case I'm disabling problematic rules from a jest plugin inside my e2e tests folder. Example .eslintrc.js in /e2e-tests/ :

module.exports = {
  overrides: [
    {
      files: ["*.spec.js"],

      rules: {
        "jest/valid-expect": 0
      }
    }
  ]
};