⭐ Recommended

Use as the default baseline for most projects.

Config key

sdl.configs.recommended;

Flat Config example

import sdl from "eslint-plugin-sdl-2";

export default [...sdl.configs.recommended];

This preset includes all rules from required plus TypeScript parser setup.

Rules in this preset

• Fix legend:
  • 🔧 = autofixable
  • 💡 = suggestions available
  • — = report only

Rule	Fix
no-angular-bypass-sanitizer	—
no-angular-bypass-security-trust-html	—
no-angular-innerhtml-binding	—
no-angular-sanitization-trusted-urls	—
no-angularjs-bypass-sce	—
no-angularjs-enable-svg	—
no-angularjs-ng-bind-html-without-sanitize	—
no-angularjs-sanitization-whitelist	—
no-angularjs-sce-resource-url-wildcard	—
no-child-process-exec	—
no-child-process-shell-true	—
no-cookies	—
no-document-domain	—
no-document-execcommand-insert-html	—
no-document-parse-html-unsafe	—
no-document-write	—
no-domparser-html-without-sanitization	—
no-domparser-svg-without-sanitization	—
no-dynamic-import-unsafe-url	—
no-electron-allow-running-insecure-content	🔧
no-electron-dangerous-blink-features	—
no-electron-disable-context-isolation	🔧
no-electron-disable-sandbox	🔧
no-electron-disable-web-security	🔧
no-electron-enable-remote-module	🔧
no-electron-enable-webview-tag	🔧
no-electron-experimental-features	🔧
no-electron-expose-raw-ipc-renderer	—
no-electron-insecure-certificate-error-handler	—
no-electron-insecure-certificate-verify-proc	—
no-electron-insecure-permission-request-handler	—
no-electron-node-integration	🔧
no-electron-permission-check-handler-allow-all	—
no-electron-unchecked-ipc-sender	—
no-electron-unrestricted-navigation	—
no-electron-untrusted-open-external	—
no-electron-webview-allowpopups	🔧
no-electron-webview-insecure-webpreferences	—
no-electron-webview-node-integration	🔧
no-html-method	—
no-http-request-to-insecure-protocol	🔧
no-iframe-srcdoc	—
no-inner-html	—
no-insecure-random	—
no-insecure-tls-agent-options	🔧
no-insecure-url	🔧
no-location-javascript-url	—
no-message-event-without-origin-check	—
no-msapp-exec-unsafe	—
no-node-tls-check-server-identity-bypass	—
no-node-tls-legacy-protocol	—
no-node-tls-reject-unauthorized-zero	💡
no-node-tls-security-level-zero	—
no-node-vm-run-in-context	—
no-node-vm-source-text-module	—
no-node-worker-threads-eval	—
no-nonnull-assertion-on-security-input	—
no-postmessage-star-origin	💡
no-postmessage-without-origin-allowlist	—
no-range-create-contextual-fragment	—
no-script-src-data-url	—
no-script-text	—
no-service-worker-unsafe-script-url	—
no-set-html-unsafe	—
no-trusted-types-policy-pass-through	—
no-unsafe-alloc	🔧
no-unsafe-cast-to-trusted-types	—
no-window-open-without-noopener	—
no-winjs-html-unsafe	—
no-worker-blob-url	—
no-worker-data-url	—