close
Skip to content

Latest commit

 

History

History

README.md

ESLint Interlace Logo

Security rules for Vercel AI SDK usage (prompt injection, data handling).

NPM Version NPM Downloads Package License Codecov Since Dec 2025

⭐ If this plugin caught a real bug for you, star the repo — it's the signal that keeps these rules maintained.

Description

This plugin provides Security rules for Vercel AI SDK usage (prompt injection, data handling).

Philosophy

Interlace fosters strength through integration. Instead of stacking isolated rules, we interlace security directly into your workflow to create a resilient fabric of code. We believe tools should guide rather than gatekeep, providing educational feedback that strengthens the developer with every interaction.

Getting Started

npm install eslint-plugin-vercel-ai-security --save-dev

⚙️ Configuration Presets

Preset Description
recommended Balanced security (7 errors, 7 warnings)
strict Maximum security (17 errors, 2 warnings)
minimal Minimal config

📚 Supported Libraries

Library npm Downloads Detection
ai (Vercel AI SDK) npm downloads Prompt Injection, Data Leakage

🤖 AI-Agent Optimized Messages

All rule messages follow a structured format optimized for AI coding assistants:

🔒 CWE-74 OWASP:A03-Injection CVSS:9 | Unsafe Prompt | CRITICAL [SOC2,GDPR]
   Fix: Validate input before use | https://owasp.org/...

By providing this structured context (CWE, OWASP, Fix), we enable AI tools to reason about the security flaw rather than hallucinating. This allows Copilot/Cursor to suggest the exact correct fix immediately.

🔧 Supported AI SDK Functions

Function Full Coverage
generateText ✅ All 19 rules
streamText ✅ All 19 rules + abort signal
generateObject ✅ All 19 rules
streamObject ✅ All 19 rules + abort signal
tool() helper ✅ Schema validation
embed() / embeddings ✅ Embedding validation

📊 Test Coverage

Metric Coverage
Rules 19
Tests 200
Lines 98%+
Functions 100%

🙋 FAQ

What's the difference between this and generic AI security linters?

Generic linters guess at patterns. This plugin knows the exact Vercel AI SDK API.

Does this work with ESLint 9 Flat Config?

Yes! Designed specifically for ESLint Flat Config — works on ESLint 8 (with flat config), 9, and 10. See the ESLint Version Support Policy for the full matrix.

How do I suppress a rule for a specific line?

// eslint-disable-next-line vercel-ai-security/require-validated-prompt
await generateText({ prompt: internalPrompt });

Why is ASI06 (Memory Corruption) not covered?

TypeScript/JavaScript are memory-safe languages. Memory corruption vulnerabilities (buffer overflows, use-after-free, etc.) are not possible in these environments.

📦 Compatibility

Package Version
ai (Vercel AI SDK) npm
ESLint npm
Node.js node

See the ESLint Version Support Policy for the full matrix.

Rules

Legend

Icon Description
💼 Recommended: Included in the recommended preset.
⚠️ Warns: Set to warn in recommended preset.
🔧 Auto-fixable: Automatically fixable by the --fix CLI option.
💡 Suggestions: Providing code suggestions in IDE.
🚫 Deprecated: This rule is deprecated.
🟢 Type-unaware: AST-only, runs in oxlint JS-plugin tier.
🟡 Type-aware (refining): pure-AST primary path; types refine precision.
🟠 Type-aware (graceful): requires TS program; silent without it.
Rule CWE OWASP CVSS Description 🧠 💼 ⚠️ 🔧 💡 🚫
no-dynamic-system-prompt CWE-74 This rule identifies code patterns where system prompts contain dynamic or user-controlled content 🟢
no-hardcoded-api-keys CWE-798 This rule identifies hardcoded API keys, tokens, and secrets in your codebase that are used with AI SDK pro… 🟢
no-sensitive-in-prompt CWE-200 This rule identifies code patterns where sensitive data like passwords, API keys, tokens, or personally ide… 🟢
no-system-prompt-leak CWE-200 This rule identifies code patterns where system prompts or AI instructions are returned in API responses, l… 🟢
no-training-data-exposure CWE-359 This rule identifies code patterns where user data might be sent to LLM training endpoints or when training… 🟢
no-unsafe-output-handling CWE-94 This rule identifies code patterns where AI-generated output is passed directly to dangerous functions that… 🟢
require-abort-signal CWE-404 This rule identifies streaming AI SDK calls (streamText, streamObject) that don't include an AbortSignal fo… 🟢
require-audit-logging CWE-778 This rule identifies AI SDK calls that aren't preceded by logging statements 🟢
require-embedding-validation CWE-20 This rule identifies code patterns where embeddings are stored in vector databases without validation. 🟢
require-error-handling CWE-755 This rule identifies AI SDK calls that aren't wrapped in try-catch blocks 🟢
require-max-steps CWE-834 This rule identifies AI SDK calls that use tools but don't specify a maxSteps limit 🟢
require-max-tokens CWE-770 This rule identifies AI SDK calls that don't specify a maxTokens limit 🟢
require-output-filtering CWE-200 This rule identifies tool execute functions that return raw data from data sources (databases, APIs, file s… 🟢
require-output-validation CWE-707 This rule identifies code patterns where AI-generated output is displayed to users without validation or fa… 🟢
require-rag-content-validation CWE-74 This rule identifies code patterns where content retrieved from vector stores or document retrieval systems… 🟢
require-request-timeout CWE-400 This rule identifies AI SDK calls that don't have timeout or abort signal configuration. 🟢
require-tool-confirmation CWE-862 This rule identifies destructive tools (delete, transfer, execute, etc.) that don't require human confirmat… 🟢
require-tool-schema CWE-20 Get weather 🟢
require-validated-prompt CWE-74 This rule identifies code patterns where user-controlled input is passed directly to AI prompts without val… 🟢

🔗 Related ESLint Plugins

Part of the Interlace ESLint Ecosystem — AI-native security plugins with LLM-optimized error messages:

Plugin Downloads Description
eslint-plugin-secure-coding downloads General security rules & OWASP guidelines.
eslint-plugin-pg downloads PostgreSQL security & best practices.
eslint-plugin-node-security downloads Node.js core-module security (fs, child_process, vm, crypto, Buffer).
eslint-plugin-jwt downloads JWT security & best practices.
eslint-plugin-browser-security downloads Browser-specific security & XSS prevention.
eslint-plugin-express-security downloads Express.js security hardening rules.
eslint-plugin-lambda-security downloads AWS Lambda security best practices.
eslint-plugin-nestjs-security downloads NestJS security rules & patterns.
eslint-plugin-mongodb-security downloads MongoDB security best practices.
eslint-plugin-vercel-ai-security downloads Vercel AI SDK security hardening.
eslint-plugin-import-next downloads Next-gen import sorting & architecture.

⭐ Support & follow

If this plugin caught a real bug for you, star the repo — stars are the signal that keeps the Interlace ESLint ecosystem maintained — and follow the writeups on Dev.to for the benchmarks and security research behind these rules.

GitHub stars

📄 License

MIT © Ofri Peretz

ESLint Interlace Plugin