no-unsafe-alloc
Disallow unsafe uninitialized buffer allocation APIs in Node.js.
Targeted pattern scopeโ
This rule targets:
Buffer.allocUnsafe(...)Buffer.allocUnsafeSlow(...).
What this rule reportsโ
This rule reports calls to unsafe buffer constructors that may expose stale memory data.
Why this rule existsโ
Unsafe buffer allocation can leak sensitive process memory contents if buffers are consumed before full initialization.
โ Incorrectโ
const payload = Buffer.allocUnsafe(64);
โ Correctโ
const payload = Buffer.alloc(64);
ESLint flat config exampleโ
import sdl from "eslint-plugin-sdl-2";
export default [
{
plugins: { sdl },
rules: {
"sdl/no-unsafe-alloc": "error",
},
},
];
When not to use itโ
Disable only for profiled performance hotspots that guarantee complete buffer initialization before use.
Package documentationโ
Further readingโ
Rule catalog ID: R025