eslint-plugin-prototype-pollution-security-rules/lib/rules/detect-merge.js

Detect the use of vulnerable features within some libraries from https://github.com/HoLyVieR/prototype-pollution-nsec18/ that are not yet fixed

/**
 * @fileoverview Rule to detect use of merge.recusive
 * @author Lewis Ardern
*/


"use strict";

module.exports = {
  create: function (context) {
    return {
      MemberExpression: function (node) {
        if (node.object.name === 'merge' && node.property.name === 'recursive') {
          context.report(node, "Use of merge.recursive() can lead to Denial-of-Service, For-loop pollution, or Property Injection");
        };
      }
    };
  }
};